59a13e7741b484acb88b61b982e8d064b96bc16eb8a5dc586e0541ef30bd4c1a

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06-03-2024 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WanaCry.bat
Size

1KB
MD5

7ee25f21592d32a1e01e960eff61918a
SHA1

880a9e1baad8a7f2ccf1b446cb798840d5b45c9e
SHA256

59a13e7741b484acb88b61b982e8d064b96bc16eb8a5dc586e0541ef30bd4c1a
SHA512

ec2158a34c6959c7f922fd845ca6c20fca9e0dff9c74a7bb3af01e658f87f3f8f43f44b852135fa423276e5b6a9451c8e95cbb7b4649f8da074f61170b78e076

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
1300	timeout.exe
900	timeout.exe
1004	timeout.exe
2660	timeout.exe
1588	timeout.exe
2312	timeout.exe
2516	timeout.exe
2464	timeout.exe
2456	timeout.exe
1252	timeout.exe
720	timeout.exe
1716	timeout.exe
1224	timeout.exe
2124	timeout.exe
608	timeout.exe
1764	timeout.exe
1232	timeout.exe
1004	timeout.exe
592	timeout.exe
1252	timeout.exe
1164	timeout.exe
2960	timeout.exe
720	timeout.exe
1772	timeout.exe
1936	timeout.exe
1052	timeout.exe
1320	timeout.exe
1644	timeout.exe
1696	timeout.exe
2276	timeout.exe
2224	timeout.exe
1644	timeout.exe
1552	timeout.exe
2372	timeout.exe
2212	timeout.exe
1332	timeout.exe
2904	timeout.exe
1984	timeout.exe
876	timeout.exe
2404	timeout.exe
1448	timeout.exe
2536	timeout.exe
2460	timeout.exe
1764	timeout.exe
2532	timeout.exe
2608	timeout.exe
2676	timeout.exe
2284	timeout.exe
3008	timeout.exe
996	timeout.exe
1740	timeout.exe
3060	timeout.exe
1788	timeout.exe
2824	timeout.exe
2032	timeout.exe
2252	timeout.exe
2456	timeout.exe
628	timeout.exe
2944	timeout.exe
1780	timeout.exe
2120	timeout.exe
1292	timeout.exe
1488	timeout.exe
2108	timeout.exe

Enumerates processes with tasklist 1 TTPs 64 IoCs

Process Discovery

T1057

pid	Process
1620	tasklist.exe
2216	tasklist.exe
2088	tasklist.exe
2328	tasklist.exe
2680	tasklist.exe
112	tasklist.exe
2668	tasklist.exe
948	tasklist.exe
1672	tasklist.exe
2716	tasklist.exe
2420	tasklist.exe
1164	tasklist.exe
1652	tasklist.exe
856	tasklist.exe
1964	tasklist.exe
1252	tasklist.exe
2768	tasklist.exe
1120	tasklist.exe
2104	tasklist.exe
1928	tasklist.exe
828	tasklist.exe
1708	tasklist.exe
3040	tasklist.exe
2528	tasklist.exe
2060	tasklist.exe
2352	tasklist.exe
2196	tasklist.exe
604	tasklist.exe
2304	tasklist.exe
1800	tasklist.exe
2072	tasklist.exe
1640	tasklist.exe
1324	tasklist.exe
2808	tasklist.exe
2756	tasklist.exe
2920	tasklist.exe
276	tasklist.exe
1692	tasklist.exe
2992	tasklist.exe
3048	tasklist.exe
2052	tasklist.exe
1536	tasklist.exe
2276	tasklist.exe
2280	tasklist.exe
2012	tasklist.exe
2244	tasklist.exe
2252	tasklist.exe
1492	tasklist.exe
3016	tasklist.exe
896	tasklist.exe
1056	tasklist.exe
2792	tasklist.exe
1768	tasklist.exe
1068	tasklist.exe
2192	tasklist.exe
2596	tasklist.exe
3060	tasklist.exe
2404	tasklist.exe
1992	tasklist.exe
2684	tasklist.exe
2336	tasklist.exe
2516	tasklist.exe
1344	tasklist.exe
1804	tasklist.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2732	tasklist.exe
Token: SeDebugPrivilege	2580	tasklist.exe
Token: SeDebugPrivilege	2440	tasklist.exe
Token: SeDebugPrivilege	2356	tasklist.exe
Token: SeDebugPrivilege	2920	tasklist.exe
Token: SeDebugPrivilege	2768	tasklist.exe
Token: SeDebugPrivilege	2876	tasklist.exe
Token: SeDebugPrivilege	276	tasklist.exe
Token: SeDebugPrivilege	1800	tasklist.exe
Token: SeDebugPrivilege	1640	tasklist.exe
Token: SeDebugPrivilege	1768	tasklist.exe
Token: SeDebugPrivilege	2724	tasklist.exe
Token: SeDebugPrivilege	1256	tasklist.exe
Token: SeDebugPrivilege	1272	tasklist.exe
Token: SeDebugPrivilege	1292	tasklist.exe
Token: SeDebugPrivilege	2284	tasklist.exe
Token: SeDebugPrivilege	2840	tasklist.exe
Token: SeDebugPrivilege	720	tasklist.exe
Token: SeDebugPrivilege	1004	tasklist.exe
Token: SeDebugPrivilege	1488	tasklist.exe
Token: SeDebugPrivilege	1160	tasklist.exe
Token: SeDebugPrivilege	1120	tasklist.exe
Token: SeDebugPrivilege	1056	tasklist.exe
Token: SeDebugPrivilege	1880	tasklist.exe
Token: SeDebugPrivilege	1344	tasklist.exe
Token: SeDebugPrivilege	1232	tasklist.exe
Token: SeDebugPrivilege	2108	tasklist.exe
Token: SeDebugPrivilege	2276	tasklist.exe
Token: SeDebugPrivilege	2248	tasklist.exe
Token: SeDebugPrivilege	356	tasklist.exe
Token: SeDebugPrivilege	1620	tasklist.exe
Token: SeDebugPrivilege	1708	tasklist.exe
Token: SeDebugPrivilege	2052	tasklist.exe
Token: SeDebugPrivilege	2824	tasklist.exe
Token: SeDebugPrivilege	2984	tasklist.exe
Token: SeDebugPrivilege	764	tasklist.exe
Token: SeDebugPrivilege	2612	tasklist.exe
Token: SeDebugPrivilege	2488	tasklist.exe
Token: SeDebugPrivilege	2352	tasklist.exe
Token: SeDebugPrivilege	1952	tasklist.exe
Token: SeDebugPrivilege	2772	tasklist.exe
Token: SeDebugPrivilege	3040	tasklist.exe
Token: SeDebugPrivilege	2252	tasklist.exe
Token: SeDebugPrivilege	2360	tasklist.exe
Token: SeDebugPrivilege	2420	tasklist.exe
Token: SeDebugPrivilege	472	tasklist.exe
Token: SeDebugPrivilege	1200	tasklist.exe
Token: SeDebugPrivilege	2244	tasklist.exe
Token: SeDebugPrivilege	2280	tasklist.exe
Token: SeDebugPrivilege	2068	tasklist.exe
Token: SeDebugPrivilege	1740	tasklist.exe
Token: SeDebugPrivilege	788	tasklist.exe
Token: SeDebugPrivilege	1492	tasklist.exe
Token: SeDebugPrivilege	3060	tasklist.exe
Token: SeDebugPrivilege	1164	tasklist.exe
Token: SeDebugPrivilege	2012	tasklist.exe
Token: SeDebugPrivilege	1324	tasklist.exe
Token: SeDebugPrivilege	1880	tasklist.exe
Token: SeDebugPrivilege	1804	tasklist.exe
Token: SeDebugPrivilege	112	tasklist.exe
Token: SeDebugPrivilege	2528	tasklist.exe
Token: SeDebugPrivilege	2072	tasklist.exe
Token: SeDebugPrivilege	3048	tasklist.exe
Token: SeDebugPrivilege	3016	tasklist.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2944	2868	cmd.exe	29
PID 2868 wrote to memory of 2944	2868	cmd.exe	29
PID 2868 wrote to memory of 2944	2868	cmd.exe	29
PID 2868 wrote to memory of 1708	2868	cmd.exe	30
PID 2868 wrote to memory of 1708	2868	cmd.exe	30
PID 2868 wrote to memory of 1708	2868	cmd.exe	30
PID 2868 wrote to memory of 2808	2868	cmd.exe	31
PID 2868 wrote to memory of 2808	2868	cmd.exe	31
PID 2868 wrote to memory of 2808	2868	cmd.exe	31
PID 2868 wrote to memory of 1984	2868	cmd.exe	32
PID 2868 wrote to memory of 1984	2868	cmd.exe	32
PID 2868 wrote to memory of 1984	2868	cmd.exe	32
PID 2868 wrote to memory of 2120	2868	cmd.exe	33
PID 2868 wrote to memory of 2120	2868	cmd.exe	33
PID 2868 wrote to memory of 2120	2868	cmd.exe	33
PID 2868 wrote to memory of 2548	2868	cmd.exe	34
PID 2868 wrote to memory of 2548	2868	cmd.exe	34
PID 2868 wrote to memory of 2548	2868	cmd.exe	34
PID 2868 wrote to memory of 2588	2868	cmd.exe	35
PID 2868 wrote to memory of 2588	2868	cmd.exe	35
PID 2868 wrote to memory of 2588	2868	cmd.exe	35
PID 2868 wrote to memory of 2652	2868	cmd.exe	36
PID 2868 wrote to memory of 2652	2868	cmd.exe	36
PID 2868 wrote to memory of 2652	2868	cmd.exe	36
PID 2868 wrote to memory of 2664	2868	cmd.exe	37
PID 2868 wrote to memory of 2664	2868	cmd.exe	37
PID 2868 wrote to memory of 2664	2868	cmd.exe	37
PID 2868 wrote to memory of 2736	2868	cmd.exe	38
PID 2868 wrote to memory of 2736	2868	cmd.exe	38
PID 2868 wrote to memory of 2736	2868	cmd.exe	38
PID 2868 wrote to memory of 2648	2868	cmd.exe	39
PID 2868 wrote to memory of 2648	2868	cmd.exe	39
PID 2868 wrote to memory of 2648	2868	cmd.exe	39
PID 2868 wrote to memory of 2600	2868	cmd.exe	40
PID 2868 wrote to memory of 2600	2868	cmd.exe	40
PID 2868 wrote to memory of 2600	2868	cmd.exe	40
PID 2868 wrote to memory of 2820	2868	cmd.exe	41
PID 2868 wrote to memory of 2820	2868	cmd.exe	41
PID 2868 wrote to memory of 2820	2868	cmd.exe	41
PID 2868 wrote to memory of 2732	2868	cmd.exe	42
PID 2868 wrote to memory of 2732	2868	cmd.exe	42
PID 2868 wrote to memory of 2732	2868	cmd.exe	42
PID 2868 wrote to memory of 2576	2868	cmd.exe	43
PID 2868 wrote to memory of 2576	2868	cmd.exe	43
PID 2868 wrote to memory of 2576	2868	cmd.exe	43
PID 2868 wrote to memory of 2468	2868	cmd.exe	45
PID 2868 wrote to memory of 2468	2868	cmd.exe	45
PID 2868 wrote to memory of 2468	2868	cmd.exe	45
PID 2868 wrote to memory of 2580	2868	cmd.exe	46
PID 2868 wrote to memory of 2580	2868	cmd.exe	46
PID 2868 wrote to memory of 2580	2868	cmd.exe	46
PID 2868 wrote to memory of 2712	2868	cmd.exe	47
PID 2868 wrote to memory of 2712	2868	cmd.exe	47
PID 2868 wrote to memory of 2712	2868	cmd.exe	47
PID 2868 wrote to memory of 2444	2868	cmd.exe	48
PID 2868 wrote to memory of 2444	2868	cmd.exe	48
PID 2868 wrote to memory of 2444	2868	cmd.exe	48
PID 2868 wrote to memory of 2440	2868	cmd.exe	49
PID 2868 wrote to memory of 2440	2868	cmd.exe	49
PID 2868 wrote to memory of 2440	2868	cmd.exe	49
PID 2868 wrote to memory of 2464	2868	cmd.exe	50
PID 2868 wrote to memory of 2464	2868	cmd.exe	50
PID 2868 wrote to memory of 2464	2868	cmd.exe	50
PID 2868 wrote to memory of 2332	2868	cmd.exe	51

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\WanaCry.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Windows\system32\mode.com
  mode con: cols=80 lines=25
  2⤵
  PID:2944
- C:\Windows\system32\timeout.exe
  timeout 3
  2⤵
  PID:1708
- C:\Windows\system32\certutil.exe
  certutil -encode C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt.tmp
  2⤵
  PID:2808
- C:\Windows\system32\certutil.exe
  certutil -encode C:\Users\Admin\AppData\Local\Temp\dd_SetupUtility.txt C:\Users\Admin\AppData\Local\Temp\dd_SetupUtility.txt.tmp
  2⤵
  PID:1984
- C:\Windows\system32\certutil.exe
  certutil -encode C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI3028.txt C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI3028.txt.tmp
  2⤵
  PID:2120
- C:\Windows\system32\certutil.exe
  certutil -encode C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI3060.txt C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI3060.txt.tmp
  2⤵
  PID:2548
- C:\Windows\system32\certutil.exe
  certutil -encode C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI3028.txt C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI3028.txt.tmp
  2⤵
  PID:2588
- C:\Windows\system32\certutil.exe
  certutil -encode C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI3060.txt C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI3060.txt.tmp
  2⤵
  PID:2652
- C:\Windows\system32\certutil.exe
  certutil -encode C:\Users\Admin\AppData\Local\Temp\dd_wcf_CA_smci_20240221_140605_391.txt C:\Users\Admin\AppData\Local\Temp\dd_wcf_CA_smci_20240221_140605_391.txt.tmp
  2⤵
  PID:2664
- C:\Windows\system32\certutil.exe
  certutil -encode C:\Users\Admin\AppData\Local\Temp\dd_wcf_CA_smci_20240221_140605_984.txt C:\Users\Admin\AppData\Local\Temp\dd_wcf_CA_smci_20240221_140605_984.txt.tmp
  2⤵
  PID:2736
- C:\Windows\system32\certutil.exe
  certutil -encode C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt.tmp
  2⤵
  PID:2648
- C:\Windows\system32\certutil.exe
  certutil -encode C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20240221_140554752-MSI_netfx_Full_x64.msi.txt C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20240221_140554752-MSI_netfx_Full_x64.msi.txt.tmp
  2⤵
  PID:2600
- C:\Windows\system32\timeout.exe
  timeout 2
  2⤵
  PID:2820
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2732
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2576
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2468
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2580
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2712
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2444
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2440
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2464
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2332
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2356
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2908
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2904
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2920
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2924
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2680
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2768
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2532
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2624
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2876
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2916
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2288
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:276
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1636
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1936
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1800
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:888
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2020
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1640
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1568
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1540
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1768
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:632
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2676
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2724
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2504
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1816
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1256
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2268
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1416
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1272
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1316
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2028
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1292
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2280
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2428
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2284
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2068
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2168
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2840
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1740
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:608
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:720
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:788
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:592
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1004
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1492
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2968
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1488
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:3060
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1788
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1160
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2416
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:452
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1120
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1296
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2312
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1056
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:292
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1552
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1880
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:980
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2400
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1344
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1804
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1052
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1232
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:112
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2340
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2108
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2528
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2180
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2276
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2072
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2372
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2248
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:3048
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:900
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:356
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:3016
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1612
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1620
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1728
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2940
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1708
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2204
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2120
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2052
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2644
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2700
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2824
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2736
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2544
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2984
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2720
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2212
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:764
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1940
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2556
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2612
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2608
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2516
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2488
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2456
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2104
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2352
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2900
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2684
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1952
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2460
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2792
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2772
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2776
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2388
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:3040
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2800
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1560
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2252
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1600
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1772
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2360
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2256
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:288
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2420
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2192
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1656
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:472
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1828
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1528
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1200
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2308
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1252
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2244
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2028
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1292
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2280
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2428
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2284
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2068
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2168
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2840
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1740
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:608
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:720
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:788
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:592
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1004
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1492
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2968
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1488
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:3060
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1124
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1320
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1164
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:412
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2964
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2012
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:796
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1764
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1324
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1968
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1332
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1880
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2400
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1344
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1804
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1052
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1232
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:112
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2340
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2108
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2528
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2180
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2276
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2072
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2372
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2248
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3048
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:900
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:356
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3016
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1584
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1624
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2196
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2344
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2536
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2808
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2584
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2548
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2644
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2700
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2824
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2736
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2544
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2716
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2216
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2696
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1940
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2556
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2444
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2608
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2516
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2564
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2456
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2104
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2904
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2900
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2684
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2672
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2460
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2792
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2912
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2776
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2388
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2016
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2116
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:1652
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1936
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2032
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:1692
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1696
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1716
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:1540
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:828
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1644
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2404
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2676
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2692
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:1272
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:880
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1316
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2088
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2292
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1224
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2668
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1924
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2284
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:1824
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2328
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2840
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:896
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:928
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:720
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:604
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:824
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1004
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:856
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2896
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1488
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:1928
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1820
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1320
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2992
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2140
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2964
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:1564
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1688
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1764
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:948
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1876
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1048
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2504
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2512
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1704
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:1068
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2424
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2224
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:1856
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1236
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:404
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2260
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1648
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:628
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:1760
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2364
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1680
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:3056
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1520
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2100
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:1992
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1660
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2944
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:3016
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1584
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1984
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2196
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2344
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2660
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2808
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2584
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2568
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2644
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2700
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2124
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:1756
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2732
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2736
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2720
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1040
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2348
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2756
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1796
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2712
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2556
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2444
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2464
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2516
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2564
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2908
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2060
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1956
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2924
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2684
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2672
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2532
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2792
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2912
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2484
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:1672
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2388
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2252
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2304
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1936
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2360
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2336
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1692
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2192
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:828
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1644
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2404
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2676
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2692
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1780
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:1252
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2244
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:876
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2200
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1224
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1924
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2668
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2284
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1824
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2328
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2064
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1740
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:896
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:928
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:788
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:604
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:824
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1492
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:856
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2896
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:3060
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:1928
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1820
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1164
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2992
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2140
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:3008
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2012
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1808
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:292
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:1324
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1876
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:980
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:1536
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2432
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2960
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:1880
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2400
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:964
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:1052
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1804
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2228
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:112
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2340
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1448
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2528
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2180
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:996
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2072
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2372
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1588
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:3048
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:900
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1624
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:1612
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1620
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2588
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2656
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2196
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2600
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2740
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2808
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2824
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2596
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2644
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2172
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2576
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1756
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1132
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2716
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:764
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:1940
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2580
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1500
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2608
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2448
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2368
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2456
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2332
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2708
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2096
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2904
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2900
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2460
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2680
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2628
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1300
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2624
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:760
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2016
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:1964
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2288
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1772
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:1444
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1932
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1696
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2020
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:820
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:940
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2192
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1768
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1644
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2268
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:2404
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2676
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  PID:2692
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:1272
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1252
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:2244
- C:\Windows\system32\find.exe
  find "cmd.exe"
  2⤵
  PID:876
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads