9d543df8d1d705870da23de3f9a43f467fe998836fd00d7ffff1ea3c4701e5f9

Analysis

max time kernel
150s
max time network
21s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
14-12-2024 13:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55f8e0ef95c316591d64a7bf1bf6ce7b.exe
Size

5.6MB
MD5

55f8e0ef95c316591d64a7bf1bf6ce7b
SHA1

53a4f3375799babd0fcc08190a925b467e7fede7
SHA256

9d543df8d1d705870da23de3f9a43f467fe998836fd00d7ffff1ea3c4701e5f9
SHA512

f9bec2a6ee0ca7050c735d62b6be35d732269085a4f92c5720495ec6171ed40d887276f69da978487f08c48690e66f360fffc66a9d8e7cbb4fed04ebd0666ee0
SSDEEP

98304:aGl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6Uc/:adOuK6mn9NzgMoYkSIvUcwti7TQlvci6

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2324	55f8e0ef95c316591d64a7bf1bf6ce7b.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	raw.githubusercontent.com
4	raw.githubusercontent.com

Enumerates processes with tasklist 1 TTPs 64 IoCs

discovery

Process Discovery

T1057

pid	Process
916	tasklist.exe
1536	tasklist.exe
2332	tasklist.exe
2836	tasklist.exe
552	tasklist.exe
900	tasklist.exe
2024	tasklist.exe
2412	tasklist.exe
2916	tasklist.exe
1920	tasklist.exe
916	tasklist.exe
2748	tasklist.exe
1904	tasklist.exe
1652	tasklist.exe
1740	tasklist.exe
3036	tasklist.exe
784	tasklist.exe
2600	tasklist.exe
1988	tasklist.exe
900	tasklist.exe
3032	tasklist.exe
2180	tasklist.exe
888	tasklist.exe
1452	tasklist.exe
1528	tasklist.exe
1564	tasklist.exe
668	tasklist.exe
1596	tasklist.exe
2200	tasklist.exe
2584	tasklist.exe
2836	tasklist.exe
2568	tasklist.exe
2132	tasklist.exe
2428	tasklist.exe
1804	tasklist.exe
2220	tasklist.exe
2484	tasklist.exe
2524	tasklist.exe
2384	tasklist.exe
972	tasklist.exe
2540	tasklist.exe
2820	tasklist.exe
1088	tasklist.exe
2948	tasklist.exe
988	tasklist.exe
624	tasklist.exe
2208	tasklist.exe
2032	tasklist.exe
624	tasklist.exe
3032	tasklist.exe
1912	tasklist.exe
3024	tasklist.exe
2180	tasklist.exe
1676	tasklist.exe
2284	tasklist.exe
2032	tasklist.exe
2284	tasklist.exe
2112	tasklist.exe
2768	tasklist.exe
2456	tasklist.exe
2032	tasklist.exe
1232	tasklist.exe
1680	tasklist.exe
1868	tasklist.exe

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
2216	timeout.exe
2760	timeout.exe
2140	timeout.exe
2368	timeout.exe
1952	timeout.exe
1976	timeout.exe
2660	timeout.exe
2880	timeout.exe
1372	timeout.exe
2628	timeout.exe
1820	timeout.exe
2028	timeout.exe
2188	timeout.exe
604	timeout.exe
2220	timeout.exe
1580	timeout.exe
1880	timeout.exe
2884	timeout.exe
2916	timeout.exe
2084	timeout.exe
1464	timeout.exe
1796	timeout.exe
2828	timeout.exe
2832	timeout.exe
2932	timeout.exe
2684	timeout.exe
1072	timeout.exe
780	timeout.exe
1456	timeout.exe
264	timeout.exe
336	timeout.exe
1332	timeout.exe
2932	timeout.exe
1000	timeout.exe
2984	timeout.exe
1036	timeout.exe
2340	timeout.exe
2112	timeout.exe
1988	timeout.exe
1088	timeout.exe
2324	timeout.exe
448	timeout.exe
2936	timeout.exe
108	timeout.exe
1212	timeout.exe
3008	timeout.exe
2620	timeout.exe
488	timeout.exe
1784	timeout.exe
1220	timeout.exe
2552	timeout.exe
1676	timeout.exe
544	timeout.exe
3008	timeout.exe
2248	timeout.exe
2072	timeout.exe
1664	timeout.exe
2940	timeout.exe
2872	timeout.exe
784	timeout.exe
1896	timeout.exe
2624	timeout.exe
1948	timeout.exe
2964	timeout.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2324	55f8e0ef95c316591d64a7bf1bf6ce7b.exe
2324	55f8e0ef95c316591d64a7bf1bf6ce7b.exe
2324	55f8e0ef95c316591d64a7bf1bf6ce7b.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2324	55f8e0ef95c316591d64a7bf1bf6ce7b.exe
Token: SeDebugPrivilege	2684	tasklist.exe
Token: SeDebugPrivilege	2472	tasklist.exe
Token: SeDebugPrivilege	2568	tasklist.exe
Token: SeDebugPrivilege	1100	tasklist.exe
Token: SeDebugPrivilege	1424	tasklist.exe
Token: SeDebugPrivilege	2284	tasklist.exe
Token: SeDebugPrivilege	624	tasklist.exe
Token: SeDebugPrivilege	2032	tasklist.exe
Token: SeDebugPrivilege	1680	tasklist.exe
Token: SeDebugPrivilege	2832	tasklist.exe
Token: SeDebugPrivilege	2824	tasklist.exe
Token: SeDebugPrivilege	1408	tasklist.exe
Token: SeDebugPrivilege	1904	tasklist.exe
Token: SeDebugPrivilege	1556	tasklist.exe
Token: SeDebugPrivilege	1868	tasklist.exe
Token: SeDebugPrivilege	3020	tasklist.exe
Token: SeDebugPrivilege	2072	tasklist.exe
Token: SeDebugPrivilege	1596	tasklist.exe
Token: SeDebugPrivilege	2296	tasklist.exe
Token: SeDebugPrivilege	1820	tasklist.exe
Token: SeDebugPrivilege	3064	tasklist.exe
Token: SeDebugPrivilege	784	tasklist.exe
Token: SeDebugPrivilege	2624	tasklist.exe
Token: SeDebugPrivilege	2208	tasklist.exe
Token: SeDebugPrivilege	2140	tasklist.exe
Token: SeDebugPrivilege	2220	tasklist.exe
Token: SeDebugPrivilege	2132	tasklist.exe
Token: SeDebugPrivilege	3032	tasklist.exe
Token: SeDebugPrivilege	2540	tasklist.exe
Token: SeDebugPrivilege	2572	tasklist.exe
Token: SeDebugPrivilege	2468	tasklist.exe
Token: SeDebugPrivilege	2560	tasklist.exe
Token: SeDebugPrivilege	2112	tasklist.exe
Token: SeDebugPrivilege	2760	tasklist.exe
Token: SeDebugPrivilege	1676	tasklist.exe
Token: SeDebugPrivilege	1636	tasklist.exe
Token: SeDebugPrivilege	2840	tasklist.exe
Token: SeDebugPrivilege	1276	tasklist.exe
Token: SeDebugPrivilege	2828	tasklist.exe
Token: SeDebugPrivilege	2820	tasklist.exe
Token: SeDebugPrivilege	2484	tasklist.exe
Token: SeDebugPrivilege	3044	tasklist.exe
Token: SeDebugPrivilege	2376	tasklist.exe
Token: SeDebugPrivilege	1912	tasklist.exe
Token: SeDebugPrivilege	2012	tasklist.exe
Token: SeDebugPrivilege	1656	tasklist.exe
Token: SeDebugPrivilege	2096	tasklist.exe
Token: SeDebugPrivilege	1536	tasklist.exe
Token: SeDebugPrivilege	888	tasklist.exe
Token: SeDebugPrivilege	684	tasklist.exe
Token: SeDebugPrivilege	1520	tasklist.exe
Token: SeDebugPrivilege	336	tasklist.exe
Token: SeDebugPrivilege	2768	tasklist.exe
Token: SeDebugPrivilege	2332	tasklist.exe
Token: SeDebugPrivilege	3024	tasklist.exe
Token: SeDebugPrivilege	988	tasklist.exe
Token: SeDebugPrivilege	2068	tasklist.exe
Token: SeDebugPrivilege	812	tasklist.exe
Token: SeDebugPrivilege	2200	tasklist.exe
Token: SeDebugPrivilege	2600	tasklist.exe
Token: SeDebugPrivilege	2580	tasklist.exe
Token: SeDebugPrivilege	2456	tasklist.exe
Token: SeDebugPrivilege	2944	tasklist.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2664	2324	55f8e0ef95c316591d64a7bf1bf6ce7b.exe	29
PID 2324 wrote to memory of 2664	2324	55f8e0ef95c316591d64a7bf1bf6ce7b.exe	29
PID 2324 wrote to memory of 2664	2324	55f8e0ef95c316591d64a7bf1bf6ce7b.exe	29
PID 2664 wrote to memory of 2728	2664	cmd.exe	31
PID 2664 wrote to memory of 2728	2664	cmd.exe	31
PID 2664 wrote to memory of 2728	2664	cmd.exe	31
PID 2664 wrote to memory of 2684	2664	cmd.exe	32
PID 2664 wrote to memory of 2684	2664	cmd.exe	32
PID 2664 wrote to memory of 2684	2664	cmd.exe	32
PID 2664 wrote to memory of 2688	2664	cmd.exe	33
PID 2664 wrote to memory of 2688	2664	cmd.exe	33
PID 2664 wrote to memory of 2688	2664	cmd.exe	33
PID 2664 wrote to memory of 2468	2664	cmd.exe	35
PID 2664 wrote to memory of 2468	2664	cmd.exe	35
PID 2664 wrote to memory of 2468	2664	cmd.exe	35
PID 2664 wrote to memory of 2472	2664	cmd.exe	36
PID 2664 wrote to memory of 2472	2664	cmd.exe	36
PID 2664 wrote to memory of 2472	2664	cmd.exe	36
PID 2664 wrote to memory of 2544	2664	cmd.exe	37
PID 2664 wrote to memory of 2544	2664	cmd.exe	37
PID 2664 wrote to memory of 2544	2664	cmd.exe	37
PID 2664 wrote to memory of 1328	2664	cmd.exe	38
PID 2664 wrote to memory of 1328	2664	cmd.exe	38
PID 2664 wrote to memory of 1328	2664	cmd.exe	38
PID 2664 wrote to memory of 2568	2664	cmd.exe	39
PID 2664 wrote to memory of 2568	2664	cmd.exe	39
PID 2664 wrote to memory of 2568	2664	cmd.exe	39
PID 2664 wrote to memory of 1932	2664	cmd.exe	40
PID 2664 wrote to memory of 1932	2664	cmd.exe	40
PID 2664 wrote to memory of 1932	2664	cmd.exe	40
PID 2664 wrote to memory of 2112	2664	cmd.exe	41
PID 2664 wrote to memory of 2112	2664	cmd.exe	41
PID 2664 wrote to memory of 2112	2664	cmd.exe	41
PID 2664 wrote to memory of 1100	2664	cmd.exe	42
PID 2664 wrote to memory of 1100	2664	cmd.exe	42
PID 2664 wrote to memory of 1100	2664	cmd.exe	42
PID 2664 wrote to memory of 2956	2664	cmd.exe	43
PID 2664 wrote to memory of 2956	2664	cmd.exe	43
PID 2664 wrote to memory of 2956	2664	cmd.exe	43
PID 2664 wrote to memory of 2760	2664	cmd.exe	44
PID 2664 wrote to memory of 2760	2664	cmd.exe	44
PID 2664 wrote to memory of 2760	2664	cmd.exe	44
PID 2664 wrote to memory of 1424	2664	cmd.exe	45
PID 2664 wrote to memory of 1424	2664	cmd.exe	45
PID 2664 wrote to memory of 1424	2664	cmd.exe	45
PID 2664 wrote to memory of 448	2664	cmd.exe	46
PID 2664 wrote to memory of 448	2664	cmd.exe	46
PID 2664 wrote to memory of 448	2664	cmd.exe	46
PID 2664 wrote to memory of 1676	2664	cmd.exe	47
PID 2664 wrote to memory of 1676	2664	cmd.exe	47
PID 2664 wrote to memory of 1676	2664	cmd.exe	47
PID 2664 wrote to memory of 2284	2664	cmd.exe	48
PID 2664 wrote to memory of 2284	2664	cmd.exe	48
PID 2664 wrote to memory of 2284	2664	cmd.exe	48
PID 2664 wrote to memory of 2248	2664	cmd.exe	49
PID 2664 wrote to memory of 2248	2664	cmd.exe	49
PID 2664 wrote to memory of 2248	2664	cmd.exe	49
PID 2664 wrote to memory of 1636	2664	cmd.exe	50
PID 2664 wrote to memory of 1636	2664	cmd.exe	50
PID 2664 wrote to memory of 1636	2664	cmd.exe	50
PID 2664 wrote to memory of 624	2664	cmd.exe	51
PID 2664 wrote to memory of 624	2664	cmd.exe	51
PID 2664 wrote to memory of 624	2664	cmd.exe	51
PID 2664 wrote to memory of 1748	2664	cmd.exe	52

C:\Users\Admin\AppData\Local\Temp\55f8e0ef95c316591d64a7bf1bf6ce7b.exe
"C:\Users\Admin\AppData\Local\Temp\55f8e0ef95c316591d64a7bf1bf6ce7b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp7CED.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp7CED.tmp.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Windows\system32\chcp.com
    chcp 65001
    3⤵
    PID:2728
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2684
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2688
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2468
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2472
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2544
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1328
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2568
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1932
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2112
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1100
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2956
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2760
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1424
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:448
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1676
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2284
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2248
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1636
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:624
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1748
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2932
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2032
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:772
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1084
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1680
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1888
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2412
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2832
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1336
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1220
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2824
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1428
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2916
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1408
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2228
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1988
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1904
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2004
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1896
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1556
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2428
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1944
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1868
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2892
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:3004
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3020
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2180
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1064
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2072
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2736
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2880
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1596
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1536
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:552
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2296
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:888
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2712
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1820
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1400
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1796
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3064
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1740
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:540
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:784
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:336
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2900
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2624
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2768
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2320
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2208
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2332
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:544
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2140
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1620
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1504
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2220
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1548
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1088
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2132
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2528
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2068
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:1920
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1580
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1664
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:3032
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:3060
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:3008
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2540
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2556
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2324
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2572
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2728
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2684
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2468
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2616
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2544
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2560
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:864
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2940
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2112
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1892
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2488
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2760
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2028
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:448
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1676
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2040
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2248
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1636
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1668
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1748
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2840
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1272
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1372
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1276
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2292
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2628
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2828
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1092
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:604
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2820
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:816
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1000
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2484
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2380
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2936
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3044
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1988
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1904
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2376
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1896
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2872
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1912
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:776
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2084
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2012
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1672
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:3020
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1656
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1064
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2072
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2096
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2880
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1804
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1536
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:552
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1464
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:888
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2712
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1820
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:684
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1796
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:3064
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1520
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:540
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:784
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:336
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2232
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2624
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2768
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2632
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2304
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2332
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:544
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2140
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:3024
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1504
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2220
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:988
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1088
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2368
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2068
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1684
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1580
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:812
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2732
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2308
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2200
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2316
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2184
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2600
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2756
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2572
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2580
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2584
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2612
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2456
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2988
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2560
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2944
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2940
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2112
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2956
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1036
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2028
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:448
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2284
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1720
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:624
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1572
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1784
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:2032
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1756
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2964
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:916
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1124
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1952
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:1452
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2752
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2828
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:2748
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:604
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1220
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:2836
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1000
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2484
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:1232
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2936
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:3044
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:1988
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2004
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1808
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:1896
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2872
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:3068
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2428
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2084
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2012
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:2384
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:3020
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1656
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:1560
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2072
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2096
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2880
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1596
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:356
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:552
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1464
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1532
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:900
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1820
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:264
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:1400
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:3064
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1520
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:1740
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:784
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:336
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2232
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1876
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1880
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2632
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2304
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1332
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:2208
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2140
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2104
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:1620
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2220
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1948
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:1088
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2528
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1688
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2068
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2908
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2660
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2576
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:3060
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:3008
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2316
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2556
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2324
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2756
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2728
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1928
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:2584
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2616
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2544
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2568
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2644
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:328
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:3052
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:236
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2928
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2112
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2128
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1036
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:3036
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1600
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2264
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:2284
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1692
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1704
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:624
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2272
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2804
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:2032
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2860
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1372
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:916
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1124
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2444
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:2524
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2036
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:108
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2752
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1724
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1336
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:1528
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1092
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1956
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:2836
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:816
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1992
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:668
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2380
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2884
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:1904
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2376
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1556
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2872
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2968
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1072
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:1568
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2084
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1940
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:2180
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:3020
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1212
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:1560
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2072
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:920
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2880
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1596
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1660
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:1864
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1196
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1872
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:900
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1820
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:780
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2856
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:3064
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1884
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:1740
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:784
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2340
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2232
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1876
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1016
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:1160
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2320
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:868
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2208
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2140
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2976
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:1552
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2132
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1584
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:1564
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1088
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2552
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:3032
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2068
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2588
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2540
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2308
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2800
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2452
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2316
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2620
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2492
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2756
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2016
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:2948
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2584
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2560
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:1300
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2988
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1976
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2952
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1932
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:440
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:2024
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2112
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1060
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:1676
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:3036
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1668
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:836
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2284
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2932
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:1784
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1572
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1456
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:936
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1756
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1004
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2464
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2440
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2832
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:2412
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2504
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2008
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:1168
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2108
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2188
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:2916
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2820
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1908
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:1000
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1324
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2372
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2256
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:668
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:296
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:1624
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1904
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:1696
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:1652
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1912
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2216
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:2428
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:776
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:2888
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:2180
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:3020
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:896
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:972
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1064
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2984
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    - Enumerates processes with tasklist
    PID:1804
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:1536
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:380
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:1464
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:888
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:488
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2324"
    3⤵
    PID:2704
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2712
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    PID:276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp7CED.tmp.bat

Filesize
322B

MD5
a5ee25d8e2d3b393c2f5339cb7c94630

SHA1
fcdb3b9b12658efbe531e7548f0996d1d9eec003

SHA256
b64caa7e6a4c9a64b0e045a1572f60a705453f73ba8a55a6c4b114b3f24bd609

SHA512
52b0d07e91269b6b6dc241a29d72751633e4f38688bd5df5f56493ccfdf3d8c4afbbb5900446df5de8b49aafae30e755b7d7f3d3e96693613ea6ce3fc9425e82

Download Submit
\Users\Admin\AppData\Local\Temp\Costura\A54E036D2DCD19384E8EA53862E0DD8F\64\sqlite.interop.dll

Filesize
1.7MB

MD5
65ccd6ecb99899083d43f7c24eb8f869

SHA1
27037a9470cc5ed177c0b6688495f3a51996a023

SHA256
aba67c7e6c01856838b8bc6b0ba95e864e1fdcb3750aa7cdc1bc73511cea6fe4

SHA512
533900861fe36cf78b614d6a7ce741ff1172b41cbd5644b4a9542e6ca42702e6fbfb12f0fbaae8f5992320870a15e90b4f7bf180705fc9839db433413860be6d

Download Submit
memory/2324-0-0x000007FEF64B3000-0x000007FEF64B4000-memory.dmp

Filesize
4KB

Download
memory/2324-1-0x0000000000A90000-0x0000000001028000-memory.dmp

Filesize
5.6MB

Download
memory/2324-6-0x000007FEF64B0000-0x000007FEF6E9C000-memory.dmp

Filesize
9.9MB

Download
memory/2324-9-0x000007FEF64B0000-0x000007FEF6E9C000-memory.dmp

Filesize
9.9MB

Download