Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
14-12-2024 03:08
Static task
static1
Behavioral task
behavioral1
Sample
34443c63e5b3678dfd5df2e83fb1c70dcad8fbaa658a25bcde512e216e8d4a1c.exe
Resource
win7-20240903-en
General
-
Target
34443c63e5b3678dfd5df2e83fb1c70dcad8fbaa658a25bcde512e216e8d4a1c.exe
-
Size
5.6MB
-
MD5
3442efc1a403eaeee70cc2a6729ee87b
-
SHA1
9fcc1af6ba397c0fcfb979af53e2e76c406e6080
-
SHA256
34443c63e5b3678dfd5df2e83fb1c70dcad8fbaa658a25bcde512e216e8d4a1c
-
SHA512
869bf4a24dbafe05a43872c6ff0ff437685df6dba97519fc1a58ce96ea2166a01162a77043f4ff52d488301e3d7f34f7c9c71cfa19b4ebad512a626c8ca43dca
-
SSDEEP
98304:tJRl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6UcG:tWOuK6mn9NzgMoYkSIvUcwti7TQlvcih
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2152 34443c63e5b3678dfd5df2e83fb1c70dcad8fbaa658a25bcde512e216e8d4a1c.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 6 raw.githubusercontent.com 7 raw.githubusercontent.com -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 4 ip-api.com -
Enumerates processes with tasklist 1 TTPs 64 IoCs
pid Process 2944 tasklist.exe 1088 tasklist.exe 1600 tasklist.exe 3020 tasklist.exe 2796 tasklist.exe 2656 tasklist.exe 1688 tasklist.exe 1768 tasklist.exe 2180 tasklist.exe 1532 tasklist.exe 2120 tasklist.exe 2184 tasklist.exe 1428 tasklist.exe 1684 tasklist.exe 1880 tasklist.exe 908 tasklist.exe 1728 tasklist.exe 788 tasklist.exe 564 tasklist.exe 2096 tasklist.exe 2116 tasklist.exe 600 tasklist.exe 2064 tasklist.exe 2400 tasklist.exe 1120 tasklist.exe 2492 tasklist.exe 2564 tasklist.exe 2136 tasklist.exe 280 tasklist.exe 2380 tasklist.exe 3016 tasklist.exe 2244 tasklist.exe 1624 tasklist.exe 2956 tasklist.exe 1044 tasklist.exe 1548 tasklist.exe 616 tasklist.exe 788 tasklist.exe 1084 tasklist.exe 2524 tasklist.exe 2180 tasklist.exe 2300 tasklist.exe 1252 tasklist.exe 2796 tasklist.exe 1128 tasklist.exe 2524 tasklist.exe 444 tasklist.exe 1920 tasklist.exe 296 tasklist.exe 2308 tasklist.exe 3008 tasklist.exe 2844 tasklist.exe 1980 tasklist.exe 2360 tasklist.exe 2292 tasklist.exe 2812 tasklist.exe 2952 tasklist.exe 2612 tasklist.exe 2148 tasklist.exe 2768 tasklist.exe 2464 tasklist.exe 2600 tasklist.exe 2460 tasklist.exe 2440 tasklist.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Delays execution with timeout.exe 64 IoCs
pid Process 2448 timeout.exe 660 timeout.exe 1216 timeout.exe 1480 timeout.exe 2444 timeout.exe 2260 timeout.exe 528 timeout.exe 1836 timeout.exe 2396 timeout.exe 2444 timeout.exe 1952 timeout.exe 1420 timeout.exe 1940 timeout.exe 624 timeout.exe 2260 timeout.exe 1288 timeout.exe 1288 timeout.exe 2680 timeout.exe 3052 timeout.exe 2424 timeout.exe 2816 timeout.exe 1420 timeout.exe 2708 timeout.exe 1628 timeout.exe 3008 timeout.exe 2136 timeout.exe 1544 timeout.exe 396 timeout.exe 444 timeout.exe 2416 timeout.exe 1892 timeout.exe 828 timeout.exe 1528 timeout.exe 2100 timeout.exe 2768 timeout.exe 2812 timeout.exe 1612 timeout.exe 2648 timeout.exe 2896 timeout.exe 2896 timeout.exe 2912 timeout.exe 2296 timeout.exe 1668 timeout.exe 2012 timeout.exe 280 timeout.exe 3000 timeout.exe 2780 timeout.exe 2168 timeout.exe 2616 timeout.exe 2500 timeout.exe 1900 timeout.exe 2756 timeout.exe 2180 timeout.exe 2780 timeout.exe 836 timeout.exe 1308 timeout.exe 1996 timeout.exe 1488 timeout.exe 1656 timeout.exe 2872 timeout.exe 2092 timeout.exe 2936 timeout.exe 2156 timeout.exe 1556 timeout.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 2152 34443c63e5b3678dfd5df2e83fb1c70dcad8fbaa658a25bcde512e216e8d4a1c.exe 2152 34443c63e5b3678dfd5df2e83fb1c70dcad8fbaa658a25bcde512e216e8d4a1c.exe 2152 34443c63e5b3678dfd5df2e83fb1c70dcad8fbaa658a25bcde512e216e8d4a1c.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 2152 34443c63e5b3678dfd5df2e83fb1c70dcad8fbaa658a25bcde512e216e8d4a1c.exe Token: SeDebugPrivilege 2772 tasklist.exe Token: SeDebugPrivilege 3028 tasklist.exe Token: SeDebugPrivilege 2944 tasklist.exe Token: SeDebugPrivilege 2688 tasklist.exe Token: SeDebugPrivilege 2292 tasklist.exe Token: SeDebugPrivilege 1900 tasklist.exe Token: SeDebugPrivilege 2756 tasklist.exe Token: SeDebugPrivilege 2400 tasklist.exe Token: SeDebugPrivilege 2876 tasklist.exe Token: SeDebugPrivilege 1880 tasklist.exe Token: SeDebugPrivilege 1744 tasklist.exe Token: SeDebugPrivilege 2956 tasklist.exe Token: SeDebugPrivilege 1964 tasklist.exe Token: SeDebugPrivilege 264 tasklist.exe Token: SeDebugPrivilege 1724 tasklist.exe Token: SeDebugPrivilege 2480 tasklist.exe Token: SeDebugPrivilege 1364 tasklist.exe Token: SeDebugPrivilege 2352 tasklist.exe Token: SeDebugPrivilege 2180 tasklist.exe Token: SeDebugPrivilege 1532 tasklist.exe Token: SeDebugPrivilege 1536 tasklist.exe Token: SeDebugPrivilege 2136 tasklist.exe Token: SeDebugPrivilege 280 tasklist.exe Token: SeDebugPrivilege 3068 tasklist.exe Token: SeDebugPrivilege 1916 tasklist.exe Token: SeDebugPrivilege 1048 tasklist.exe Token: SeDebugPrivilege 2176 tasklist.exe Token: SeDebugPrivilege 788 tasklist.exe Token: SeDebugPrivilege 3016 tasklist.exe Token: SeDebugPrivilege 2796 tasklist.exe Token: SeDebugPrivilege 2836 tasklist.exe Token: SeDebugPrivilege 2368 tasklist.exe Token: SeDebugPrivilege 2944 tasklist.exe Token: SeDebugPrivilege 2284 tasklist.exe Token: SeDebugPrivilege 2612 tasklist.exe Token: SeDebugPrivilege 2656 tasklist.exe Token: SeDebugPrivilege 2856 tasklist.exe Token: SeDebugPrivilege 1268 tasklist.exe Token: SeDebugPrivilege 2120 tasklist.exe Token: SeDebugPrivilege 1376 tasklist.exe Token: SeDebugPrivilege 3008 tasklist.exe Token: SeDebugPrivilege 1688 tasklist.exe Token: SeDebugPrivilege 1776 tasklist.exe Token: SeDebugPrivilege 1088 tasklist.exe Token: SeDebugPrivilege 540 tasklist.exe Token: SeDebugPrivilege 2460 tasklist.exe Token: SeDebugPrivilege 2524 tasklist.exe Token: SeDebugPrivilege 1684 tasklist.exe Token: SeDebugPrivilege 1044 tasklist.exe Token: SeDebugPrivilege 1772 tasklist.exe Token: SeDebugPrivilege 1728 tasklist.exe Token: SeDebugPrivilege 564 tasklist.exe Token: SeDebugPrivilege 1504 tasklist.exe Token: SeDebugPrivilege 1120 tasklist.exe Token: SeDebugPrivilege 3036 tasklist.exe Token: SeDebugPrivilege 1548 tasklist.exe Token: SeDebugPrivilege 2208 tasklist.exe Token: SeDebugPrivilege 788 tasklist.exe Token: SeDebugPrivilege 2844 tasklist.exe Token: SeDebugPrivilege 2796 tasklist.exe Token: SeDebugPrivilege 2836 tasklist.exe Token: SeDebugPrivilege 2672 tasklist.exe Token: SeDebugPrivilege 2944 tasklist.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2152 wrote to memory of 1464 2152 34443c63e5b3678dfd5df2e83fb1c70dcad8fbaa658a25bcde512e216e8d4a1c.exe 31 PID 2152 wrote to memory of 1464 2152 34443c63e5b3678dfd5df2e83fb1c70dcad8fbaa658a25bcde512e216e8d4a1c.exe 31 PID 2152 wrote to memory of 1464 2152 34443c63e5b3678dfd5df2e83fb1c70dcad8fbaa658a25bcde512e216e8d4a1c.exe 31 PID 1464 wrote to memory of 2792 1464 cmd.exe 33 PID 1464 wrote to memory of 2792 1464 cmd.exe 33 PID 1464 wrote to memory of 2792 1464 cmd.exe 33 PID 1464 wrote to memory of 2772 1464 cmd.exe 34 PID 1464 wrote to memory of 2772 1464 cmd.exe 34 PID 1464 wrote to memory of 2772 1464 cmd.exe 34 PID 1464 wrote to memory of 2780 1464 cmd.exe 35 PID 1464 wrote to memory of 2780 1464 cmd.exe 35 PID 1464 wrote to memory of 2780 1464 cmd.exe 35 PID 1464 wrote to memory of 2168 1464 cmd.exe 37 PID 1464 wrote to memory of 2168 1464 cmd.exe 37 PID 1464 wrote to memory of 2168 1464 cmd.exe 37 PID 1464 wrote to memory of 3028 1464 cmd.exe 38 PID 1464 wrote to memory of 3028 1464 cmd.exe 38 PID 1464 wrote to memory of 3028 1464 cmd.exe 38 PID 1464 wrote to memory of 2684 1464 cmd.exe 39 PID 1464 wrote to memory of 2684 1464 cmd.exe 39 PID 1464 wrote to memory of 2684 1464 cmd.exe 39 PID 1464 wrote to memory of 2596 1464 cmd.exe 40 PID 1464 wrote to memory of 2596 1464 cmd.exe 40 PID 1464 wrote to memory of 2596 1464 cmd.exe 40 PID 1464 wrote to memory of 2944 1464 cmd.exe 41 PID 1464 wrote to memory of 2944 1464 cmd.exe 41 PID 1464 wrote to memory of 2944 1464 cmd.exe 41 PID 1464 wrote to memory of 2592 1464 cmd.exe 42 PID 1464 wrote to memory of 2592 1464 cmd.exe 42 PID 1464 wrote to memory of 2592 1464 cmd.exe 42 PID 1464 wrote to memory of 2616 1464 cmd.exe 43 PID 1464 wrote to memory of 2616 1464 cmd.exe 43 PID 1464 wrote to memory of 2616 1464 cmd.exe 43 PID 1464 wrote to memory of 2688 1464 cmd.exe 44 PID 1464 wrote to memory of 2688 1464 cmd.exe 44 PID 1464 wrote to memory of 2688 1464 cmd.exe 44 PID 1464 wrote to memory of 796 1464 cmd.exe 45 PID 1464 wrote to memory of 796 1464 cmd.exe 45 PID 1464 wrote to memory of 796 1464 cmd.exe 45 PID 1464 wrote to memory of 2448 1464 cmd.exe 46 PID 1464 wrote to memory of 2448 1464 cmd.exe 46 PID 1464 wrote to memory of 2448 1464 cmd.exe 46 PID 1464 wrote to memory of 2292 1464 cmd.exe 47 PID 1464 wrote to memory of 2292 1464 cmd.exe 47 PID 1464 wrote to memory of 2292 1464 cmd.exe 47 PID 1464 wrote to memory of 2032 1464 cmd.exe 48 PID 1464 wrote to memory of 2032 1464 cmd.exe 48 PID 1464 wrote to memory of 2032 1464 cmd.exe 48 PID 1464 wrote to memory of 2952 1464 cmd.exe 49 PID 1464 wrote to memory of 2952 1464 cmd.exe 49 PID 1464 wrote to memory of 2952 1464 cmd.exe 49 PID 1464 wrote to memory of 1900 1464 cmd.exe 50 PID 1464 wrote to memory of 1900 1464 cmd.exe 50 PID 1464 wrote to memory of 1900 1464 cmd.exe 50 PID 1464 wrote to memory of 2884 1464 cmd.exe 51 PID 1464 wrote to memory of 2884 1464 cmd.exe 51 PID 1464 wrote to memory of 2884 1464 cmd.exe 51 PID 1464 wrote to memory of 1612 1464 cmd.exe 52 PID 1464 wrote to memory of 1612 1464 cmd.exe 52 PID 1464 wrote to memory of 1612 1464 cmd.exe 52 PID 1464 wrote to memory of 2756 1464 cmd.exe 53 PID 1464 wrote to memory of 2756 1464 cmd.exe 53 PID 1464 wrote to memory of 2756 1464 cmd.exe 53 PID 1464 wrote to memory of 2864 1464 cmd.exe 54
Processes
-
C:\Users\Admin\AppData\Local\Temp\34443c63e5b3678dfd5df2e83fb1c70dcad8fbaa658a25bcde512e216e8d4a1c.exe"C:\Users\Admin\AppData\Local\Temp\34443c63e5b3678dfd5df2e83fb1c70dcad8fbaa658a25bcde512e216e8d4a1c.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2152 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpF1DE.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpF1DE.tmp.bat2⤵
- Suspicious use of WriteProcessMemory
PID:1464 -
C:\Windows\system32\chcp.comchcp 650013⤵PID:2792
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2772
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2780
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2168
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3028
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2684
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2596
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2944
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2592
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2616
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2688
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:796
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2448
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2292
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2032
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2952
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1900
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2884
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1612
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2756
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2864
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2848
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2400
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1904
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1308
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2876
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2880
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1996
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1880
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1372
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1420
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1744
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:3004
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2968
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2956
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2296
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2212
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1964
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:528
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2664
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:264
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2268
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1600
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1724
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2416
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:660
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2480
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2992
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1236
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1364
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1836
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1668
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2352
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1664
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1488
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2180
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:680
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1624
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1532
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1752
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1720
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1536
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2548
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2500
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2136
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2272
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1708
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:280
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2420
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1216
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3068
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1036
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1656
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1916
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:3024
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2364
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1048
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1800
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2200
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2176
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2092
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2384
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:788
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1636
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2648
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3016
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2224
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2784
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2796
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:3044
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2708
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2836
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2828
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2508
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2368
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2496
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1700
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2944
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2592
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:624
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2284
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2688
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2036
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2612
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1108
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:288
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2656
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2960
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2936
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2856
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2888
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1736
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1268
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2096
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2396
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2120
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2876
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1480
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1376
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2948
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2988
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:3008
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2996
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2872
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1688
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2956
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2540
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1776
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1964
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2012
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1088
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2112
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2552
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:540
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1724
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:828
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2460
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2480
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1288
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2524
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1364
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1692
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1684
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2352
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2444
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1044
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:888
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1528
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1772
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1532
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2156
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1728
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1536
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1468
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:564
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2136
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2360
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1504
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:280
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1556
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1120
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1676
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:864
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3036
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1916
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1576
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1548
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1048
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2184
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2208
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2176
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2100
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:788
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1636
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1628
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2844
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:376
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2772
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2796
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:3044
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2768
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2836
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2828
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2812
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2672
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1412
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2680
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2944
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2912
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2288
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:444
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2312
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2292
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:1108
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1204
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1900
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:2960
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2896
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2756
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:2888
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2916
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1252
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2096
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2748
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2868
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:1920
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1424
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1372
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2116
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2968
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:3008
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2380
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2244
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1304
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:2336
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2664
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:268
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2148
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2468
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:264
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:316
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1896
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:772
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:1980
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1508
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2480
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:1984
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1668
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1932
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:296
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:944
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1952
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:600
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1564
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2180
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:1328
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2084
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:396
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:2076
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:568
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:372
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2492
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1524
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2932
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:616
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2144
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2136
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2360
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:556
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:280
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:1552
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:860
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:3068
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:864
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2364
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1916
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:1576
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2200
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1048
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2184
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2188
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2192
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:912
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2652
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2648
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:788
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1636
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2780
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:3016
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2844
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2260
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2308
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2684
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2816
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2768
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2704
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2828
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2812
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2392
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1412
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2564
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:796
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2912
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2300
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2288
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:444
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:1900
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2668
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2896
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:2756
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1616
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2916
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:1252
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2880
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2748
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2064
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1904
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1420
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:1480
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2948
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1544
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:2608
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2316
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1908
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:2588
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2996
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2872
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2244
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2956
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2540
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:872
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1280
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2124
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:1600
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1780
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2416
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:660
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1724
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:836
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:948
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2460
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1288
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:1668
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1364
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1692
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:1488
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1072
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2444
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:1624
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1956
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:3000
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:1032
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2052
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2548
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:1084
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2328
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:3052
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:2492
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1524
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1892
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:984
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:616
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1940
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:1588
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2360
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2512
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:1556
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1656
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1484
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:2256
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1760
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:3064
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:1576
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2200
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2092
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:2384
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2660
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2792
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:908
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1936
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2424
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:1628
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2320
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2780
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:3020
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2536
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2260
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2796
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2708
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2816
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:2508
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2340
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2828
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:2496
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1700
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2472
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:2040
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2760
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2912
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2952
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1716
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:444
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:2960
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:284
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2896
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:1736
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1144
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2916
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2464
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1380
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2356
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:1428
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1376
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1420
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:1744
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:3004
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2624
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2600
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2968
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2296
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:1688
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2644
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:528
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:1768
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:480
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2540
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:1460
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1088
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2124
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵PID:1832
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:540
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1236
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:1128
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1896
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1836
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2524
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1592
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1672
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:1684
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1608
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:680
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2440
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:944
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1720
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2152"3⤵
- Enumerates processes with tasklist
PID:2180
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1564
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2128
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
286B
MD59c5b9d74cd1faf7591ec446e7a3b0fbd
SHA12e31927fc2003b95602aa70f4b4035c36572d2a8
SHA256cc159e3e7e4191b8dfe1286a4f9d96e1782550d8d82f5a7f7a6f6c07a4219e82
SHA51214de3677f6b13b45d97c85631265e4b638d3d71cdbb9faec09f6e5587ba7d1a254eb14687d2b9e41ce64b47a9189ba8f3f99f21ae60de225f0040926f1f7d572
-
Filesize
1.7MB
MD565ccd6ecb99899083d43f7c24eb8f869
SHA127037a9470cc5ed177c0b6688495f3a51996a023
SHA256aba67c7e6c01856838b8bc6b0ba95e864e1fdcb3750aa7cdc1bc73511cea6fe4
SHA512533900861fe36cf78b614d6a7ce741ff1172b41cbd5644b4a9542e6ca42702e6fbfb12f0fbaae8f5992320870a15e90b4f7bf180705fc9839db433413860be6d