09736cb6459eb75e8ef0849cbde1e3f2daf5f32b3f8d2c9d04872d27b04e3180

Analysis

max time kernel
150s
max time network
127s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

built5.exe
Size

5.6MB
MD5

af665ca613378a7baa5957873e44f012
SHA1

90b5fcd90fe41cbea206882278081ea22407a612
SHA256

09736cb6459eb75e8ef0849cbde1e3f2daf5f32b3f8d2c9d04872d27b04e3180
SHA512

da95438c6698f358f4919c067255ec7016fc76ec0872b5ee860f548f1d4ae851b7a6cd95fe678526f1e742dfef0e1d995cde40cae79231549ccaf8e7af2dbe75
SSDEEP

98304:/itl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6Uc:/zOuK6mn9NzgMoYkSIvUcwti7TQlvciE

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

built5.exe

pid process

2484 built5.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

6 raw.githubusercontent.com
7 raw.githubusercontent.com
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

4 ip-api.com

pid	process
2484	built5.exe

flow	ioc
6	raw.githubusercontent.com
7	raw.githubusercontent.com

flow	ioc
4	ip-api.com

Enumerates processes with tasklist 1 TTPs 64 IoCs

discovery

Process Discovery

T1057

Processes:

tasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exe

pid	process
2364	tasklist.exe
2420	tasklist.exe
2068	tasklist.exe
1332	tasklist.exe
2848	tasklist.exe
2592	tasklist.exe
2460	tasklist.exe
3028	tasklist.exe
2332	tasklist.exe
1088	tasklist.exe
2684	tasklist.exe
1384	tasklist.exe
1604	tasklist.exe
1820	tasklist.exe
2424	tasklist.exe
1012	tasklist.exe
1976	tasklist.exe
972	tasklist.exe
2596	tasklist.exe
2444	tasklist.exe
1552	tasklist.exe
2516	tasklist.exe
2680	tasklist.exe
2296	tasklist.exe
2904	tasklist.exe
1968	tasklist.exe
2460	tasklist.exe
1664	tasklist.exe
2856	tasklist.exe
3040	tasklist.exe
2828	tasklist.exe
1700	tasklist.exe
2108	tasklist.exe
2844	tasklist.exe
1468	tasklist.exe
580	tasklist.exe
2220	tasklist.exe
304	tasklist.exe
2024	tasklist.exe
820	tasklist.exe
1940	tasklist.exe
1808	tasklist.exe
1916	tasklist.exe
1328	tasklist.exe
3044	tasklist.exe
1160	tasklist.exe
360	tasklist.exe
2696	tasklist.exe
2440	tasklist.exe
2552	tasklist.exe
1680	tasklist.exe
1572	tasklist.exe
2992	tasklist.exe
2728	tasklist.exe
1796	tasklist.exe
760	tasklist.exe
2820	tasklist.exe
2312	tasklist.exe
924	tasklist.exe
2308	tasklist.exe
1312	tasklist.exe
2748	tasklist.exe
2624	tasklist.exe
2996	tasklist.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 64 IoCs

evasion

Processes:

timeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exe

pid	process
2624	timeout.exe
2024	timeout.exe
2688	timeout.exe
548	timeout.exe
1056	timeout.exe
2104	timeout.exe
1492	timeout.exe
2824	timeout.exe
1984	timeout.exe
2492	timeout.exe
2384	timeout.exe
1800	timeout.exe
1964	timeout.exe
2068	timeout.exe
2480	timeout.exe
664	timeout.exe
2248	timeout.exe
684	timeout.exe
2680	timeout.exe
1416	timeout.exe
2260	timeout.exe
1824	timeout.exe
956	timeout.exe
1864	timeout.exe
2164	timeout.exe
1580	timeout.exe
2592	timeout.exe
2860	timeout.exe
1380	timeout.exe
3016	timeout.exe
1320	timeout.exe
1680	timeout.exe
3024	timeout.exe
684	timeout.exe
1476	timeout.exe
1908	timeout.exe
2568	timeout.exe
2912	timeout.exe
2780	timeout.exe
2692	timeout.exe
2928	timeout.exe
1600	timeout.exe
1380	timeout.exe
1712	timeout.exe
1476	timeout.exe
1992	timeout.exe
2220	timeout.exe
324	timeout.exe
756	timeout.exe
1932	timeout.exe
2692	timeout.exe
2292	timeout.exe
1544	timeout.exe
2792	timeout.exe
2820	timeout.exe
2348	timeout.exe
2504	timeout.exe
2560	timeout.exe
1700	timeout.exe
1792	timeout.exe
2936	timeout.exe
2928	timeout.exe
2912	timeout.exe
2736	timeout.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

built5.exe

pid process

2484 built5.exe
2484 built5.exe
2484 built5.exe

pid	process
2484	built5.exe
2484	built5.exe
2484	built5.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

built5.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exe

description	pid	process
Token: SeDebugPrivilege	2484	built5.exe
Token: SeDebugPrivilege	2652	tasklist.exe
Token: SeDebugPrivilege	1380	tasklist.exe
Token: SeDebugPrivilege	1916	tasklist.exe
Token: SeDebugPrivilege	3028	tasklist.exe
Token: SeDebugPrivilege	1132	tasklist.exe
Token: SeDebugPrivilege	2312	tasklist.exe
Token: SeDebugPrivilege	2964	tasklist.exe
Token: SeDebugPrivilege	1304	tasklist.exe
Token: SeDebugPrivilege	1160	tasklist.exe
Token: SeDebugPrivilege	2296	tasklist.exe
Token: SeDebugPrivilege	1572	tasklist.exe
Token: SeDebugPrivilege	2096	tasklist.exe
Token: SeDebugPrivilege	2144	tasklist.exe
Token: SeDebugPrivilege	2332	tasklist.exe
Token: SeDebugPrivilege	2464	tasklist.exe
Token: SeDebugPrivilege	1364	tasklist.exe
Token: SeDebugPrivilege	1012	tasklist.exe
Token: SeDebugPrivilege	2012	tasklist.exe
Token: SeDebugPrivilege	1036	tasklist.exe
Token: SeDebugPrivilege	1656	tasklist.exe
Token: SeDebugPrivilege	360	tasklist.exe
Token: SeDebugPrivilege	3040	tasklist.exe
Token: SeDebugPrivilege	2540	tasklist.exe
Token: SeDebugPrivilege	1636	tasklist.exe
Token: SeDebugPrivilege	2420	tasklist.exe
Token: SeDebugPrivilege	1940	tasklist.exe
Token: SeDebugPrivilege	2848	tasklist.exe
Token: SeDebugPrivilege	2756	tasklist.exe
Token: SeDebugPrivilege	2828	tasklist.exe
Token: SeDebugPrivilege	2728	tasklist.exe
Token: SeDebugPrivilege	2344	tasklist.exe
Token: SeDebugPrivilege	1820	tasklist.exe
Token: SeDebugPrivilege	3024	tasklist.exe
Token: SeDebugPrivilege	2304	tasklist.exe
Token: SeDebugPrivilege	1776	tasklist.exe
Token: SeDebugPrivilege	2948	tasklist.exe
Token: SeDebugPrivilege	1968	tasklist.exe
Token: SeDebugPrivilege	2912	tasklist.exe
Token: SeDebugPrivilege	760	tasklist.exe
Token: SeDebugPrivilege	2024	tasklist.exe
Token: SeDebugPrivilege	580	tasklist.exe
Token: SeDebugPrivilege	2164	tasklist.exe
Token: SeDebugPrivilege	2348	tasklist.exe
Token: SeDebugPrivilege	2396	tasklist.exe
Token: SeDebugPrivilege	1928	tasklist.exe
Token: SeDebugPrivilege	2504	tasklist.exe
Token: SeDebugPrivilege	2992	tasklist.exe
Token: SeDebugPrivilege	2460	tasklist.exe
Token: SeDebugPrivilege	1680	tasklist.exe
Token: SeDebugPrivilege	1588	tasklist.exe
Token: SeDebugPrivilege	2592	tasklist.exe
Token: SeDebugPrivilege	3048	tasklist.exe
Token: SeDebugPrivilege	1808	tasklist.exe
Token: SeDebugPrivilege	2264	tasklist.exe
Token: SeDebugPrivilege	1664	tasklist.exe
Token: SeDebugPrivilege	2908	tasklist.exe
Token: SeDebugPrivilege	3060	tasklist.exe
Token: SeDebugPrivilege	1784	tasklist.exe
Token: SeDebugPrivilege	2696	tasklist.exe
Token: SeDebugPrivilege	2660	tasklist.exe
Token: SeDebugPrivilege	2856	tasklist.exe
Token: SeDebugPrivilege	924	tasklist.exe
Token: SeDebugPrivilege	2424	tasklist.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

built5.execmd.exe

description	pid	process	target process
PID 2484 wrote to memory of 2784	2484	built5.exe	cmd.exe
PID 2484 wrote to memory of 2784	2484	built5.exe	cmd.exe
PID 2484 wrote to memory of 2784	2484	built5.exe	cmd.exe
PID 2784 wrote to memory of 2632	2784	cmd.exe	chcp.com
PID 2784 wrote to memory of 2632	2784	cmd.exe	chcp.com
PID 2784 wrote to memory of 2632	2784	cmd.exe	chcp.com
PID 2784 wrote to memory of 2652	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 2652	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 2652	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 2692	2784	cmd.exe	find.exe
PID 2784 wrote to memory of 2692	2784	cmd.exe	find.exe
PID 2784 wrote to memory of 2692	2784	cmd.exe	find.exe
PID 2784 wrote to memory of 2068	2784	cmd.exe	timeout.exe
PID 2784 wrote to memory of 2068	2784	cmd.exe	timeout.exe
PID 2784 wrote to memory of 2068	2784	cmd.exe	timeout.exe
PID 2784 wrote to memory of 1380	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 1380	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 1380	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 2688	2784	cmd.exe	find.exe
PID 2784 wrote to memory of 2688	2784	cmd.exe	find.exe
PID 2784 wrote to memory of 2688	2784	cmd.exe	find.exe
PID 2784 wrote to memory of 1820	2784	cmd.exe	timeout.exe
PID 2784 wrote to memory of 1820	2784	cmd.exe	timeout.exe
PID 2784 wrote to memory of 1820	2784	cmd.exe	timeout.exe
PID 2784 wrote to memory of 1916	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 1916	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 1916	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 2236	2784	cmd.exe	find.exe
PID 2784 wrote to memory of 2236	2784	cmd.exe	find.exe
PID 2784 wrote to memory of 2236	2784	cmd.exe	find.exe
PID 2784 wrote to memory of 3024	2784	cmd.exe	timeout.exe
PID 2784 wrote to memory of 3024	2784	cmd.exe	timeout.exe
PID 2784 wrote to memory of 3024	2784	cmd.exe	timeout.exe
PID 2784 wrote to memory of 3028	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 3028	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 3028	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 3016	2784	cmd.exe	find.exe
PID 2784 wrote to memory of 3016	2784	cmd.exe	find.exe
PID 2784 wrote to memory of 3016	2784	cmd.exe	find.exe
PID 2784 wrote to memory of 2304	2784	cmd.exe	timeout.exe
PID 2784 wrote to memory of 2304	2784	cmd.exe	timeout.exe
PID 2784 wrote to memory of 2304	2784	cmd.exe	timeout.exe
PID 2784 wrote to memory of 1132	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 1132	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 1132	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 2320	2784	cmd.exe	find.exe
PID 2784 wrote to memory of 2320	2784	cmd.exe	find.exe
PID 2784 wrote to memory of 2320	2784	cmd.exe	find.exe
PID 2784 wrote to memory of 1776	2784	cmd.exe	timeout.exe
PID 2784 wrote to memory of 1776	2784	cmd.exe	timeout.exe
PID 2784 wrote to memory of 1776	2784	cmd.exe	timeout.exe
PID 2784 wrote to memory of 2312	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 2312	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 2312	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 2936	2784	cmd.exe	find.exe
PID 2784 wrote to memory of 2936	2784	cmd.exe	find.exe
PID 2784 wrote to memory of 2936	2784	cmd.exe	find.exe
PID 2784 wrote to memory of 2948	2784	cmd.exe	timeout.exe
PID 2784 wrote to memory of 2948	2784	cmd.exe	timeout.exe
PID 2784 wrote to memory of 2948	2784	cmd.exe	timeout.exe
PID 2784 wrote to memory of 2964	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 2964	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 2964	2784	cmd.exe	tasklist.exe
PID 2784 wrote to memory of 1008	2784	cmd.exe	find.exe

C:\Users\Admin\AppData\Local\Temp\built5.exe
"C:\Users\Admin\AppData\Local\Temp\built5.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp69EA.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp69EA.tmp.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Windows\system32\chcp.com
    chcp 65001
    3⤵
    PID:2632
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2652
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2692
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2068
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1380
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2688
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1820
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1916
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2236
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:3024
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:3028
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:3016
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2304
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1132
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2320
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1776
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2312
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2936
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2948
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2964
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1008
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1968
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1304
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1816
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2912
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1160
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2928
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:852
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2296
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2576
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:684
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1572
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1608
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:580
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2096
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:620
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2164
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2144
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2044
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2348
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2332
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2480
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2396
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2464
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2492
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1928
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1364
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1580
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2504
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1012
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:892
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2992
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2012
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:600
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2460
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1036
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1476
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1756
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1656
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1984
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1588
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:360
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1992
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1932
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:3040
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2052
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2584
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2540
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1748
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1020
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1636
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1032
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2528
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2420
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2388
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2248
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1940
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1288
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1792
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2848
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2896
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:3060
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2756
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2792
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2824
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2828
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2820
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2780
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2728
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2080
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2692
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2344
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2068
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1380
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1820
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2276
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2236
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3024
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2300
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:3016
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2304
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2424
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2320
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1776
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:948
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2936
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2948
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2508
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1008
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1968
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:664
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1816
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2912
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1308
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2928
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:760
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1500
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:940
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2024
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:264
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1608
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:580
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2192
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:620
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2164
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1944
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2044
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2348
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2556
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2480
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2396
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2512
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2492
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1928
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1844
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1580
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2504
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:972
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:892
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2992
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1980
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:600
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2460
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2352
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1476
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1680
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2016
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1984
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1588
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:3012
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1992
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2592
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:556
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2220
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3048
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1320
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2548
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1808
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1028
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:324
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2264
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2712
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2292
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1664
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1552
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2384
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2908
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2860
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1544
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3060
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2616
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2792
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1784
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2836
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2776
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2696
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2372
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2624
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2660
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:932
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2688
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2856
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:912
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1800
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:924
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:756
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2124
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2424
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2608
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2680
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:1708
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2972
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2104
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2804
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1008
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1968
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2904
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1816
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2912
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2920
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2928
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:760
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2576
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1600
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2024
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:264
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1608
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:580
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2108
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:620
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2164
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:1796
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2044
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2348
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2364
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2480
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2396
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2496
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2492
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1928
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:976
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2580
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2504
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:972
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:892
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1652
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:1088
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1772
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1972
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2308
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1688
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2028
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:1312
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:360
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1588
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:1456
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2196
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:548
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2596
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2052
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2592
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2220
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2540
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1320
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2548
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1636
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1020
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2420
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2388
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2528
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2748
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1940
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1540
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:1792
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2092
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2860
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2844
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2852
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1824
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2440
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2376
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2820
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:3004
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2736
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2080
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2684
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2652
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2692
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2068
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2344
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:956
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:1916
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2940
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2996
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:1800
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:3036
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:756
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:1700
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2188
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1416
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2944
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2708
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:948
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2104
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1960
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1964
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:572
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2008
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:664
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2912
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1632
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2928
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:760
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:876
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1600
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2024
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2324
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1908
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2412
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1956
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2112
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:1840
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2468
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1396
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2444
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2332
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2560
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:820
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2452
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1864
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:1328
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2496
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1116
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:1012
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1580
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1056
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2012
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:668
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2168
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:1332
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1492
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1680
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:3068
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1476
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1148
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2552
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1984
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2568
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:3044
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1472
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:548
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2536
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1108
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2592
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:1976
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2184
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1320
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:304
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:3000
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:772
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:884
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1724
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2248
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:1552
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1664
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2384
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2908
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:3008
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2832
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2616
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1544
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2232
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2864
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:844
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1620
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2820
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2776
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2736
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2728
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2880
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2652
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2624
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:428
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1252
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:956
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2952
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1380
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2996
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1648
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:3036
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2516
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:756
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1700
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2124
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1416
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2944
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2680
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:948
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2104
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:1968
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:568
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:572
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2916
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:664
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1452
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2152
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:564
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:684
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:752
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1152
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1712
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:1192
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2020
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1608
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:264
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1292
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2108
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:620
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2244
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2260
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2288
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2560
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:820
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:2464
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1864
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1676
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:1384
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1116
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1012
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:1468
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2504
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2012
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:2460
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1972
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1492
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:1680
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1952
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1476
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    PID:1788
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1588
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1984
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2484"
    3⤵
    - Enumerates processes with tasklist
    PID:1604
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp69EA.tmp.bat

Filesize
286B

MD5
f7203f4fce5edb9aba87f9a974736c12

SHA1
ca19d1b3ca09b97128077eff334308ea83fb35a7

SHA256
90a4c86e0f5326026ad3011f62ea65f1412a28655138fc5072a42ab277dff207

SHA512
57e547c13ee51c76436df14ca79d49d87b14af457802a3ed0c68c6bf1d97d87d95075767ec7630748126138352130467dbe897e98131d9d6abfc0492b08bbe57

Download Submit
\Users\Admin\AppData\Local\Temp\Costura\A54E036D2DCD19384E8EA53862E0DD8F\64\sqlite.interop.dll

Filesize
1.7MB

MD5
65ccd6ecb99899083d43f7c24eb8f869

SHA1
27037a9470cc5ed177c0b6688495f3a51996a023

SHA256
aba67c7e6c01856838b8bc6b0ba95e864e1fdcb3750aa7cdc1bc73511cea6fe4

SHA512
533900861fe36cf78b614d6a7ce741ff1172b41cbd5644b4a9542e6ca42702e6fbfb12f0fbaae8f5992320870a15e90b4f7bf180705fc9839db433413860be6d

Download Submit
memory/2484-0-0x000007FEF5F63000-0x000007FEF5F64000-memory.dmp

Filesize
4KB

Download
memory/2484-1-0x0000000000860000-0x0000000000E02000-memory.dmp

Filesize
5.6MB

Download
memory/2484-6-0x000007FEF5F60000-0x000007FEF694C000-memory.dmp

Filesize
9.9MB

Download
memory/2484-10-0x000007FEF5F60000-0x000007FEF694C000-memory.dmp

Filesize
9.9MB

Download