34443c63e5b3678dfd5df2e83fb1c70dcad8fbaa658a25bcde512e216e8d4a1c

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13-12-2024 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

5.6MB
MD5

3442efc1a403eaeee70cc2a6729ee87b
SHA1

9fcc1af6ba397c0fcfb979af53e2e76c406e6080
SHA256

34443c63e5b3678dfd5df2e83fb1c70dcad8fbaa658a25bcde512e216e8d4a1c
SHA512

869bf4a24dbafe05a43872c6ff0ff437685df6dba97519fc1a58ce96ea2166a01162a77043f4ff52d488301e3d7f34f7c9c71cfa19b4ebad512a626c8ca43dca
SSDEEP

98304:tJRl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6UcG:tWOuK6mn9NzgMoYkSIvUcwti7TQlvcih

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2312	file.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
7	raw.githubusercontent.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
4	ip-api.com

Enumerates processes with tasklist 1 TTPs 64 IoCs

discovery

Process Discovery

T1057

pid	Process
604	tasklist.exe
2016	tasklist.exe
2416	tasklist.exe
1520	tasklist.exe
2360	tasklist.exe
1648	tasklist.exe
2204	tasklist.exe
2124	tasklist.exe
296	tasklist.exe
2100	tasklist.exe
3024	tasklist.exe
2308	tasklist.exe
1076	tasklist.exe
1744	tasklist.exe
2616	tasklist.exe
1604	tasklist.exe
1936	tasklist.exe
1772	tasklist.exe
1440	tasklist.exe
2808	tasklist.exe
2516	tasklist.exe
2252	tasklist.exe
856	tasklist.exe
2956	tasklist.exe
880	tasklist.exe
892	tasklist.exe
2404	tasklist.exe
2504	tasklist.exe
1864	tasklist.exe
1532	tasklist.exe
1928	tasklist.exe
1972	tasklist.exe
2240	tasklist.exe
776	tasklist.exe
1868	tasklist.exe
2200	tasklist.exe
2280	tasklist.exe
1808	tasklist.exe
2308	tasklist.exe
328	tasklist.exe
1592	tasklist.exe
376	tasklist.exe
2336	tasklist.exe
2644	tasklist.exe
2860	tasklist.exe
776	tasklist.exe
2744	tasklist.exe
1104	tasklist.exe
1752	tasklist.exe
1644	tasklist.exe
2472	tasklist.exe
1948	tasklist.exe
604	tasklist.exe
904	tasklist.exe
2348	tasklist.exe
3028	tasklist.exe
1880	tasklist.exe
2688	tasklist.exe
2976	tasklist.exe
1712	tasklist.exe
2348	tasklist.exe
2068	tasklist.exe
820	tasklist.exe
2044	tasklist.exe

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
1712	timeout.exe
2292	timeout.exe
2564	timeout.exe
2348	timeout.exe
2064	timeout.exe
2480	timeout.exe
2844	timeout.exe
844	timeout.exe
1944	timeout.exe
1720	timeout.exe
3000	timeout.exe
1104	timeout.exe
1604	timeout.exe
2720	timeout.exe
1700	timeout.exe
2476	timeout.exe
2008	timeout.exe
540	timeout.exe
2652	timeout.exe
1820	timeout.exe
976	timeout.exe
356	timeout.exe
2224	timeout.exe
2412	timeout.exe
2488	timeout.exe
3004	timeout.exe
896	timeout.exe
1832	timeout.exe
2408	timeout.exe
1128	timeout.exe
2152	timeout.exe
1712	timeout.exe
1736	timeout.exe
2560	timeout.exe
1628	timeout.exe
2172	timeout.exe
3012	timeout.exe
3020	timeout.exe
2328	timeout.exe
2880	timeout.exe
692	timeout.exe
2788	timeout.exe
3044	timeout.exe
1924	timeout.exe
2648	timeout.exe
2216	timeout.exe
3008	timeout.exe
296	timeout.exe
948	timeout.exe
2112	timeout.exe
1520	timeout.exe
2768	timeout.exe
2636	timeout.exe
2304	timeout.exe
2952	timeout.exe
2560	timeout.exe
2748	timeout.exe
1944	timeout.exe
860	timeout.exe
2556	timeout.exe
2664	timeout.exe
868	timeout.exe
2128	timeout.exe
2396	timeout.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2312	file.exe
2312	file.exe
2312	file.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2312	file.exe
Token: SeDebugPrivilege	2604	tasklist.exe
Token: SeDebugPrivilege	2744	tasklist.exe
Token: SeDebugPrivilege	1076	tasklist.exe
Token: SeDebugPrivilege	1104	tasklist.exe
Token: SeDebugPrivilege	588	tasklist.exe
Token: SeDebugPrivilege	2204	tasklist.exe
Token: SeDebugPrivilege	2184	tasklist.exe
Token: SeDebugPrivilege	1440	tasklist.exe
Token: SeDebugPrivilege	1744	tasklist.exe
Token: SeDebugPrivilege	1760	tasklist.exe
Token: SeDebugPrivilege	1856	tasklist.exe
Token: SeDebugPrivilege	1604	tasklist.exe
Token: SeDebugPrivilege	1936	tasklist.exe
Token: SeDebugPrivilege	2956	tasklist.exe
Token: SeDebugPrivilege	2308	tasklist.exe
Token: SeDebugPrivilege	768	tasklist.exe
Token: SeDebugPrivilege	1880	tasklist.exe
Token: SeDebugPrivilege	2456	tasklist.exe
Token: SeDebugPrivilege	2284	tasklist.exe
Token: SeDebugPrivilege	1084	tasklist.exe
Token: SeDebugPrivilege	1752	tasklist.exe
Token: SeDebugPrivilege	1532	tasklist.exe
Token: SeDebugPrivilege	1724	tasklist.exe
Token: SeDebugPrivilege	3040	tasklist.exe
Token: SeDebugPrivilege	2516	tasklist.exe
Token: SeDebugPrivilege	2512	tasklist.exe
Token: SeDebugPrivilege	2100	tasklist.exe
Token: SeDebugPrivilege	2808	tasklist.exe
Token: SeDebugPrivilege	2796	tasklist.exe
Token: SeDebugPrivilege	2804	tasklist.exe
Token: SeDebugPrivilege	2688	tasklist.exe
Token: SeDebugPrivilege	376	tasklist.exe
Token: SeDebugPrivilege	2336	tasklist.exe
Token: SeDebugPrivilege	1336	tasklist.exe
Token: SeDebugPrivilege	3004	tasklist.exe
Token: SeDebugPrivilege	2116	tasklist.exe
Token: SeDebugPrivilege	2252	tasklist.exe
Token: SeDebugPrivilege	1772	tasklist.exe
Token: SeDebugPrivilege	2644	tasklist.exe
Token: SeDebugPrivilege	2864	tasklist.exe
Token: SeDebugPrivilege	2676	tasklist.exe
Token: SeDebugPrivilege	2140	tasklist.exe
Token: SeDebugPrivilege	1984	tasklist.exe
Token: SeDebugPrivilege	2016	tasklist.exe
Token: SeDebugPrivilege	2240	tasklist.exe
Token: SeDebugPrivilege	2416	tasklist.exe
Token: SeDebugPrivilege	1000	tasklist.exe
Token: SeDebugPrivilege	820	tasklist.exe
Token: SeDebugPrivilege	1868	tasklist.exe
Token: SeDebugPrivilege	1016	tasklist.exe
Token: SeDebugPrivilege	328	tasklist.exe
Token: SeDebugPrivilege	1384	tasklist.exe
Token: SeDebugPrivilege	880	tasklist.exe
Token: SeDebugPrivilege	1520	tasklist.exe
Token: SeDebugPrivilege	2976	tasklist.exe
Token: SeDebugPrivilege	2860	tasklist.exe
Token: SeDebugPrivilege	1592	tasklist.exe
Token: SeDebugPrivilege	2168	tasklist.exe
Token: SeDebugPrivilege	2584	tasklist.exe
Token: SeDebugPrivilege	2044	tasklist.exe
Token: SeDebugPrivilege	3012	tasklist.exe
Token: SeDebugPrivilege	3024	tasklist.exe
Token: SeDebugPrivilege	776	tasklist.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2848	2312	file.exe	30
PID 2312 wrote to memory of 2848	2312	file.exe	30
PID 2312 wrote to memory of 2848	2312	file.exe	30
PID 2848 wrote to memory of 2904	2848	cmd.exe	32
PID 2848 wrote to memory of 2904	2848	cmd.exe	32
PID 2848 wrote to memory of 2904	2848	cmd.exe	32
PID 2848 wrote to memory of 2604	2848	cmd.exe	33
PID 2848 wrote to memory of 2604	2848	cmd.exe	33
PID 2848 wrote to memory of 2604	2848	cmd.exe	33
PID 2848 wrote to memory of 2868	2848	cmd.exe	34
PID 2848 wrote to memory of 2868	2848	cmd.exe	34
PID 2848 wrote to memory of 2868	2848	cmd.exe	34
PID 2848 wrote to memory of 2652	2848	cmd.exe	36
PID 2848 wrote to memory of 2652	2848	cmd.exe	36
PID 2848 wrote to memory of 2652	2848	cmd.exe	36
PID 2848 wrote to memory of 2744	2848	cmd.exe	37
PID 2848 wrote to memory of 2744	2848	cmd.exe	37
PID 2848 wrote to memory of 2744	2848	cmd.exe	37
PID 2848 wrote to memory of 3060	2848	cmd.exe	38
PID 2848 wrote to memory of 3060	2848	cmd.exe	38
PID 2848 wrote to memory of 3060	2848	cmd.exe	38
PID 2848 wrote to memory of 3020	2848	cmd.exe	39
PID 2848 wrote to memory of 3020	2848	cmd.exe	39
PID 2848 wrote to memory of 3020	2848	cmd.exe	39
PID 2848 wrote to memory of 1076	2848	cmd.exe	40
PID 2848 wrote to memory of 1076	2848	cmd.exe	40
PID 2848 wrote to memory of 1076	2848	cmd.exe	40
PID 2848 wrote to memory of 1652	2848	cmd.exe	41
PID 2848 wrote to memory of 1652	2848	cmd.exe	41
PID 2848 wrote to memory of 1652	2848	cmd.exe	41
PID 2848 wrote to memory of 776	2848	cmd.exe	42
PID 2848 wrote to memory of 776	2848	cmd.exe	42
PID 2848 wrote to memory of 776	2848	cmd.exe	42
PID 2848 wrote to memory of 1104	2848	cmd.exe	43
PID 2848 wrote to memory of 1104	2848	cmd.exe	43
PID 2848 wrote to memory of 1104	2848	cmd.exe	43
PID 2848 wrote to memory of 1164	2848	cmd.exe	44
PID 2848 wrote to memory of 1164	2848	cmd.exe	44
PID 2848 wrote to memory of 1164	2848	cmd.exe	44
PID 2848 wrote to memory of 1616	2848	cmd.exe	45
PID 2848 wrote to memory of 1616	2848	cmd.exe	45
PID 2848 wrote to memory of 1616	2848	cmd.exe	45
PID 2848 wrote to memory of 588	2848	cmd.exe	46
PID 2848 wrote to memory of 588	2848	cmd.exe	46
PID 2848 wrote to memory of 588	2848	cmd.exe	46
PID 2848 wrote to memory of 3028	2848	cmd.exe	47
PID 2848 wrote to memory of 3028	2848	cmd.exe	47
PID 2848 wrote to memory of 3028	2848	cmd.exe	47
PID 2848 wrote to memory of 2104	2848	cmd.exe	48
PID 2848 wrote to memory of 2104	2848	cmd.exe	48
PID 2848 wrote to memory of 2104	2848	cmd.exe	48
PID 2848 wrote to memory of 2204	2848	cmd.exe	49
PID 2848 wrote to memory of 2204	2848	cmd.exe	49
PID 2848 wrote to memory of 2204	2848	cmd.exe	49
PID 2848 wrote to memory of 2200	2848	cmd.exe	50
PID 2848 wrote to memory of 2200	2848	cmd.exe	50
PID 2848 wrote to memory of 2200	2848	cmd.exe	50
PID 2848 wrote to memory of 2196	2848	cmd.exe	51
PID 2848 wrote to memory of 2196	2848	cmd.exe	51
PID 2848 wrote to memory of 2196	2848	cmd.exe	51
PID 2848 wrote to memory of 2184	2848	cmd.exe	52
PID 2848 wrote to memory of 2184	2848	cmd.exe	52
PID 2848 wrote to memory of 2184	2848	cmd.exe	52
PID 2848 wrote to memory of 2272	2848	cmd.exe	53

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp866F.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp866F.tmp.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2848
- - C:\Windows\system32\chcp.com
    chcp 65001
    3⤵
    PID:2904
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2604
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2868
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2652
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2744
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:3060
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:3020
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1076
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1652
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:776
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1104
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1164
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1616
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:588
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:3028
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2104
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2204
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2200
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2196
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2184
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2272
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1156
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1440
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1776
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2564
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1744
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:308
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1924
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1760
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1420
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1572
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1856
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:540
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:3032
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1604
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:848
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1944
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1936
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1940
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1820
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2956
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2756
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2448
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2308
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2412
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1092
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:768
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2164
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2428
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1880
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:668
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1700
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2456
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1788
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:948
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2284
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2216
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1528
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1084
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1784
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:976
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1752
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1364
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2320
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1532
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1392
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1712
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1724
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2444
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:896
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3040
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2656
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2348
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2516
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2980
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2064
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2512
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2500
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2396
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2100
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1672
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1596
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2808
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2824
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2928
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2796
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2752
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2720
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2804
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2728
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2648
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2688
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2740
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1920
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:376
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2744
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:536
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2336
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1656
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:860
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1336
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1104
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2228
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3004
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2988
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1832
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2116
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2268
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2408
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2252
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1060
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2328
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1772
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1644
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1128
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2644
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1928
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2880
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2864
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1760
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2892
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2676
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1856
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1988
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2140
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1792
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2560
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1984
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2344
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2556
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2016
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2952
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2480
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2240
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2108
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1692
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2416
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2192
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:692
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1000
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1352
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1628
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:820
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2464
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2436
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1868
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2232
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1720
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1016
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1140
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:356
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:328
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1444
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1808
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1384
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1668
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1712
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:880
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1684
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2364
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1520
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2256
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1540
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2976
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:744
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1200
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2860
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:396
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2504
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1592
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1600
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2932
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2168
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2784
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2832
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2584
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2680
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2752
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2044
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2472
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2780
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3012
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2652
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2748
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:3024
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1256
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:536
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:776
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1652
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:860
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:1616
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1164
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2292
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2972
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2400
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1492
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:3004
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2988
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2188
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:2200
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2156
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1148
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2272
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1040
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1776
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:1772
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1644
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2112
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:1928
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2880
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2864
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:1964
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2892
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:3000
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:1948
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1944
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1608
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:1972
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1820
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1936
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:1980
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2556
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2016
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:804
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1092
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2224
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:2068
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2428
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:768
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:856
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1700
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2152
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:604
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1112
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2456
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:1360
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2436
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1868
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:696
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:976
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1084
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:1376
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2320
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1752
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:3048
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:828
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1532
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:904
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2024
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1324
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:892
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2364
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1520
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:2348
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1488
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:3056
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2064
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2248
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1800
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2396
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2076
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1592
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:1596
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2824
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2820
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:2124
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2832
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1028
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:1500
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2332
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2788
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2044
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2472
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2868
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2696
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2616
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2844
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:3060
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:3024
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:580
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:1076
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:776
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1104
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:296
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1640
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2172
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:3044
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2972
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2664
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:3028
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2236
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2768
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2268
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2200
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2636
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:2404
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1060
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2128
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2712
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:304
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1952
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:1644
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2112
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2876
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:1744
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2492
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:540
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:3032
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1760
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1604
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:1948
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1944
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2304
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2220
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1820
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2956
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:1980
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2556
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2412
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2288
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2952
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2476
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:2360
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:792
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2244
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:692
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1700
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1088
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:604
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1112
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2216
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:448
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2436
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:872
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:2280
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:976
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:944
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:1376
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2320
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1736
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:1808
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:3048
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2008
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:1712
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2444
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2488
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:896
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:892
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2432
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:2348
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1488
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:868
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2064
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2248
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2072
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:2504
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1672
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2808
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:1596
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2824
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2776
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2124
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2832
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:932
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:916
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1028
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1044
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2680
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2788
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2720
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:2472
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2896
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:3012
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:2616
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:376
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:3008
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:3024
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2336
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:844
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:776
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1104
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:296
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:1336
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2172
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:3044
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2972
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2260
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:3004
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:1832
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2768
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2268
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:1648
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2636
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2404
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:1864
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2884
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1776
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:1772
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1768
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1368
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2564
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2876
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1464
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2880
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:540
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:3032
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:1964
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1604
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1944
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2948
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2960
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2560
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    - Enumerates processes with tasklist
    PID:2308
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2352
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2944
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2412
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2164
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2952
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2476
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1212
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:792
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2244
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:820
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1700
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2312"
    3⤵
    PID:2368
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2284
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp866F.tmp.bat

Filesize
286B

MD5
2bc16715f051bb7831aa8cb2f31e6c36

SHA1
09f5a537bcca70d185a16c5fb2e52f7ff84a3367

SHA256
1a3fd6538984d1f7f8499ead93ffd989d5dd3630ae11b4d9b8b51dd01860c6f3

SHA512
1066a7d1b7ddbff4c9b7b8b36534299c24986bde2e142755f1ead6a6ecf2255745cf0e57cf587457f0e63465bc133a9c71c8e28b0b5499a60e127471aa1b3f07

Download Submit
\Users\Admin\AppData\Local\Temp\Costura\A54E036D2DCD19384E8EA53862E0DD8F\64\sqlite.interop.dll

Filesize
1.7MB

MD5
65ccd6ecb99899083d43f7c24eb8f869

SHA1
27037a9470cc5ed177c0b6688495f3a51996a023

SHA256
aba67c7e6c01856838b8bc6b0ba95e864e1fdcb3750aa7cdc1bc73511cea6fe4

SHA512
533900861fe36cf78b614d6a7ce741ff1172b41cbd5644b4a9542e6ca42702e6fbfb12f0fbaae8f5992320870a15e90b4f7bf180705fc9839db433413860be6d

Download Submit
memory/2312-0-0x000007FEF52B3000-0x000007FEF52B4000-memory.dmp

Filesize
4KB

Download
memory/2312-1-0x0000000000090000-0x0000000000632000-memory.dmp

Filesize
5.6MB

Download
memory/2312-6-0x000007FEF52B0000-0x000007FEF5C9C000-memory.dmp

Filesize
9.9MB

Download
memory/2312-10-0x000007FEF52B0000-0x000007FEF5C9C000-memory.dmp

Filesize
9.9MB

Download