d19d78137a0b253b3747093745d14efe55e55e2a90d4dc746bed58396ccb706e

Resubmissions

19/08/2024, 00:01

240819-aa131awarj 1

18/08/2024, 23:59

240818-312fnswamn 1

Analysis

max time kernel
54s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 23:59

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

haha.bat
Size

32B
MD5

4fa20417df4e4fadad2002dff38672ef
SHA1

af1eec2e3164235d3dea758224f06ec818a95b28
SHA256

d19d78137a0b253b3747093745d14efe55e55e2a90d4dc746bed58396ccb706e
SHA512

bd1f834811edc0bb3d0d294562aa014312673ab0c1eeded3a08110331d9447914fc4fc345d45998b3432a57bb0d247e6bab93a19a03b58d9c6901b4b869a8497

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2476	2344	cmd.exe	85
PID 2344 wrote to memory of 2476	2344	cmd.exe	85
PID 2344 wrote to memory of 4836	2344	cmd.exe	86
PID 2344 wrote to memory of 4836	2344	cmd.exe	86
PID 2344 wrote to memory of 4808	2344	cmd.exe	88
PID 2344 wrote to memory of 4808	2344	cmd.exe	88
PID 4836 wrote to memory of 2712	4836	cmd.exe	89
PID 4836 wrote to memory of 2712	4836	cmd.exe	89
PID 2344 wrote to memory of 5044	2344	cmd.exe	90
PID 2344 wrote to memory of 5044	2344	cmd.exe	90
PID 2344 wrote to memory of 2776	2344	cmd.exe	92
PID 2344 wrote to memory of 2776	2344	cmd.exe	92
PID 4836 wrote to memory of 4156	4836	cmd.exe	93
PID 4836 wrote to memory of 4156	4836	cmd.exe	93
PID 4836 wrote to memory of 2788	4836	cmd.exe	95
PID 4836 wrote to memory of 2788	4836	cmd.exe	95
PID 5044 wrote to memory of 3068	5044	cmd.exe	96
PID 5044 wrote to memory of 3068	5044	cmd.exe	96
PID 4156 wrote to memory of 768	4156	cmd.exe	97
PID 4156 wrote to memory of 768	4156	cmd.exe	97
PID 4836 wrote to memory of 5040	4836	cmd.exe	98
PID 4836 wrote to memory of 5040	4836	cmd.exe	98
PID 2344 wrote to memory of 5008	2344	cmd.exe	99
PID 2344 wrote to memory of 5008	2344	cmd.exe	99
PID 4836 wrote to memory of 184	4836	cmd.exe	100
PID 4836 wrote to memory of 184	4836	cmd.exe	100
PID 2344 wrote to memory of 4984	2344	cmd.exe	103
PID 2344 wrote to memory of 4984	2344	cmd.exe	103
PID 5040 wrote to memory of 4704	5040	cmd.exe	104
PID 5040 wrote to memory of 4704	5040	cmd.exe	104
PID 5008 wrote to memory of 1684	5008	cmd.exe	105
PID 5008 wrote to memory of 1684	5008	cmd.exe	105
PID 5044 wrote to memory of 2852	5044	cmd.exe	106
PID 5044 wrote to memory of 2852	5044	cmd.exe	106
PID 5044 wrote to memory of 4612	5044	cmd.exe	107
PID 5044 wrote to memory of 4612	5044	cmd.exe	107
PID 5040 wrote to memory of 3244	5040	cmd.exe	109
PID 5040 wrote to memory of 3244	5040	cmd.exe	109
PID 5040 wrote to memory of 1576	5040	cmd.exe	111
PID 5040 wrote to memory of 1576	5040	cmd.exe	111
PID 2852 wrote to memory of 4380	2852	cmd.exe	112
PID 2852 wrote to memory of 4380	2852	cmd.exe	112
PID 4156 wrote to memory of 3232	4156	cmd.exe	113
PID 4156 wrote to memory of 3232	4156	cmd.exe	113
PID 4156 wrote to memory of 392	4156	cmd.exe	115
PID 4156 wrote to memory of 392	4156	cmd.exe	115
PID 3244 wrote to memory of 2092	3244	cmd.exe	116
PID 3244 wrote to memory of 2092	3244	cmd.exe	116
PID 4836 wrote to memory of 2044	4836	cmd.exe	117
PID 4836 wrote to memory of 2044	4836	cmd.exe	117
PID 5040 wrote to memory of 2108	5040	cmd.exe	118
PID 5040 wrote to memory of 2108	5040	cmd.exe	118
PID 4836 wrote to memory of 4948	4836	cmd.exe	119
PID 4836 wrote to memory of 4948	4836	cmd.exe	119
PID 5040 wrote to memory of 3968	5040	cmd.exe	122
PID 5040 wrote to memory of 3968	5040	cmd.exe	122
PID 3232 wrote to memory of 1584	3232	cmd.exe	123
PID 3232 wrote to memory of 1584	3232	cmd.exe	123
PID 2344 wrote to memory of 3992	2344	cmd.exe	124
PID 2344 wrote to memory of 3992	2344	cmd.exe	124
PID 2344 wrote to memory of 1736	2344	cmd.exe	126
PID 2344 wrote to memory of 1736	2344	cmd.exe	126
PID 4156 wrote to memory of 3420	4156	cmd.exe	127
PID 4156 wrote to memory of 3420	4156	cmd.exe	127

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\haha.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Windows\system32\tree.com
  tree
  2⤵
  PID:2476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K haha.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4836
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:2712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4156
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:768
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3232
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:1584
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:4752
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:3016
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:3708
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:5620
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:5536
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:8964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        8⤵
        
        PID:13860
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:8944
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:13800
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:15320
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:14244
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:5268
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:6036
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:6516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:9268
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:8728
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:10252
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:6496
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:9584
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:10540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:6100
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:6500
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:10604
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:4404
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:1452
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:4340
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:6972
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:7136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:8680
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:6868
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        8⤵
        
        PID:14324
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:9428
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:7000
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:6900
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:11352
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:7260
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:4624
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:7164
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:7440
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:10580
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:12504
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:11696
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:3276
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:6432
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:11544
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:8268
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:8384
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:13728
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:3276
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:10144
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:12132
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:392
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:3420
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:1092
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:4480
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:5944
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:8576
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:9332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:14696
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:9280
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:14708
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:5112
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:7528
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:5812
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:12884
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:14140
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:9136
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:4100
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:12708
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:14200
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:8404
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:1572
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:4268
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:5288
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:6044
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:6560
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:7616
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:5940
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:13128
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:9552
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:13560
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:8048
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:6888
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:10848
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:4052
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:6424
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:7076
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:7292
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:9724
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:10192
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:10680
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:7260
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:3948
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:7748
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:12220
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:2352
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:5336
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:5788
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:8056
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:8456
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:6004
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:14484
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:13648
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:8692
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:8480
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:14572
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:5380
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:7908
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:8640
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:10984
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:12012
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:11920
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:8404
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:6688
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:15124
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:2788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5040
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:4704
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3244
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:2092
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:2404
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:1464
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:4572
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:5952
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:8448
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:9180
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        8⤵
        
        PID:14688
        
        C:\Windows\system32\tree.com
        
        tree
        9⤵
        
        PID:10396
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:6576
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:14852
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:5744
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:5616
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:6828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:2280
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:7540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        8⤵
        
        PID:11680
        
        C:\Windows\system32\tree.com
        
        tree
        9⤵
        
        PID:12564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        9⤵
        
        PID:8984
        
        C:\Windows\system32\tree.com
        
        tree
        10⤵
        
        PID:9516
        
        C:\Windows\system32\tree.com
        
        tree
        9⤵
        
        PID:14356
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:12428
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:7700
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:12176
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:12876
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:12592
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:6744
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:9992
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:10244
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:11116
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:832
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:4532
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:5628
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:6212
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:6488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:6772
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:7208
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        8⤵
        
        PID:9440
        
        C:\Windows\system32\tree.com
        
        tree
        9⤵
        
        PID:10456
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:10388
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:5324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:10880
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:11448
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:11876
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:6816
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:6952
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:11012
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:7344
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:5656
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:4308
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:9124
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:14232
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:6192
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:9328
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:6724
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:1576
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:2108
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:2684
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:1268
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:264
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:7216
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:7504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:11388
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:12060
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:11740
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:7596
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:11472
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:12112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:15024
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:7756
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:1256
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:4380
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:5532
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:8064
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:8768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:6572
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:15048
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:8744
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:13412
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:15292
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:2524
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:6992
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:7340
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:7332
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:12212
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:12192
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:7348
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:10632
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:11716
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:11672
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:3968
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:444
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:1296
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:2776
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:5516
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:5888
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:6296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:9200
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:10236
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        8⤵
        
        PID:6800
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:10064
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:5920
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:6928
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:7412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:9912
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:10828
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:10976
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:7276
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:7592
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:12228
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:12080
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:5356
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:3436
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:6528
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:8176
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:8856
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:13404
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:9892
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:15280
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:5232
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:12612
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:13388
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:8612
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:6576
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:9464
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:10496
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:10484
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:15040
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:3108
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:4556
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:4428
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:3512
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:1988
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:5808
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:5516
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:6412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:14000
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:6740
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:6660
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:6812
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:5720
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:5640
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:6640
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:7868
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:5928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:13228
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:12112
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:14028
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:8340
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:8516
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:14036
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:7296
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:5964
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:9024
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:10144
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:9888
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:12156
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:1936
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:4360
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:5604
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:5820
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:8832
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:11016
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:11564
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:11912
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:8920
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:13868
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:2572
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:5648
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:5652
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:9160
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:14240
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:9140
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:12604
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:8916
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:4472
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:184
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:2044
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:552
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:2720
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:5636
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:6220
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:6908
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:10128
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:7304
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:11256
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:6808
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:6836
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:6796
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:10068
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:9956
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:5676
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:5600
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:6368
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:264
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:7724
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:12028
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:12648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:8868
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:15140
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:11720
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:12044
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:7572
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:11928
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:12956
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:12520
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:6620
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:6720
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:6724
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:14900
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:6816
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:14920
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:4948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:4988
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:1988
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:1404
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:5968
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:8320
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:7296
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:14508
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:6296
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:14620
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:10144
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:4940
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:5696
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:5736
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:6736
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:8900
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:10220
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:13592
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:14832
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:9852
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:6988
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:6724
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:9972
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:636
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:11108
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:2432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:1572
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:5612
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:6356
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:6836
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:6516
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:8052
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:7012
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:6940
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:6916
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:9980
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:10660
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:11096
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:5752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:8188
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:8884
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:13572
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:9888
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:9188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:6840
- C:\Windows\system32\tree.com
  tree
  2⤵
  PID:4808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K haha.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5044
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:3068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2852
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:4380
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:3076
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:1060
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:1556
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:5912
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:8284
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:9048
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:13836
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:9564
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:12016
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:6860
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:3088
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:7688
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:5780
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:12756
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:14284
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:3236
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:552
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:12716
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:14076
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:8936
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:5068
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:5280
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:5816
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:7996
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:8424
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:9252
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:10268
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:6400
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:8512
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:13100
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:7336
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:13972
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:5880
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:6204
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:6900
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:9940
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:10444
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:11036
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:6796
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:10084
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:10904
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:11196
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:4612
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:4524
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:852
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:4408
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:5984
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:7124
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:7448
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:9632
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:10672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        7⤵
        
        PID:13268
        
        C:\Windows\system32\tree.com
        
        tree
        8⤵
        
        PID:12188
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:14124
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:10596
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:7380
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:11056
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:12020
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:11952
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:5684
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:6644
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:9168
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:14172
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:8892
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:13580
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:736
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:424
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:3980
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:4640
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:3016
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:5936
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:8316
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:7292
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:14728
        
        C:\Windows\system32\tree.com
        
        tree
        7⤵
        
        PID:11872
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:11276
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:6520
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:14164
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:5664
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:5276
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:8984
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:13916
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:14256
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:8864
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:13928
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:15344
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:6796
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:1556
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:3636
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:5240
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:7808
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:5764
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:8736
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:9512
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:15272
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:9548
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:15156
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:5860
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:13092
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:7468
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:13908
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:4704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:5064
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2432
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:5960
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:6288
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:6684
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:9472
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:10464
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:10408
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:6884
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:10212
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:7424
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:7384
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:3964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:7472
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:5876
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:13004
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:14292
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:13436
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:7180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:12760
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:14132
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:9004
- C:\Windows\system32\tree.com
  tree
  2⤵
  PID:2776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K haha.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5008
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:1684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:1420
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:1772
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:6028
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:6648
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:6692
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:8952
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        6⤵
        
        PID:14052
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:1676
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:8912
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:13472
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:15248
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:6552
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:9592
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:10664
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:11664
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:12984
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:12340
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:10512
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:3484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:4520
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:5260
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:7784
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:6584
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:12868
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:14180
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:8884
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:6004
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:13108
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:10520
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:13176
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:5588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:6016
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:6584
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:7804
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:9152
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:9776
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:10472
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:10724
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:8936
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:13500
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:6400
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:6568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:9240
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:10420
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:6936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:11328
- C:\Windows\system32\tree.com
  tree
  2⤵
  PID:4984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K haha.bat
  2⤵
  PID:3992
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:3524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:3300
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:3068
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:6232
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:2524
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:7512
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K haha.bat
        5⤵
        
        PID:11960
      - C:\Windows\system32\tree.com
        
        tree
        6⤵
        
        PID:13020
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:12680
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:6400
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:5324
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:1000
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:9096
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:3132
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:7144
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:7456
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:11756
    - - C:\Windows\system32\tree.com
        
        tree
        5⤵
        
        PID:12696
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:12512
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:7424
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:11688
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:12992
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:12348
- C:\Windows\system32\tree.com
  tree
  2⤵
  PID:1736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K haha.bat
  2⤵
  PID:1196
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:5928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:8396
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:7416
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K haha.bat
      4⤵
      PID:14500
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:6604
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:14644
- C:\Windows\system32\tree.com
  tree
  2⤵
  PID:1980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K haha.bat
  2⤵
  PID:7520
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:8132
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K haha.bat
    3⤵
    PID:12532
  - - C:\Windows\system32\tree.com
      tree
      4⤵
      PID:13188
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:10840
- C:\Windows\system32\tree.com
  tree
  2⤵
  PID:8096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K haha.bat
  2⤵
  PID:10364
- - C:\Windows\system32\tree.com
    tree
    3⤵
    PID:11600
- C:\Windows\system32\tree.com
  tree
  2⤵
  PID:11500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/636-5-0x00007FFF16290000-0x00007FFF1634E000-memory.dmp

Filesize
760KB

Download
memory/636-3-0x00007FFF167F0000-0x00007FFF169E5000-memory.dmp

Filesize
2.0MB

Download
memory/6816-2-0x00007FFF167F0000-0x00007FFF169E5000-memory.dmp

Filesize
2.0MB

Download
memory/12060-0-0x00007FFF108C0000-0x00007FFF108CE000-memory.dmp

Filesize
56KB

Download
memory/15272-1-0x00007FF732270000-0x00007FF7322D7000-memory.dmp

Filesize
412KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads