Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
14-12-2024 12:06
Static task
static1
Behavioral task
behavioral1
Sample
a129d94c366e0caa9a024b5846031b331b5ea7526915299cac3c60c0a79fdde9.exe
Resource
win7-20241023-en
General
-
Target
a129d94c366e0caa9a024b5846031b331b5ea7526915299cac3c60c0a79fdde9.exe
-
Size
5.6MB
-
MD5
1d0701d8fdc16df25fa0249b59aab042
-
SHA1
6028426f7e0a712a1aeae28d986337aafae26abe
-
SHA256
a129d94c366e0caa9a024b5846031b331b5ea7526915299cac3c60c0a79fdde9
-
SHA512
f1e2cf861b86af37094192c7d110640c630944cee00542c7133fce703584e4ed08a3dae76c0c1afd30c4890e66d482fcc17c1eeb434ec711586c7ff0130c9e17
-
SSDEEP
98304:tJRl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6UcA:tWOuK6mn9NzgMoYkSIvUcwti7TQlvciP
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2312 a129d94c366e0caa9a024b5846031b331b5ea7526915299cac3c60c0a79fdde9.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 6 raw.githubusercontent.com 7 raw.githubusercontent.com -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 4 ip-api.com -
Enumerates processes with tasklist 1 TTPs 64 IoCs
pid Process 2852 tasklist.exe 2676 tasklist.exe 3012 tasklist.exe 408 tasklist.exe 2600 tasklist.exe 1860 tasklist.exe 1248 tasklist.exe 1608 tasklist.exe 572 tasklist.exe 2324 tasklist.exe 2984 tasklist.exe 2624 tasklist.exe 2036 tasklist.exe 2104 tasklist.exe 2872 tasklist.exe 1956 tasklist.exe 912 tasklist.exe 2236 tasklist.exe 1448 tasklist.exe 1572 tasklist.exe 2844 tasklist.exe 1680 tasklist.exe 1876 tasklist.exe 2580 tasklist.exe 1984 tasklist.exe 1868 tasklist.exe 1040 tasklist.exe 2496 tasklist.exe 1036 tasklist.exe 1604 tasklist.exe 1912 tasklist.exe 380 tasklist.exe 1992 tasklist.exe 1240 tasklist.exe 1868 tasklist.exe 2204 tasklist.exe 1104 tasklist.exe 600 tasklist.exe 2704 tasklist.exe 2960 tasklist.exe 2328 tasklist.exe 1312 tasklist.exe 704 tasklist.exe 1744 tasklist.exe 1660 tasklist.exe 2172 tasklist.exe 2808 tasklist.exe 1436 tasklist.exe 2044 tasklist.exe 584 tasklist.exe 704 tasklist.exe 1852 tasklist.exe 2744 tasklist.exe 1836 tasklist.exe 2504 tasklist.exe 2824 tasklist.exe 496 tasklist.exe 1040 tasklist.exe 2864 tasklist.exe 1776 tasklist.exe 1240 tasklist.exe 2088 tasklist.exe 2320 tasklist.exe 916 tasklist.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Delays execution with timeout.exe 64 IoCs
pid Process 1920 timeout.exe 1608 timeout.exe 1736 timeout.exe 632 timeout.exe 1788 timeout.exe 1568 timeout.exe 2136 timeout.exe 1388 timeout.exe 2940 timeout.exe 1728 timeout.exe 2476 timeout.exe 1800 timeout.exe 2716 timeout.exe 296 timeout.exe 2568 timeout.exe 704 timeout.exe 688 timeout.exe 2892 timeout.exe 2764 timeout.exe 2280 timeout.exe 2252 timeout.exe 1524 timeout.exe 2648 timeout.exe 1908 timeout.exe 2368 timeout.exe 2876 timeout.exe 496 timeout.exe 2212 timeout.exe 1688 timeout.exe 2312 timeout.exe 2792 timeout.exe 3032 timeout.exe 2636 timeout.exe 2892 timeout.exe 2600 timeout.exe 2816 timeout.exe 776 timeout.exe 880 timeout.exe 2752 timeout.exe 3028 timeout.exe 1684 timeout.exe 1956 timeout.exe 1164 timeout.exe 2464 timeout.exe 2852 timeout.exe 1740 timeout.exe 2104 timeout.exe 2468 timeout.exe 1524 timeout.exe 1008 timeout.exe 2436 timeout.exe 1928 timeout.exe 2032 timeout.exe 1168 timeout.exe 1988 timeout.exe 1648 timeout.exe 2332 timeout.exe 2728 timeout.exe 2064 timeout.exe 2556 timeout.exe 892 timeout.exe 1356 timeout.exe 1452 timeout.exe 2748 timeout.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 2312 a129d94c366e0caa9a024b5846031b331b5ea7526915299cac3c60c0a79fdde9.exe 2312 a129d94c366e0caa9a024b5846031b331b5ea7526915299cac3c60c0a79fdde9.exe 2312 a129d94c366e0caa9a024b5846031b331b5ea7526915299cac3c60c0a79fdde9.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 2312 a129d94c366e0caa9a024b5846031b331b5ea7526915299cac3c60c0a79fdde9.exe Token: SeDebugPrivilege 2452 tasklist.exe Token: SeDebugPrivilege 1912 tasklist.exe Token: SeDebugPrivilege 2988 tasklist.exe Token: SeDebugPrivilege 2800 tasklist.exe Token: SeDebugPrivilege 2764 tasklist.exe Token: SeDebugPrivilege 2320 tasklist.exe Token: SeDebugPrivilege 1944 tasklist.exe Token: SeDebugPrivilege 1644 tasklist.exe Token: SeDebugPrivilege 2580 tasklist.exe Token: SeDebugPrivilege 1956 tasklist.exe Token: SeDebugPrivilege 1368 tasklist.exe Token: SeDebugPrivilege 3016 tasklist.exe Token: SeDebugPrivilege 2276 tasklist.exe Token: SeDebugPrivilege 2204 tasklist.exe Token: SeDebugPrivilege 584 tasklist.exe Token: SeDebugPrivilege 408 tasklist.exe Token: SeDebugPrivilege 912 tasklist.exe Token: SeDebugPrivilege 1104 tasklist.exe Token: SeDebugPrivilege 2316 tasklist.exe Token: SeDebugPrivilege 1004 tasklist.exe Token: SeDebugPrivilege 1696 tasklist.exe Token: SeDebugPrivilege 1984 tasklist.exe Token: SeDebugPrivilege 608 tasklist.exe Token: SeDebugPrivilege 2556 tasklist.exe Token: SeDebugPrivilege 600 tasklist.exe Token: SeDebugPrivilege 1044 tasklist.exe Token: SeDebugPrivilege 1744 tasklist.exe Token: SeDebugPrivilege 2768 tasklist.exe Token: SeDebugPrivilege 1660 tasklist.exe Token: SeDebugPrivilege 2548 tasklist.exe Token: SeDebugPrivilege 2960 tasklist.exe Token: SeDebugPrivilege 2852 tasklist.exe Token: SeDebugPrivilege 2708 tasklist.exe Token: SeDebugPrivilege 2496 tasklist.exe Token: SeDebugPrivilege 1836 tasklist.exe Token: SeDebugPrivilege 2344 tasklist.exe Token: SeDebugPrivilege 556 tasklist.exe Token: SeDebugPrivilege 1940 tasklist.exe Token: SeDebugPrivilege 2600 tasklist.exe Token: SeDebugPrivilege 1792 tasklist.exe Token: SeDebugPrivilege 340 tasklist.exe Token: SeDebugPrivilege 2864 tasklist.exe Token: SeDebugPrivilege 2260 tasklist.exe Token: SeDebugPrivilege 2236 tasklist.exe Token: SeDebugPrivilege 1868 tasklist.exe Token: SeDebugPrivilege 1448 tasklist.exe Token: SeDebugPrivilege 704 tasklist.exe Token: SeDebugPrivilege 1872 tasklist.exe Token: SeDebugPrivilege 1860 tasklist.exe Token: SeDebugPrivilege 916 tasklist.exe Token: SeDebugPrivilege 572 tasklist.exe Token: SeDebugPrivilege 2528 tasklist.exe Token: SeDebugPrivilege 564 tasklist.exe Token: SeDebugPrivilege 1112 tasklist.exe Token: SeDebugPrivilege 1072 tasklist.exe Token: SeDebugPrivilege 1572 tasklist.exe Token: SeDebugPrivilege 1748 tasklist.exe Token: SeDebugPrivilege 1776 tasklist.exe Token: SeDebugPrivilege 2420 tasklist.exe Token: SeDebugPrivilege 2844 tasklist.exe Token: SeDebugPrivilege 2824 tasklist.exe Token: SeDebugPrivilege 2704 tasklist.exe Token: SeDebugPrivilege 1588 tasklist.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2312 wrote to memory of 2380 2312 a129d94c366e0caa9a024b5846031b331b5ea7526915299cac3c60c0a79fdde9.exe 31 PID 2312 wrote to memory of 2380 2312 a129d94c366e0caa9a024b5846031b331b5ea7526915299cac3c60c0a79fdde9.exe 31 PID 2312 wrote to memory of 2380 2312 a129d94c366e0caa9a024b5846031b331b5ea7526915299cac3c60c0a79fdde9.exe 31 PID 2380 wrote to memory of 2972 2380 cmd.exe 33 PID 2380 wrote to memory of 2972 2380 cmd.exe 33 PID 2380 wrote to memory of 2972 2380 cmd.exe 33 PID 2380 wrote to memory of 2452 2380 cmd.exe 34 PID 2380 wrote to memory of 2452 2380 cmd.exe 34 PID 2380 wrote to memory of 2452 2380 cmd.exe 34 PID 2380 wrote to memory of 2420 2380 cmd.exe 35 PID 2380 wrote to memory of 2420 2380 cmd.exe 35 PID 2380 wrote to memory of 2420 2380 cmd.exe 35 PID 2380 wrote to memory of 2892 2380 cmd.exe 37 PID 2380 wrote to memory of 2892 2380 cmd.exe 37 PID 2380 wrote to memory of 2892 2380 cmd.exe 37 PID 2380 wrote to memory of 1912 2380 cmd.exe 38 PID 2380 wrote to memory of 1912 2380 cmd.exe 38 PID 2380 wrote to memory of 1912 2380 cmd.exe 38 PID 2380 wrote to memory of 2828 2380 cmd.exe 39 PID 2380 wrote to memory of 2828 2380 cmd.exe 39 PID 2380 wrote to memory of 2828 2380 cmd.exe 39 PID 2380 wrote to memory of 2940 2380 cmd.exe 40 PID 2380 wrote to memory of 2940 2380 cmd.exe 40 PID 2380 wrote to memory of 2940 2380 cmd.exe 40 PID 2380 wrote to memory of 2988 2380 cmd.exe 41 PID 2380 wrote to memory of 2988 2380 cmd.exe 41 PID 2380 wrote to memory of 2988 2380 cmd.exe 41 PID 2380 wrote to memory of 2928 2380 cmd.exe 42 PID 2380 wrote to memory of 2928 2380 cmd.exe 42 PID 2380 wrote to memory of 2928 2380 cmd.exe 42 PID 2380 wrote to memory of 1920 2380 cmd.exe 43 PID 2380 wrote to memory of 1920 2380 cmd.exe 43 PID 2380 wrote to memory of 1920 2380 cmd.exe 43 PID 2380 wrote to memory of 2800 2380 cmd.exe 44 PID 2380 wrote to memory of 2800 2380 cmd.exe 44 PID 2380 wrote to memory of 2800 2380 cmd.exe 44 PID 2380 wrote to memory of 2952 2380 cmd.exe 45 PID 2380 wrote to memory of 2952 2380 cmd.exe 45 PID 2380 wrote to memory of 2952 2380 cmd.exe 45 PID 2380 wrote to memory of 2752 2380 cmd.exe 46 PID 2380 wrote to memory of 2752 2380 cmd.exe 46 PID 2380 wrote to memory of 2752 2380 cmd.exe 46 PID 2380 wrote to memory of 2764 2380 cmd.exe 47 PID 2380 wrote to memory of 2764 2380 cmd.exe 47 PID 2380 wrote to memory of 2764 2380 cmd.exe 47 PID 2380 wrote to memory of 2012 2380 cmd.exe 48 PID 2380 wrote to memory of 2012 2380 cmd.exe 48 PID 2380 wrote to memory of 2012 2380 cmd.exe 48 PID 2380 wrote to memory of 1648 2380 cmd.exe 49 PID 2380 wrote to memory of 1648 2380 cmd.exe 49 PID 2380 wrote to memory of 1648 2380 cmd.exe 49 PID 2380 wrote to memory of 2320 2380 cmd.exe 50 PID 2380 wrote to memory of 2320 2380 cmd.exe 50 PID 2380 wrote to memory of 2320 2380 cmd.exe 50 PID 2380 wrote to memory of 1812 2380 cmd.exe 51 PID 2380 wrote to memory of 1812 2380 cmd.exe 51 PID 2380 wrote to memory of 1812 2380 cmd.exe 51 PID 2380 wrote to memory of 1692 2380 cmd.exe 52 PID 2380 wrote to memory of 1692 2380 cmd.exe 52 PID 2380 wrote to memory of 1692 2380 cmd.exe 52 PID 2380 wrote to memory of 1944 2380 cmd.exe 53 PID 2380 wrote to memory of 1944 2380 cmd.exe 53 PID 2380 wrote to memory of 1944 2380 cmd.exe 53 PID 2380 wrote to memory of 2044 2380 cmd.exe 54
Processes
-
C:\Users\Admin\AppData\Local\Temp\a129d94c366e0caa9a024b5846031b331b5ea7526915299cac3c60c0a79fdde9.exe"C:\Users\Admin\AppData\Local\Temp\a129d94c366e0caa9a024b5846031b331b5ea7526915299cac3c60c0a79fdde9.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2312 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpD4BD.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpD4BD.tmp.bat2⤵
- Suspicious use of WriteProcessMemory
PID:2380 -
C:\Windows\system32\chcp.comchcp 650013⤵PID:2972
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2452
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2420
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2892
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1912
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2828
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2940
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2988
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2928
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1920
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2800
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2952
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2752
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2764
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2012
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1648
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2320
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1812
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1692
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1944
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2044
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1728
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1644
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1528
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2748
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2580
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1216
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1168
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1956
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1948
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2004
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1368
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1560
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2980
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3016
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2560
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:3012
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2276
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2272
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2292
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2204
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2432
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2124
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:584
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1624
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:496
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:408
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1144
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2104
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:912
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2308
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1988
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1104
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1364
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2656
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2316
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2300
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1240
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1004
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1148
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1700
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1696
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:924
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1820
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1984
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1544
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1796
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:608
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2552
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:296
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2556
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1116
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2468
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:600
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1508
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2076
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1044
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2572
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1608
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1744
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2160
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:3028
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2768
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1760
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1800
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1660
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2084
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:3048
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2548
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2832
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2892
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2960
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:3040
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2820
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2852
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1752
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2736
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2708
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2700
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2760
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2496
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2740
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1648
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1836
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1340
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2576
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2344
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1788
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1736
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:556
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1524
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2676
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1940
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1164
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1040
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2600
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2588
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1248
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1792
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1956
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1684
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:340
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2776
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2996
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2864
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:3000
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2248
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2260
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2276
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2212
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2236
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2244
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1672
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1868
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1480
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1052
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1448
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:408
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1688
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:704
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:912
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:632
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1872
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1104
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:688
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1860
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1028
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:112
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:916
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1200
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2464
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:572
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1696
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2516
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2528
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1984
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1908
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:564
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2608
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1492
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1112
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:536
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1716
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1072
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:892
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2064
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:2504
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1764
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2476
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1572
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2532
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2332
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1748
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:844
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2312
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1776
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2596
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2452
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2420
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2548
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2792
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2844
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2796
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2988
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2824
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2856
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2800
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2704
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2732
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2764
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1588
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1436
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2136
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2576
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2044
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1788
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:1736
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1528
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1524
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:2676
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1876
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1164
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:1040
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1724
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2588
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:1248
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2004
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1956
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:1684
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2728
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1968
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2288
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:3012
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2788
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:2328
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2292
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2280
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:1036
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2124
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1048
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:496
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:584
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1052
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:2104
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1144
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:852
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:1988
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2308
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1864
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:1680
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1364
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2032
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:1240
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2296
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:548
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:1700
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1148
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2464
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2480
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:924
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2488
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:1016
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1544
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2132
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:380
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1924
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1008
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2404
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1344
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:776
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:1604
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:316
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2064
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:1608
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2144
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2388
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:2324
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:3028
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2632
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:2172
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2376
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2972
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:652
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2840
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2884
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2452
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2912
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2828
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:3036
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2976
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2792
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:2984
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2820
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2568
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2744
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2736
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2852
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2336
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2072
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2068
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:1852
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:940
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1812
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:1992
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1648
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2436
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2880
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1076
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:644
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:1736
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1528
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1928
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2676
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1876
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2600
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:1784
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1040
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1740
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:1248
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2004
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:788
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2916
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1336
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1824
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2728
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1968
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1568
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:880
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2224
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2252
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2292
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2456
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1636
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2636
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:296
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1268
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:1624
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:584
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:484
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:2088
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1144
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:704
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:2624
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2484
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1872
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:1556
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2524
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1860
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:1240
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2296
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:972
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:1700
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1148
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1396
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2480
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:924
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:720
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:1016
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1544
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:608
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:380
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1924
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2556
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:1112
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2404
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:892
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:888
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1512
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:576
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2504
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2572
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2368
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2324
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:3028
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1800
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2172
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2376
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2816
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:3048
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2084
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:3032
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:1312
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2408
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2420
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2832
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2540
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2936
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2984
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2820
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2952
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:2744
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2736
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1356
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:2808
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2760
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1916
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:944
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2708
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2136
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:1436
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1588
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2028
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:2044
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1076
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1524
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:1728
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1504
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2648
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:1876
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1168
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2876
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:1040
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1792
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1452
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2004
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:788
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2716
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:2872
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2992
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2728
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2288
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2304
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:880
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:3012
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2252
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2248
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2272
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1636
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:2636
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:1868
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1100
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:584
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:448
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1808
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:1144
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:704
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:968
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:2484
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:2656
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2040
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:688
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵
- Enumerates processes with tasklist
PID:2036
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:1004
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵
- Delays execution with timeout.exe
PID:1388
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:972
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:572
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:992
-
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2312"3⤵PID:1396
-
-
C:\Windows\system32\find.exefind ":"3⤵PID:2216
-
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak3⤵PID:924
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
286B
MD5abae94632828f7515c95ec0b676795ad
SHA1fd03bcff1bdb13d496a211a02c2f6cc39308ee87
SHA2560031a4f0ffa46f9fcc8b374c84bbdfbf8f4fb93428a6e6dd622f437730599c13
SHA51283a03e76298a939154cfaa952123adfbaa3945c0cf00edde3b2a75d7bab8c931091c9aca04c7f1711a7ad2bc464592fa60afc222fd76a6133864329513c96383
-
Filesize
1.7MB
MD565ccd6ecb99899083d43f7c24eb8f869
SHA127037a9470cc5ed177c0b6688495f3a51996a023
SHA256aba67c7e6c01856838b8bc6b0ba95e864e1fdcb3750aa7cdc1bc73511cea6fe4
SHA512533900861fe36cf78b614d6a7ce741ff1172b41cbd5644b4a9542e6ca42702e6fbfb12f0fbaae8f5992320870a15e90b4f7bf180705fc9839db433413860be6d