78e776e68fa38ace2323474d19399ab09e16e0e6048d062dd3abc535bf892b4a

Analysis

max time kernel
1683s
max time network
1174s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 02:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4h2cqmm.bat
Size

776B
MD5

de5738a736fc1f59e8fbd1e5a6dd31ef
SHA1

ba6a2cc99ed4a172453bad6494a0637e0d00ae82
SHA256

78e776e68fa38ace2323474d19399ab09e16e0e6048d062dd3abc535bf892b4a
SHA512

000c5d51b25084a17945bc58798af21dba8040753b097209be9f3c614ab6a8c2a2ccca309719c8359f4a6c9c2c9e8fa37e76cbcb0de07af1b2f4076f075bb980

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	Everything.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	Everything.exe

Executes dropped EXE 6 IoCs

pid	Process
1644	Everything-1.4.1.1024.x86-Setup.exe
4528	Everything.exe
1568	Everything.exe
2760	Everything.exe
4012	Everything.exe
5060	Everything.exe

Loads dropped DLL 6 IoCs

pid	Process
1644	Everything-1.4.1.1024.x86-Setup.exe
1644	Everything-1.4.1.1024.x86-Setup.exe
1644	Everything-1.4.1.1024.x86-Setup.exe
1644	Everything-1.4.1.1024.x86-Setup.exe
1644	Everything-1.4.1.1024.x86-Setup.exe
1644	Everything-1.4.1.1024.x86-Setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Everything = "\"C:\\Program Files (x86)\\Everything\\Everything.exe\" -startup"	Everything.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	Everything.exe
File opened (read-only)	\??\G:	Everything.exe
File opened (read-only)	\??\I:	Everything.exe
File opened (read-only)	\??\M:	Everything.exe
File opened (read-only)	\??\R:	Everything.exe
File opened (read-only)	\??\W:	Everything.exe
File opened (read-only)	\??\K:	Everything.exe
File opened (read-only)	\??\N:	Everything.exe
File opened (read-only)	\??\Q:	Everything.exe
File opened (read-only)	\??\U:	Everything.exe
File opened (read-only)	\??\V:	Everything.exe
File opened (read-only)	\??\Y:	Everything.exe
File opened (read-only)	\??\A:	Everything.exe
File opened (read-only)	\??\S:	Everything.exe
File opened (read-only)	\??\T:	Everything.exe
File opened (read-only)	\??\B:	Everything.exe
File opened (read-only)	\??\H:	Everything.exe
File opened (read-only)	\??\J:	Everything.exe
File opened (read-only)	\??\L:	Everything.exe
File opened (read-only)	\??\O:	Everything.exe
File opened (read-only)	\??\P:	Everything.exe
File opened (read-only)	\??\X:	Everything.exe
File opened (read-only)	\??\Z:	Everything.exe

Drops file in Program Files directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Everything\Everything.exe	Everything.exe
File created	C:\Program Files (x86)\Everything\Changes.txt	Everything.exe
File created	C:\Program Files (x86)\Everything\License.txt	Everything.exe
File created	C:\Program Files (x86)\Everything\Everything.lng	Everything.exe
File created	C:\Program Files (x86)\Everything\Uninstall.exe	Everything.exe
File created	C:\Program Files (x86)\Everything\Everything.ini.tmp	Everything.exe
File created	C:\Program Files (x86)\Everything\Everything.exe	Everything.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 16 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\shell\open\command\ = "\"C:\\Program Files (x86)\\Everything\\Everything.exe\" \"%1\""	Everything.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.efu	Everything.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\ = "Everything File List"	Everything.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\DefaultIcon	Everything.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\DefaultIcon\ = "C:\\Program Files (x86)\\Everything\\Everything.exe, 1"	Everything.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\shell	Everything.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\shell\open	Everything.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\shell\edit\command	Everything.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.efu\Content Type = "text/plain"	Everything.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList	Everything.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\shell\open\command	Everything.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.efu\ = "Everything.FileList"	Everything.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.efu\PerceivedType = "text"	Everything.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\shell\edit	Everything.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Everything.FileList\shell\edit\command\ = "\"C:\\Program Files (x86)\\Everything\\Everything.exe\" -edit \"%1\""	Everything.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Everything-1.4.1.1024.x86-Setup.exe:Zone.Identifier	firefox.exe

Runs ping.exe 1 TTPs 64 IoCs

Remote System Discovery

T1018

pid	Process
1912	Process not Found
3500	Process not Found
3344	Process not Found
2388	Process not Found
5096	Process not Found
4496	Process not Found
1004	PING.EXE
4088	Process not Found
3040	Process not Found
3192	Process not Found
4968	Process not Found
4368	Process not Found
4820	Process not Found
1288	Process not Found
1316	PING.EXE
3244	Process not Found
2108	Process not Found
4796	Process not Found
4168	Process not Found
3192	Process not Found
4308	Process not Found
3692	PING.EXE
4360	PING.EXE
2028	PING.EXE
2740	Process not Found
5016	Process not Found
3192	Process not Found
2448	Process not Found
2540	PING.EXE
4968	PING.EXE
2016	Process not Found
4612	Process not Found
1840	Process not Found
912	Process not Found
2656	Process not Found
3472	Process not Found
3836	Process not Found
640	PING.EXE
1540	Process not Found
3552	Process not Found
4520	Process not Found
4356	Process not Found
4760	Process not Found
1192	Process not Found
552	Process not Found
3180	Process not Found
5000	Process not Found
4496	Process not Found
4732	Process not Found
5108	PING.EXE
2460	PING.EXE
2756	Process not Found
2744	Process not Found
2348	Process not Found
920	Process not Found
2264	Process not Found
3840	Process not Found
2240	Process not Found
1180	Process not Found
4588	Process not Found
1536	PING.EXE
3476	PING.EXE
4312	Process not Found
636	Process not Found

Suspicious use of AdjustPrivilegeToken 21 IoCs

description	pid	Process
Token: SeDebugPrivilege	1440	firefox.exe
Token: SeDebugPrivilege	1440	firefox.exe
Token: SeDebugPrivilege	1568	Everything.exe
Token: SeDebugPrivilege	1568	Everything.exe
Token: SeDebugPrivilege	1568	Everything.exe
Token: SeDebugPrivilege	1568	Everything.exe
Token: SeDebugPrivilege	1568	Everything.exe
Token: SeDebugPrivilege	1568	Everything.exe
Token: SeDebugPrivilege	1568	Everything.exe
Token: SeDebugPrivilege	1568	Everything.exe
Token: SeDebugPrivilege	1568	Everything.exe
Token: SeDebugPrivilege	1568	Everything.exe
Token: SeDebugPrivilege	1568	Everything.exe
Token: SeDebugPrivilege	1568	Everything.exe
Token: SeDebugPrivilege	1568	Everything.exe
Token: SeDebugPrivilege	1568	Everything.exe
Token: SeDebugPrivilege	4012	Everything.exe
Token: SeDebugPrivilege	4012	Everything.exe
Token: SeDebugPrivilege	5060	Everything.exe
Token: SeDebugPrivilege	5060	Everything.exe
Token: SeDebugPrivilege	5060	Everything.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1440	firefox.exe
1440	firefox.exe
1440	firefox.exe
1440	firefox.exe
5060	Everything.exe
5060	Everything.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
1440	firefox.exe
1440	firefox.exe
1440	firefox.exe
5060	Everything.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1440	firefox.exe
1440	firefox.exe
1440	firefox.exe
1440	firefox.exe
5060	Everything.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 3484	4928	cmd.exe	84
PID 4928 wrote to memory of 3484	4928	cmd.exe	84
PID 4928 wrote to memory of 2968	4928	cmd.exe	85
PID 4928 wrote to memory of 2968	4928	cmd.exe	85
PID 4928 wrote to memory of 624	4928	cmd.exe	109
PID 4928 wrote to memory of 624	4928	cmd.exe	109
PID 4928 wrote to memory of 3928	4928	cmd.exe	110
PID 4928 wrote to memory of 3928	4928	cmd.exe	110
PID 4928 wrote to memory of 2924	4928	cmd.exe	111
PID 4928 wrote to memory of 2924	4928	cmd.exe	111
PID 4928 wrote to memory of 4176	4928	cmd.exe	112
PID 4928 wrote to memory of 4176	4928	cmd.exe	112
PID 4928 wrote to memory of 4432	4928	cmd.exe	113
PID 4928 wrote to memory of 4432	4928	cmd.exe	113
PID 4928 wrote to memory of 4528	4928	cmd.exe	114
PID 4928 wrote to memory of 4528	4928	cmd.exe	114
PID 4928 wrote to memory of 1896	4928	cmd.exe	115
PID 4928 wrote to memory of 1896	4928	cmd.exe	115
PID 4928 wrote to memory of 1652	4928	cmd.exe	116
PID 4928 wrote to memory of 1652	4928	cmd.exe	116
PID 4928 wrote to memory of 3888	4928	cmd.exe	117
PID 4928 wrote to memory of 3888	4928	cmd.exe	117
PID 4928 wrote to memory of 3996	4928	cmd.exe	118
PID 4928 wrote to memory of 3996	4928	cmd.exe	118
PID 4928 wrote to memory of 4760	4928	cmd.exe	119
PID 4928 wrote to memory of 4760	4928	cmd.exe	119
PID 4928 wrote to memory of 2440	4928	cmd.exe	120
PID 4928 wrote to memory of 2440	4928	cmd.exe	120
PID 4928 wrote to memory of 4156	4928	cmd.exe	121
PID 4928 wrote to memory of 4156	4928	cmd.exe	121
PID 4928 wrote to memory of 2068	4928	cmd.exe	122
PID 4928 wrote to memory of 2068	4928	cmd.exe	122
PID 4928 wrote to memory of 3868	4928	cmd.exe	123
PID 4928 wrote to memory of 3868	4928	cmd.exe	123
PID 4928 wrote to memory of 4868	4928	cmd.exe	124
PID 4928 wrote to memory of 4868	4928	cmd.exe	124
PID 4928 wrote to memory of 3464	4928	cmd.exe	125
PID 4928 wrote to memory of 3464	4928	cmd.exe	125
PID 4928 wrote to memory of 5108	4928	cmd.exe	126
PID 4928 wrote to memory of 5108	4928	cmd.exe	126
PID 4928 wrote to memory of 3924	4928	cmd.exe	127
PID 4928 wrote to memory of 3924	4928	cmd.exe	127
PID 4928 wrote to memory of 3964	4928	cmd.exe	128
PID 4928 wrote to memory of 3964	4928	cmd.exe	128
PID 4928 wrote to memory of 2244	4928	cmd.exe	129
PID 4928 wrote to memory of 2244	4928	cmd.exe	129
PID 4928 wrote to memory of 4336	4928	cmd.exe	130
PID 4928 wrote to memory of 4336	4928	cmd.exe	130
PID 4928 wrote to memory of 3092	4928	cmd.exe	131
PID 4928 wrote to memory of 3092	4928	cmd.exe	131
PID 4928 wrote to memory of 3720	4928	cmd.exe	132
PID 4928 wrote to memory of 3720	4928	cmd.exe	132
PID 4928 wrote to memory of 460	4928	cmd.exe	133
PID 4928 wrote to memory of 460	4928	cmd.exe	133
PID 4928 wrote to memory of 4068	4928	cmd.exe	134
PID 4928 wrote to memory of 4068	4928	cmd.exe	134
PID 4928 wrote to memory of 1908	4928	cmd.exe	135
PID 4928 wrote to memory of 1908	4928	cmd.exe	135
PID 4928 wrote to memory of 2980	4928	cmd.exe	136
PID 4928 wrote to memory of 2980	4928	cmd.exe	136
PID 4928 wrote to memory of 4196	4928	cmd.exe	137
PID 4928 wrote to memory of 4196	4928	cmd.exe	137
PID 4928 wrote to memory of 5064	4928	cmd.exe	138
PID 4928 wrote to memory of 5064	4928	cmd.exe	138

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4h2cqmm.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Windows\system32\chcp.com
  chcp 65001
  2⤵
  PID:3484
- C:\Windows\system32\mode.com
  mode 117,29
  2⤵
  PID:2968
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:624
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3928
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2924
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4176
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4432
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4528
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1896
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1652
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3888
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3996
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4760
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2440
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4156
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2068
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3868
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4868
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3464
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:5108
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3924
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3964
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2244
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4336
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3092
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3720
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:460
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4068
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1908
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2980
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4196
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:5064
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1416
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4216
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4924
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1672
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:448
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4572
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4524
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:620
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:528
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1832
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3828
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:5072
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2100
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3512
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1020
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2900
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3560
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1412
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3988
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:736
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:524
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3832
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1596
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3376
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3872
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3932
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  - Runs ping.exe
  PID:1536
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1780
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:508
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4972
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4948
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4376
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1008
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2232
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3416
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4040
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4116
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2108
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3668
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3580
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2432
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1872
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2200
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4512
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1364
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:884
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4232
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3472
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4516
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4020
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  - Runs ping.exe
  PID:3692
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1104
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  - Runs ping.exe
  PID:3476
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3532
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:5060
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2760
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3948
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1840
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4152
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2096
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4416
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2296
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3936
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4908
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4456
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3736
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2388
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2288
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3604
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1288
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:628
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1788
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4316
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1620
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1312
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4460
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2772
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4872
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:8
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3928
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2500
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3756
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1664
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2380
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1128
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4412
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3036
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:680
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2908
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4832
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4504
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4652
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1360
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4168
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2716
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:5052
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2652
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4924
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3548
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4244
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4008
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3712
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3328
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:5096
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2440
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3592
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3420
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1108
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4052
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1360
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4524
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4292
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4576
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4356
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1564
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1672
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3836
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:692
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:588
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3024
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2008
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2460
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2180
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1572
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2744
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:512
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  - Runs ping.exe
  PID:4360
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4824
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4328
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4496
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4520
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4264
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:5096
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1640
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1032
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:992
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1992
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1724
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:5108
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4340
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:5048
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1556
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1816
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4196
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:524
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3184
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4608
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3940
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3668
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3552
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1636
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2652
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4152
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4580
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1252
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4660
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3088
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2180
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2744
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2116
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4344
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3928
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4008
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1308
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1116
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:5096
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3172
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3592
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:964
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:832
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2424
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3420
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3736
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3428
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2760
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2816
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3372
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4016
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3548
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4108
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4388
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1300
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3088
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3756
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4328
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4692
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2980
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3232
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:5052
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2576
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4052
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1816
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1048
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2504
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2508
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1564
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2500
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2700
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3432
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4876
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:920
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1160
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2424
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3420
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2740
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3668
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2640
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4908
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4444
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2524
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2660
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4160
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2884
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2740
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2372
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:424
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3504
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4872
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2424
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4288
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:396
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:904
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3880
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1560
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:552
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1088
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:388
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3472
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4668
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1152
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2912
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4976
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:912
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1252
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2568
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4292
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2700
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2944
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2116
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1128
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3996
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4496
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1476
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:464
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:5112
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1788
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2220
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3416
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2460
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:5052
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4764
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4216
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4900
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:5044
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4604
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3836
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4328
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1180
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2540
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3276
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2080
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1276
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4160
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2660
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:396
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3036
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4840
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3232
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3740
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:964
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2228
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2788
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3540
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3476
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2096
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2004
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2464
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3132
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:372
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2180
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3960
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4476
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4648
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4588
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1188
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4168
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4232
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:964
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2024
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4628
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2600
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3880
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1528
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4612
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3240
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1568
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4328
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2252
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1548
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3532
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4476
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3540
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1028
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4344
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4496
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1176
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4984
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:432
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4648
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1696
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:904
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:664
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2600
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1516
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1180
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:4664
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4676
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:2228
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:1956
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1664
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:3924
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:5080
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2860
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1416
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:2600
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:1700
- C:\Windows\system32\PING.EXE
  PING -n 2 185.239.174.66
  2⤵
  PID:4664
- C:\Windows\system32\find.exe
  FIND "TTL="
  2⤵
  PID:3412

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1192

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1644
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.0.1458898072\840498173" -parentBuildID 20230214051806 -prefsHandle 1772 -prefMapHandle 1764 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b23405ee-3e8b-47a9-8f21-f23079374781} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 1852 1cec49b2558 gpu
    3⤵
    PID:3228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.1.51888125\1631662627" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6038de53-dc4e-48ed-8ce0-e6428d55eb4a} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 2420 1ceb7b89658 socket
    3⤵
    - Checks processor information in registry
    PID:3480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.2.2001828501\409471710" -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 2992 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c455efa6-6d47-4b86-b522-e61a299cd798} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 3008 1cec771a358 tab
    3⤵
    PID:1008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.3.405259781\2118988024" -childID 2 -isForBrowser -prefsHandle 4232 -prefMapHandle 4228 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52fdd25e-cb41-499e-8922-81d9383adbba} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 4244 1cec9bf8658 tab
    3⤵
    PID:4000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.4.1896445451\1608383573" -childID 3 -isForBrowser -prefsHandle 5072 -prefMapHandle 5068 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {200522f4-90e1-437d-94ad-80a0d59819f7} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 5084 1cecbd2d258 tab
    3⤵
    PID:3936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.5.517886178\1144845438" -childID 4 -isForBrowser -prefsHandle 5232 -prefMapHandle 5236 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67dd06d9-a231-4cc5-bf8a-d834f636ca7e} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 5220 1cecbd2d558 tab
    3⤵
    PID:1304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.6.2002202444\1483358615" -childID 5 -isForBrowser -prefsHandle 5500 -prefMapHandle 5496 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d284812-d176-49dd-a299-53f846edd60c} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 5508 1cecbd2d858 tab
    3⤵
    PID:4932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.7.100454524\1793481195" -childID 6 -isForBrowser -prefsHandle 5892 -prefMapHandle 5888 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3655628-0bbc-4eb8-8162-1da914894e65} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 5904 1cecd6d5258 tab
    3⤵
    PID:836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.8.638512090\281392820" -childID 7 -isForBrowser -prefsHandle 4960 -prefMapHandle 4956 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dd1ee96-8829-47b0-b8c3-e8b4c9422fe2} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 4432 1cec9936558 tab
    3⤵
    PID:736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.9.781679639\1528020717" -childID 8 -isForBrowser -prefsHandle 4504 -prefMapHandle 1512 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fee44a2-b503-4ab0-8ef4-553d5228492c} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 4376 1cecd6d6d58 tab
    3⤵
    PID:4760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.10.478789621\458366898" -childID 9 -isForBrowser -prefsHandle 5616 -prefMapHandle 5516 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b56fd784-5baf-4bed-9557-d2ef5b53aad5} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 5532 1cecbd2d858 tab
    3⤵
    PID:384
- - C:\Users\Admin\Downloads\Everything-1.4.1.1024.x86-Setup.exe
    "C:\Users\Admin\Downloads\Everything-1.4.1.1024.x86-Setup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\nsiFF6E.tmp\Everything\Everything.exe
      "C:\Users\Admin\AppData\Local\Temp\nsiFF6E.tmp\Everything\Everything.exe" -install "C:\Program Files (x86)\Everything" -install-options " -app-data -install-run-on-system-startup -install-service -disable-run-as-admin -uninstall-folder-context-menu -install-start-menu-shortcuts -install-desktop-shortcut -uninstall-url-protocol -install-efu-association -install-language 1033 -save-install-options 0"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Drops file in Program Files directory
      PID:4528
    - - C:\Program Files (x86)\Everything\Everything.exe
        
        "C:\Program Files (x86)\Everything\Everything.exe" -app-data -install-run-on-system-startup -install-service -disable-run-as-admin -uninstall-folder-context-menu -install-start-menu-shortcuts -install-desktop-shortcut -uninstall-url-protocol -install-efu-association -install-language 1033 -save-install-options 0
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Program Files directory
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:1568
  - - C:\Program Files (x86)\Everything\Everything.exe
      "C:\Program Files (x86)\Everything\Everything.exe" -disable-update-notification -uninstall-quick-launch-shortcut -no-choose-volumes -language 1033
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:4012
  - - C:\Program Files (x86)\Everything\Everything.exe
      "C:\Program Files (x86)\Everything\Everything.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Enumerates connected drives
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:5060
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4h2cqmm.bat" "
        5⤵
        
        PID:3756
      - C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        6⤵
        
        PID:3088
      - C:\Windows\SysWOW64\mode.com
        
        mode 117,29
        6⤵
        
        PID:2304
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4012
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4332
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        Runs ping.exe
        
        PID:5108
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4340
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4512
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2904
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1712
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2028
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:508
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:628
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4324
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1516
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:460
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:640
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3416
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4172
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4016
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:680
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3180
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4196
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1556
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3500
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:5076
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1764
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:5056
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1136
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1300
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4448
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2140
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:924
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3700
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4968
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:5044
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3840
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3836
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3924
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1180
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4376
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:5024
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1832
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1564
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:736
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3412
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1312
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2640
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4468
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3276
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4576
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2732
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2296
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1304
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2660
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3352
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3036
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:184
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3232
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4464
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:992
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3928
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:388
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4020
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1968
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1152
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4848
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:208
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4000
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3256
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4732
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4340
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1028
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2904
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3000
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3132
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4820
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2028
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3236
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:628
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3964
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1516
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1980
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:640
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2664
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4172
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1108
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:680
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2024
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2456
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2460
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1536
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2384
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2976
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4856
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2936
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2768
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1836
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4352
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3872
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4568
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3692
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3008
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3996
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:5080
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3844
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4940
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4948
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1700
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3656
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3192
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1704
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3808
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1568
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4984
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1540
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3876
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4504
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4288
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4564
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1876
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:636
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2692
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:884
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3548
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4872
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2740
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3740
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2228
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3080
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4524
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1004
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4440
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3540
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3668
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2744
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4904
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:5108
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2944
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4184
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2816
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4876
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:732
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2116
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4616
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:464
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2364
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:5112
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4040
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3388
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3416
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3108
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4760
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1108
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4012
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2460
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3500
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2384
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1764
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4856
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4884
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4588
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1956
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2768
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2512
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4352
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:5000
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1176
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:996
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1724
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2180
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3516
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3480
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4120
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4376
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3752
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1832
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:5016
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4932
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3228
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3512
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2236
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4468
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2372
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4576
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:396
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4176
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2240
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3036
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:552
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3488
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:692
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4448
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2788
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2884
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4484
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1968
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2344
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4476
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1252
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4580
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:856
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4000
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4264
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4732
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2940
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1028
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1128
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1712
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1476
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2028
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1788
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3236
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:452
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3964
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3568
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1980
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2664
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:388
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3928
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2716
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4368
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1672
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2368
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1840
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:5056
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1904
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3936
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4388
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2948
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1956
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3700
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:924
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:5044
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4568
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4496
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1176
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2104
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1008
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3844
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:744
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1700
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4120
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3656
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:868
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4520
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:736
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3876
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1540
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4160
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:424
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1556
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:5040
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4672
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4444
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1596
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1084
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3460
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3232
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4168
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4216
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4808
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4516
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4580
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1432
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4000
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4512
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4732
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2464
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1712
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3688
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4684
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3528
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2712
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2108
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:452
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3964
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1912
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3880
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4828
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1980
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4992
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:388
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2584
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2716
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        Runs ping.exe
        
        PID:2460
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1672
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2368
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1840
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4856
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1904
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3988
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4388
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1880
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1956
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1316
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:924
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:5044
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4568
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2104
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1008
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3516
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3028
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4948
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2772
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3656
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1832
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:364
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4172
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4520
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4932
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3672
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1540
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4160
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2524
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1556
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2024
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4996
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4444
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3548
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4108
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2740
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:552
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2232
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1188
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:5072
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4328
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3476
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4668
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4808
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2228
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:856
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4580
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:5108
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1452
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2816
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4184
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4332
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4476
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4820
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1476
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4324
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4684
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2712
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1516
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:452
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2692
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4068
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:640
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3472
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4232
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1108
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4992
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:5076
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1784
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2976
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4796
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4316
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4856
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2948
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3932
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3700
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2768
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4604
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2512
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3132
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1128
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:996
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3652
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1336
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3200
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1180
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4664
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3244
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1564
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1520
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3752
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4760
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:832
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        Runs ping.exe
        
        PID:2540
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:5016
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3604
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2080
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2424
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1276
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:5052
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3892
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3036
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1088
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2240
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:224
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4464
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2064
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3836
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1176
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2232
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1188
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1004
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4328
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4020
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4668
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2744
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2228
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2944
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4580
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2940
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1452
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2980
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4184
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:912
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4476
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:628
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1476
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4792
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4684
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:452
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2692
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4860
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:640
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1204
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4232
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3212
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4992
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2384
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1784
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4484
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:432
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2976
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4796
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2528
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4856
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4400
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3932
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3172
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2768
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        Runs ping.exe
        
        PID:1316
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2512
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4344
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1128
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4568
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3652
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2104
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3200
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3244
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3360
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3656
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3752
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4760
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:832
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4396
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:5016
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3672
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2080
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2424
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1276
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1136
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1696
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:5040
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3892
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1780
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1088
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2740
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:224
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1496
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2064
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4216
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1176
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:524
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1188
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        Runs ping.exe
        
        PID:1004
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4328
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4808
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4668
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4512
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4580
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2940
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1452
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1896
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4184
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4820
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4476
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3236
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1476
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4944
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:664
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4792
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4684
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3880
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2692
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1980
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:640
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1204
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4232
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3212
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4992
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4524
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1784
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1672
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:432
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1036
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4796
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3988
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4856
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        Runs ping.exe
        
        PID:4968
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2768
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1316
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4876
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3840
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4364
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2016
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1336
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3352
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2600
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3844
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3992
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3504
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2596
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3656
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:5036
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4760
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:988
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2236
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4396
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4628
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2120
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2424
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2096
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1136
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1556
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3036
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:5040
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3548
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4108
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3996
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3836
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1816
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2344
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1548
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4812
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4020
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2884
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4120
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3412
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2744
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4652
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4264
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1252
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2116
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:208
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3464
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1392
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:460
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3184
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4672
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2024
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:5112
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2712
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:624
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3472
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2692
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1308
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        Runs ping.exe
        
        PID:640
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3180
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4232
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2520
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4992
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1764
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1784
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2936
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:432
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4900
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4796
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:5108
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2228
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4388
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4856
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3096
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2768
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4272
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4876
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4344
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4364
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3388
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1336
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4644
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:868
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2772
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2596
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:736
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:5036
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:60
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:988
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3604
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4396
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1540
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2120
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:5052
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2096
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2296
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1556
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1596
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:5040
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3932
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1664
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1780
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4108
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3136
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2064
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3836
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2252
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2344
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:524
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4812
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3740
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2884
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4808
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4652
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4264
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4512
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1452
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:208
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        Runs ping.exe
        
        PID:2028
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1896
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4476
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4820
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4564
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1476
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2660
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:5112
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:2180
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3924
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3928
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:3880
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:388
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2692
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:1536
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2716
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3240
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:1568
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:4976
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:2912
      - C:\Windows\SysWOW64\PING.EXE
        
        PING -n 1 185.239.174.66
        6⤵
        
        PID:3936
      - C:\Windows\SysWOW64\find.exe
        
        FIND "TTL="
        6⤵
        
        PID:4316

C:\Program Files (x86)\Everything\Everything.exe
"C:\Program Files (x86)\Everything\Everything.exe" -svc
1⤵
- Executes dropped EXE
PID:2760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Everything\Everything.ini

Filesize
215B

MD5
b2b308d8c164f75bc11bccf7baf3df67

SHA1
6f1e5561268b2db5b46bb6f738c0f7a637fd6b6d

SHA256
f0969f438d2869641d8f76d5b9fd2b82c7232134a90972e96abb3783d1e2fbe5

SHA512
5cb56d715d35a33e5bbc7e7deb43e4f143e4193ae59282892fe72b82c66a21a62cec85222a9879d5126479a59b9a5e715568f4bb62040a4c03b706f1ebde9659

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
700799ba847463bad485c7cff8a2df3a

SHA1
d791fc63a121114c54e4ebd8345884b69648f518

SHA256
ef0c3deb0fd3c1579b8c7c046e15911262a5efcbafb20cfbd3df2cd88ed9be58

SHA512
a84420aa870fb4a497eff001facdd512bde2f0cb7f054dab024528526e02cd242d50d9dc6004dad2089853bb5e07e7277de93702b1530f8c1b1265f2e9081df8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\26087

Filesize
9KB

MD5
5a95daddce5b9808d002cf9e9516ba8b

SHA1
36a6fc99e06da1d320ef95fde6fe539c3acc4aeb

SHA256
de5f5a5e66696d2f602667f26781340d7e266bbe5ae73215c362882cb55e8dc5

SHA512
69b5ef12cb31c6582f0294fc98f4c3f81ce1e80ecb8f43a85518f45a034bb4f9bb5d61e80a950af1066a2e51d5ce5eb6e054424fa2389307c224d6c43e12d651

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiFF6E.tmp\Everything\Changes.txt

Filesize
18KB

MD5
1ebb92ac516db5077a0c851565b7a2cf

SHA1
9adabfbb11b070169429fd43a250285ee8881213

SHA256
e64b60048b375f0c7d4c1fb4329957a297f2e60c306ef9c380175ea7a42223d6

SHA512
3fba14d13a602937b8600c7d5cc8011f7369857be288510b142573e411b2296cdb3ce58beafdf268d04aa1c5130503a63ba38f87239fc7b0be2e0170bdfc86de

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiFF6E.tmp\Everything\Everything.exe

Filesize
1.7MB

MD5
a7067594451cab167a4f463be9d0209c

SHA1
1c2b1e5a0826ca07cc0aa8b3d24bad0a41845df5

SHA256
d3a6ed07bd3b52c62411132d060560f9c0c88ce183851f16b632a99b4d4e7581

SHA512
8fb6e9a82213cc1c371eddc12833b8cad037b800a58a3a3520eb7b14c9e41e61a8bf5db27bd6a79dd8013c51649396feff22436cb7bacf64989552a5a11abbd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiFF6E.tmp\Everything\Everything.lng

Filesize
912KB

MD5
ba118bdf7118802beea188727b155d5f

SHA1
20fe923ec91d13f03bdb171df2fe54772f86ebba

SHA256
270c2dbd55642543479c7e7e62f99ec11bbc65496010b1354a2be9482269d471

SHA512
01d8dd2bf9aa251512b6b9b47e9d966b7eda5f76302e6441c5e7110ff37b4be325a4f8096df26a140c67bd740dcd720bc4e9356ccb95703ad63fe9fdbbb0c41f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiFF6E.tmp\Everything\License.txt

Filesize
2KB

MD5
2d8c6b891bea32e7fa64b381cf3064c2

SHA1
495396d86c96fb1cfdf56cae7658149138056aa9

SHA256
2e017a9c091cf5293e978e796c81025dab6973af96cb8acd56a04ef29703550b

SHA512
03a520f4423da5ef158fb81c32cfff0def361cc4d2caa9cfa4d306136da047a80a6931249a6b9c42f9f2656a27391b7921a64e10baa7468c255bc48bd488a860

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiFF6E.tmp\Everything\Uninstall.exe

Filesize
136KB

MD5
fc3732ef603b36055209652f749c1080

SHA1
bd8b0806abecf983c89814ab4dcbd3300a78fe88

SHA256
0deee0d9d6e140226de19047c0ab160ec957a6e4bf63bb1c058bac9f09c47874

SHA512
98ee82dfe67fa3d5fe2ae3977b959b0fb1277e5bdb320e7eca347771cd4ef8d8b99c6b3cefc0466347e8f49644386cc2d0f5f7a63eb5404a8371182bd880286f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiFF6E.tmp\InstallOptions.dll

Filesize
15KB

MD5
ece25721125d55aa26cdfe019c871476

SHA1
b87685ae482553823bf95e73e790de48dc0c11ba

SHA256
c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

SHA512
4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiFF6E.tmp\InstallOptions.ini

Filesize
1KB

MD5
e2808f4be298a32ae279ee9ebacd0a0c

SHA1
b7929c346ba7a7aa690a766e4f70bc1d44f75460

SHA256
99b98f333848dacc5df866402181a6e2441fff0f9cdbb2a26f5f2c5d5dd12c52

SHA512
a305986b1eb907caa77616bcf3b9929fcbef8156b9162a942b1720ae32b34e1ba0537c553b54e750a22c3106fdb33870c346dd1f9d72db7d0baa6d318c3752a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiFF6E.tmp\InstallOptions.ini

Filesize
1KB

MD5
c8a18550da945138613f5bf348956990

SHA1
c219fc7774a9999665df1d4016a8560895a83c4b

SHA256
68f1cdce7f5d8e70f8d1c5fd90d04118dcb0b5a1b6396ab82610462f84c2b1d1

SHA512
410ba69c9cc9dccb5480a9b00d915cfef6461f900b412fb776a4501d7f37fe85781ce27fccaa3f9ac0138948e371645dac603d6c600b4e54ddcf80a854f2e461

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiFF6E.tmp\InstallOptions.ini

Filesize
1KB

MD5
70b1d83f2a71464492dc0e92126e34be

SHA1
beae3ebffeff3872241813b67b2614428a4cd48c

SHA256
13c6c860e140863766c90686db4e20fb8f52c0c7965281b4b60237e69e5c95c0

SHA512
6c0c76d1187754c17342a4781317a82789e607fe92fa9ca863f9c697dc69f5ce628e74c2acff03e58b773dd4bb387eb8ea5175e185d83f8c5627466f438d9a48

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiFF6E.tmp\InstallOptions2.ini

Filesize
2KB

MD5
a6634dd375de49a06ff7c8c65f03bb42

SHA1
2834f907bb17d0916cfd1285718695f866e319d6

SHA256
caf045fdf50d8706410dabb4b4db6edab64d09a1c4229854666c5fdcbc70f35d

SHA512
c2d65ed0b99084753447711ea46e2805017b51917851bc7b53a96e58c49b92acf9f3f32fdb9b68beea400050703785ef49f7d7bf77131cb683663375654b71e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiFF6E.tmp\InstallOptions2.ini

Filesize
2KB

MD5
dedb5ec2432e75dcb3445b77f2f0ba5e

SHA1
186f12afd098fd9e9b02edba4e1ecbb5948c7940

SHA256
9091304eb1fb1521bb7aa859bff18899aec6a7d3af03cc25efe99c5548a7511e

SHA512
fbb015e9060d4617a293efbc3352c46302c07be94cd2c58edef7fa3d0f6c4e72ff48d801f101a115b7535b9c7d9697923f409323e559d20ad15d964ab1679442

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiFF6E.tmp\InstallOptions2.ini

Filesize
2KB

MD5
5de6d52ef07c19f963bfa97ac693326d

SHA1
eece296b0b549ce602572b5b648813229f11e3d6

SHA256
91781bccb4fc9f48e6199dad85cb2c5baba4f7a40c203342e894db51bbb909df

SHA512
08a42700cdc38065ea81e6ef237fbbeb08fbeadfa241a203c1cf8db997e236ef4aec95ef04acb20266a5600448faa9ea5704fd147d518cf162f5303b6204b43c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiFF6E.tmp\InstallOptions2.ini

Filesize
2KB

MD5
99b357e260a6d1bb26a85a0af0c80f7a

SHA1
9fdf0629cd790c35cf469b44790d69b651272fd7

SHA256
52943438dc2a28e4f235c5cec50ef33a01b279d74dd0dbb50fe4422e722d18f6

SHA512
1fcedad4bd7ce83e9389bfbc36525ee1fda2ffdff49aea18ebd1cae67a48b45d9f599883a368c675eba617b6ad476be1f0e8e91a2baa6529bd600a786dea596a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiFF6E.tmp\LangDLL.dll

Filesize
5KB

MD5
68b287f4067ba013e34a1339afdb1ea8

SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3

SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiFF6E.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiFF6E.tmp\ioSpecial.ini

Filesize
1KB

MD5
dc2e5b015c09ac775e7cd1edc482ec8c

SHA1
84e06c570ebebac3a23e7176acfb2b488a0e3342

SHA256
6781d8dd2b7043d560c12faf6b4d86ee42592cf2e02f09bf734bd9bee5721bee

SHA512
4706eece723887f0c91a3702c76f6ae44d5a1a07838f9467972e10525ca5c5b0ec5dbe6c3bdc91c0c2d9348b335e49e386a7b7a485b46c7e52e37d2708fadc2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiFF6E.tmp\ioSpecial.ini

Filesize
1KB

MD5
fdfaf6cf4953935361608fc494306e16

SHA1
c8119e437f9c7dcb4e3609fdc2acf681a5ea16ee

SHA256
6c5488a0de7747a28ebc238e06a49be502624dd78f27b79f62416c1d1235ef26

SHA512
654fafc379b5d171c97803b7877874e153e001dea04f9965abf5d8878e4430ac772fd2a60cd5e83b8638f8d044e49642626b40dd3f53d0a461f95201bedfc44c

Download Submit
C:\Users\Admin\AppData\Roaming\Everything\Everything.ini

Filesize
20KB

MD5
49b6ff446eddaf88ea08a7c16792952e

SHA1
c0dc334f467d867f0e1d3fabd555ebcac395fc8b

SHA256
2fb724dd202047575842ab8b47f7c395b06c84879af5a1cd5978b3a0111e3580

SHA512
77caea2889ef3c8396cf333e6f99656cf087ba69e20f86279cf415e9b3ef598a98a0a2bada407443910ef24b8d51602ef3d1504f3826f0f9837d07db488bab2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js

Filesize
7KB

MD5
08b71a62c58ec605c06d30ffd0a9e2ca

SHA1
9f93d5f341262cad447cf2615122b4c71049d0a6

SHA256
7fc4eb2b90827dbde338a70fdd027886d4275e1bf4cdf552d34a10c504a02fa5

SHA512
15da4ebd31d532d3c642b23baaf0913cfae821969c446ae739762b6b53d331150718d5e9227570810300cab2bc9be1976df3e30eb95732ab695e32f8fe993900

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js

Filesize
6KB

MD5
e6b466aa92049e85f76bbd539493328f

SHA1
f92cb407dfe05a9ed78670e89965c437efc6b1fe

SHA256
206732f69c4bb47ef3cd6c99a42ad4864213197c6175acc456f067eaeaf0e9f6

SHA512
15f94144debc8a686fac69c7491b8bef49c63673a9a67738618c5251ef70587ba832701e9f1e359647336ea3b49181d4389d24827cf6741dc65e93a13dc9c171

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js

Filesize
7KB

MD5
86ea429ffb60aef47a8538c5b7e96199

SHA1
ea83f0d716a19d237a61a34627271d17fde1f405

SHA256
4d577ec66918d438d10900fda8db3ecb3d4b8e049cbdad12ba9b3bf2aaac7667

SHA512
f41caa3afbdbc951b9827606ec992269a203392e167387a790e07a6496a7d557c4d0451ed2d284122dcdd9d1d593323c4ff508fcf966a5c85db2735b659ee0ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs.js

Filesize
6KB

MD5
b3461e0a274131835e8633ebbf381411

SHA1
ce231f20de97602b7b98623b97bd36d6892bddcb

SHA256
28c16bbb0d7475dcba6a88aa9fe5111698458f5f02b8194dd8fe3afee75e6649

SHA512
9af2c7e687dca270a61c082842a44225a19e7d630dbc6b6e90a23d81bdccefdaaac0023708ac2c2bd48e379855ff7d212a66e51746eff18b93ee0c3fabce1292

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs.js

Filesize
6KB

MD5
9205a2fd1fbdd531fe3b66a49cd1363c

SHA1
c541a69f564ef5577b621e6361d07cc4db8a8a5b

SHA256
541f70c67fd1ff1c7830234dd191e44b69ba7244348d482c78c239944d2f2c0c

SHA512
5f3432898df42739b9ab9f63291e7d8b0f447e5875703d2130aafe48eb04930ac75c5b77d04db19f7782d4514e847fb87d6ef76fcfb8ae3d868c19558f22c4b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionCheckpoints.json

Filesize
228B

MD5
a0821bc1a142e3b5bca852e1090c9f2c

SHA1
e51beb8731e990129d965ddb60530d198c73825f

SHA256
db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2

SHA512
997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
e51e9a9beabd82bf6195a9f11c4d6480

SHA1
eeb0d58751d392e525437a704785e952b7a1a368

SHA256
5fd615c2b06655a58efebd58648b3d91a036b560d56820e29f809e6ca89dccd6

SHA512
95beb07b37a63ac383184c13fe3f6568415521ed09b869a9be116a8402a660ac667f406a1408914b4d760347a1fb4f368182d7bae4f6a5a0cbf0a9cc80dab963

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
5f61141a2ddb87a0d5bcff36aeef7684

SHA1
14e8ade629c73a839e9fb0178a5181f5f8738556

SHA256
85d0c3325ae7a5815b7cd342282b94e85a86db94bf72a4f17e783fcf40a84662

SHA512
49f0960e2b3675014e919f812a988220fdbd901543c3e8f5cc28089467e30562910a0b02a1e2c86ca4885a06673bb9c6dd060cd43fc2252424862f365377cde8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
19d13ebd16973d56ef155430a03ecd9e

SHA1
e9f70dfb6cbb758096b47341f4e475c760d9f436

SHA256
0edb81b70b73229dd614fe0d78dd1e087ed32c0c26eb7713700305d1024c35c0

SHA512
1c4385e21ea00a6373f9ce5d97f955a9030c3d3c1fb2324e9f9c721513e3d323807cc429c250ea889646b76ebd92970a58a246ea3058707fe02a4a0cb0de2b09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
bbc334b027f21b319df088b06b820bef

SHA1
d73088c44887c6c35d5ae6ebd186bf4a62b3aac6

SHA256
9144b73d3ea36a6636d58913ae1448d54227dc08e3b05a8e2157cdf75418f3a4

SHA512
a875e5b76d26109fc96b5e3ef64441f83c40813c2f1868f91069e2c650fa46a53912a92f1cf02fdb44d5b61530b44fe5f03caff79a4c632077314cf20543d7e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
1d2e310a47e9805ddcfa4641af7a4d15

SHA1
625acdf9a1bb9929eb4473ccf9e50bbed863b436

SHA256
29ba1408b91cebae7daaa1db65a2b4c9d021740168439017a6db942c79e5e533

SHA512
0196e06e700252982375574665c2bb1ff5f6f252c4f89d0d5fac2e9cf658a1a79ee049856ebc6f19047eada6a87fd891ae46db1063fe1407405c8fdcc589328d

Download Submit
C:\Users\Admin\Downloads\Everything-1.4.1.1024.x86-Setup.exe

Filesize
1.7MB

MD5
f55d52d5d690a8e1b2df9217bc3ddfdf

SHA1
0e45d3a28cc096dc7edc1208f7428d66335df11a

SHA256
59f57803fa5235075c3e470e1006905a61236e491bb75a599d862cafcfbb529f

SHA512
4101015760dd2b1d9cbf9586802e610bbe6f74b73bc5dbb4391417afe8fa20762a84b04cd15019b54107d8ad0e4fc523f25403482431dd53aec3d07a4b217941

Download Submit
C:\Users\Admin\Downloads\Everything-1.P5BTnbCL.4.1.1024.x86-Setup.exe.part

Filesize
27KB

MD5
46eceace97b37ab9d284d0f1260e5170

SHA1
156000b8cb9693a279dc7998338aeb8cd81b8d95

SHA256
02fe65864b1d99be90a8861cf968d09957c90ae3f87894e6bd68c78e2ff7d5c3

SHA512
6e71f0c5ff065104d902e24af098d1282eb23174ad7c8548da1bde1d49052135c7624fee3c468c24b75268a1e6059b962746988b2a07d69136a7c69a3f3bc9cf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads