nanocore | 9e1751025908631420ddd8257775bedc2d57becd923a73e488e6b45a7fa69e05

Analysis

max time kernel
150s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-01-2025 21:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe
Size

392KB
MD5

3a9720029c0f5bb91544409a999c9d09
SHA1

0c2e6bcd2117b30496df63bc36c7955a6bfc6635
SHA256

9e1751025908631420ddd8257775bedc2d57becd923a73e488e6b45a7fa69e05
SHA512

8d0af9fa03271b7e2e0c07ad448bebc49351791de44f4d7d3d151bb796f186f190b9823d865dd7c5947e60e2007efc3990b5e4dd965f6bbbe1048a53e8241674
SSDEEP

6144:31+Q6D6DuaHqL6K5bTQpgwjCv9EekXJjfnrCevDYUauHFptA8uDYMrmT8:3/6OaamerCmfZfnme74uHF3A8uDd

Score

10^/10

nanocore discovery evasion keylogger spyware stealer trojan

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

146.255.79.172:6789

omada12.mooo.com:6789

Mutex

f73fa5dc-696f-4685-a6af-b9bb78345ab2

Attributes

activate_away_mode
true
backup_connection_host
omada12.mooo.com
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2018-02-16T23:00:42.179393136Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
true
connect_delay
4000
connection_port
6789
default_group
ANGL
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
f73fa5dc-696f-4685-a6af-b9bb78345ab2
mutex_timeout
5000
prevent_system_sleep
true
primary_connection_host
146.255.79.172
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
true
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Signatures

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore
Nanocore family
nanocore

Executes dropped EXE 2 IoCs

pid	Process
2920	tmp.exe
2612	svhost.exe

Loads dropped DLL 3 IoCs

pid	Process
264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe
264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe
264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	tmp.exe

Enumerates processes with tasklist 1 TTPs 64 IoCs

discovery

Process Discovery

T1057

pid	Process
11968	Process not Found
12220	Process not Found
4764	tasklist.exe
8184	Process not Found
8240	Process not Found
2584	tasklist.exe
2844	tasklist.exe
2576	Process not Found
5612	tasklist.exe
6152	tasklist.exe
9000	Process not Found
8524	Process not Found
9092	Process not Found
11604	Process not Found
5656	tasklist.exe
7048	Process not Found
4428	tasklist.exe
3340	tasklist.exe
5000	tasklist.exe
10364	Process not Found
11320	Process not Found
2892	tasklist.exe
3676	tasklist.exe
6828	Process not Found
9840	Process not Found
11324	Process not Found
3632	tasklist.exe
5400	tasklist.exe
3052	tasklist.exe
6548	Process not Found
5324	tasklist.exe
7628	Process not Found
7724	Process not Found
3540	tasklist.exe
5520	tasklist.exe
4360	tasklist.exe
5244	tasklist.exe
5656	tasklist.exe
2688	Process not Found
1408	tasklist.exe
1780	tasklist.exe
10512	Process not Found
8132	Process not Found
9336	Process not Found
5052	tasklist.exe
5196	tasklist.exe
3264	tasklist.exe
6500	tasklist.exe
3884	tasklist.exe
8980	Process not Found
9616	Process not Found
10564	Process not Found
8808	Process not Found
9612	Process not Found
5176	tasklist.exe
12028	Process not Found
3292	tasklist.exe
5076	tasklist.exe
8316	Process not Found
9192	Process not Found
12088	Process not Found
5384	tasklist.exe
7764	Process not Found
6524	Process not Found

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 264 set thread context of 2612	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	35

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
11184	Process not Found
2004	timeout.exe
3052	timeout.exe
2888	timeout.exe
3400	timeout.exe
9296	Process not Found
5292	timeout.exe
7484	Process not Found
10212	Process not Found
4556	timeout.exe
6700	timeout.exe
9628	Process not Found
1588	timeout.exe
3400	timeout.exe
7004	Process not Found
9536	Process not Found
6780	Process not Found
8368	Process not Found
10836	Process not Found
11000	Process not Found
3940	timeout.exe
4208	timeout.exe
6088	timeout.exe
9204	Process not Found
7688	Process not Found
9556	Process not Found
10504	Process not Found
11808	Process not Found
3132	timeout.exe
4568	timeout.exe
5784	timeout.exe
7204	Process not Found
8520	Process not Found
3460	timeout.exe
5392	timeout.exe
9336	Process not Found
10144	Process not Found
6752	timeout.exe
9192	Process not Found
10244	Process not Found
3532	timeout.exe
3324	timeout.exe
4140	timeout.exe
5512	timeout.exe
6412	timeout.exe
2988	timeout.exe
3188	timeout.exe
4688	timeout.exe
9004	Process not Found
9604	Process not Found
1644	timeout.exe
1264	timeout.exe
5052	timeout.exe
9744	Process not Found
4932	timeout.exe
5992	timeout.exe
6524	Process not Found
9536	Process not Found
10696	Process not Found
2532	timeout.exe
3364	timeout.exe
9628	Process not Found
10516	Process not Found
3332	timeout.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\FolderN\tygfdfxxz:Zone.Identifier	cmd.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe
264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe
264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe
264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe
264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe
264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe
2920	tmp.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2920	tmp.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe
Token: SeDebugPrivilege	2920	tmp.exe
Token: SeDebugPrivilege	476	tasklist.exe
Token: SeDebugPrivilege	2028	tasklist.exe
Token: SeDebugPrivilege	2032	tasklist.exe
Token: SeDebugPrivilege	1540	tasklist.exe
Token: SeDebugPrivilege	2844	tasklist.exe
Token: SeDebugPrivilege	2200	tasklist.exe
Token: SeDebugPrivilege	864	tasklist.exe
Token: SeDebugPrivilege	2584	tasklist.exe
Token: SeDebugPrivilege	1772	tasklist.exe
Token: SeDebugPrivilege	1916	tasklist.exe
Token: SeDebugPrivilege	680	tasklist.exe
Token: SeDebugPrivilege	1864	tasklist.exe
Token: SeDebugPrivilege	564	tasklist.exe
Token: SeDebugPrivilege	316	tasklist.exe
Token: SeDebugPrivilege	1516	tasklist.exe
Token: SeDebugPrivilege	2248	tasklist.exe
Token: SeDebugPrivilege	1488	tasklist.exe
Token: SeDebugPrivilege	2864	tasklist.exe
Token: SeDebugPrivilege	3004	tasklist.exe
Token: SeDebugPrivilege	2880	tasklist.exe
Token: SeDebugPrivilege	1624	tasklist.exe
Token: SeDebugPrivilege	2032	tasklist.exe
Token: SeDebugPrivilege	2836	tasklist.exe
Token: SeDebugPrivilege	2700	tasklist.exe
Token: SeDebugPrivilege	3040	tasklist.exe
Token: SeDebugPrivilege	1448	tasklist.exe
Token: SeDebugPrivilege	2784	tasklist.exe
Token: SeDebugPrivilege	2456	tasklist.exe
Token: SeDebugPrivilege	1408	tasklist.exe
Token: SeDebugPrivilege	2252	tasklist.exe
Token: SeDebugPrivilege	2324	tasklist.exe
Token: SeDebugPrivilege	2188	tasklist.exe
Token: SeDebugPrivilege	2636	tasklist.exe
Token: SeDebugPrivilege	1264	tasklist.exe
Token: SeDebugPrivilege	1620	tasklist.exe
Token: SeDebugPrivilege	2992	tasklist.exe
Token: SeDebugPrivilege	2232	tasklist.exe
Token: SeDebugPrivilege	2164	tasklist.exe
Token: SeDebugPrivilege	2784	tasklist.exe
Token: SeDebugPrivilege	1568	tasklist.exe
Token: SeDebugPrivilege	1524	tasklist.exe
Token: SeDebugPrivilege	2940	tasklist.exe
Token: SeDebugPrivilege	2632	tasklist.exe
Token: SeDebugPrivilege	2172	tasklist.exe
Token: SeDebugPrivilege	2208	tasklist.exe
Token: SeDebugPrivilege	1656	tasklist.exe
Token: SeDebugPrivilege	2948	tasklist.exe
Token: SeDebugPrivilege	872	tasklist.exe
Token: SeDebugPrivilege	2540	tasklist.exe
Token: SeDebugPrivilege	2004	tasklist.exe
Token: SeDebugPrivilege	1780	tasklist.exe
Token: SeDebugPrivilege	2492	tasklist.exe
Token: SeDebugPrivilege	680	tasklist.exe
Token: SeDebugPrivilege	1816	tasklist.exe
Token: SeDebugPrivilege	2644	tasklist.exe
Token: SeDebugPrivilege	2172	tasklist.exe
Token: SeDebugPrivilege	3052	tasklist.exe
Token: SeDebugPrivilege	2892	tasklist.exe
Token: SeDebugPrivilege	2620	tasklist.exe
Token: SeDebugPrivilege	2948	tasklist.exe
Token: SeDebugPrivilege	2856	tasklist.exe
Token: SeDebugPrivilege	1864	tasklist.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 264 wrote to memory of 708	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	31
PID 264 wrote to memory of 708	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	31
PID 264 wrote to memory of 708	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	31
PID 264 wrote to memory of 708	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	31
PID 708 wrote to memory of 2096	708	cmd.exe	33
PID 708 wrote to memory of 2096	708	cmd.exe	33
PID 708 wrote to memory of 2096	708	cmd.exe	33
PID 708 wrote to memory of 2096	708	cmd.exe	33
PID 264 wrote to memory of 2920	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	34
PID 264 wrote to memory of 2920	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	34
PID 264 wrote to memory of 2920	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	34
PID 264 wrote to memory of 2920	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	34
PID 264 wrote to memory of 2612	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	35
PID 264 wrote to memory of 2612	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	35
PID 264 wrote to memory of 2612	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	35
PID 264 wrote to memory of 2612	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	35
PID 264 wrote to memory of 2612	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	35
PID 264 wrote to memory of 2612	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	35
PID 264 wrote to memory of 2612	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	35
PID 264 wrote to memory of 2612	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	35
PID 264 wrote to memory of 2612	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	35
PID 264 wrote to memory of 2680	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	36
PID 264 wrote to memory of 2680	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	36
PID 264 wrote to memory of 2680	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	36
PID 264 wrote to memory of 2680	264	JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe	36
PID 2680 wrote to memory of 2932	2680	cmd.exe	38
PID 2680 wrote to memory of 2932	2680	cmd.exe	38
PID 2680 wrote to memory of 2932	2680	cmd.exe	38
PID 2680 wrote to memory of 2932	2680	cmd.exe	38
PID 2680 wrote to memory of 476	2680	cmd.exe	39
PID 2680 wrote to memory of 476	2680	cmd.exe	39
PID 2680 wrote to memory of 476	2680	cmd.exe	39
PID 2680 wrote to memory of 476	2680	cmd.exe	39
PID 2680 wrote to memory of 524	2680	cmd.exe	40
PID 2680 wrote to memory of 524	2680	cmd.exe	40
PID 2680 wrote to memory of 524	2680	cmd.exe	40
PID 2680 wrote to memory of 524	2680	cmd.exe	40
PID 2680 wrote to memory of 1348	2680	cmd.exe	42
PID 2680 wrote to memory of 1348	2680	cmd.exe	42
PID 2680 wrote to memory of 1348	2680	cmd.exe	42
PID 2680 wrote to memory of 1348	2680	cmd.exe	42
PID 1348 wrote to memory of 2500	1348	cmd.exe	44
PID 1348 wrote to memory of 2500	1348	cmd.exe	44
PID 1348 wrote to memory of 2500	1348	cmd.exe	44
PID 1348 wrote to memory of 2500	1348	cmd.exe	44
PID 1348 wrote to memory of 2028	1348	cmd.exe	45
PID 1348 wrote to memory of 2028	1348	cmd.exe	45
PID 1348 wrote to memory of 2028	1348	cmd.exe	45
PID 1348 wrote to memory of 2028	1348	cmd.exe	45
PID 1348 wrote to memory of 1180	1348	cmd.exe	46
PID 1348 wrote to memory of 1180	1348	cmd.exe	46
PID 1348 wrote to memory of 1180	1348	cmd.exe	46
PID 1348 wrote to memory of 1180	1348	cmd.exe	46
PID 1348 wrote to memory of 1928	1348	cmd.exe	47
PID 1348 wrote to memory of 1928	1348	cmd.exe	47
PID 1348 wrote to memory of 1928	1348	cmd.exe	47
PID 1348 wrote to memory of 1928	1348	cmd.exe	47
PID 1928 wrote to memory of 1944	1928	cmd.exe	49
PID 1928 wrote to memory of 1944	1928	cmd.exe	49
PID 1928 wrote to memory of 1944	1928	cmd.exe	49
PID 1928 wrote to memory of 1944	1928	cmd.exe	49
PID 1928 wrote to memory of 2032	1928	cmd.exe	50
PID 1928 wrote to memory of 2032	1928	cmd.exe	50
PID 1928 wrote to memory of 2032	1928	cmd.exe	50

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3a9720029c0f5bb91544409a999c9d09.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:264
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe"
  2⤵
  - NTFS ADS
  - Suspicious use of WriteProcessMemory
  PID:708
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\FolderN\tygfdfxxz.lnk" /f
    3⤵
    PID:2096
- C:\Users\Admin\AppData\Roaming\tmp.exe
  "C:\Users\Admin\AppData\Roaming\tmp.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:2920
- C:\Users\Admin\AppData\Local\Temp\svhost.exe
  "C:\Users\Admin\AppData\Local\Temp\svhost.exe"
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Windows\SysWOW64\timeout.exe
    timeout /t 6006599339700
    3⤵
    PID:2932
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /nh /fi "imagename eq .exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:476
- - C:\Windows\SysWOW64\find.exe
    find /i ".exe"
    3⤵
    PID:524
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1348
  - - C:\Windows\SysWOW64\timeout.exe
      timeout /t 6006599339700
      4⤵
      PID:2500
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist /nh /fi "imagename eq .exe"
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2028
  - - C:\Windows\SysWOW64\find.exe
      find /i ".exe"
      4⤵
      PID:1180
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1928
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        5⤵
        
        PID:1944
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2032
    - - C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        5⤵
        
        PID:2504
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        5⤵
        
        PID:1200
      - C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        6⤵
        
        PID:1116
      - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1540
      - C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        6⤵
        
        PID:380
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        6⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        7⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2844
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        7⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        7⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        8⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2200
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        8⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        8⤵
        
        PID:976
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        9⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        9⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:864
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        9⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        9⤵
        
        PID:444
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        10⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        10⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:2584
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        10⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        10⤵
        
        PID:692
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        11⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        11⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1772
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        11⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        11⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        12⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        12⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1916
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        12⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        12⤵
        
        PID:344
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        13⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        13⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:680
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        13⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        13⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        14⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        14⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1864
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        14⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        14⤵
        
        PID:1432
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        15⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        15⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:564
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        15⤵
        
        PID:580
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        15⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        16⤵
        
        PID:276
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        16⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:316
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        16⤵
        
        PID:884
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        16⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        17⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        17⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1516
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        17⤵
        
        PID:1520
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        17⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        18⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        18⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2248
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        18⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        18⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        19⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        19⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1488
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        19⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        19⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        20⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        20⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2864
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        20⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        20⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        21⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        21⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3004
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        21⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        21⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        22⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        22⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2880
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        22⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        22⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        23⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        23⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1624
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        23⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        23⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        24⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        24⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2032
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        24⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        24⤵
        
        PID:348
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        25⤵
        Delays execution with timeout.exe
        
        PID:2988
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        25⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2836
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        25⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        25⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        26⤵
        System Location Discovery: System Language Discovery
        
        PID:2960
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        26⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2700
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        26⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        26⤵
        
        PID:408
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        27⤵
        
        PID:864
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        27⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3040
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        27⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        27⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        28⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        28⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1448
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        28⤵
        
        PID:1172
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        28⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        29⤵
        Delays execution with timeout.exe
        
        PID:1588
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        29⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2784
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        29⤵
        
        PID:936
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        29⤵
        
        PID:1476
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        30⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        30⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2456
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        30⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        30⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        31⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        31⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:1408
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        31⤵
        
        PID:564
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        31⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        32⤵
        
        PID:884
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        32⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2252
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        32⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        32⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        33⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        33⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2324
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        33⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        33⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        34⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        34⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2188
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        34⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        34⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        35⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        35⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2636
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        35⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        35⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        36⤵
        Delays execution with timeout.exe
        
        PID:2004
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        36⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1264
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        36⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        36⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        37⤵
        Delays execution with timeout.exe
        
        PID:1644
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        37⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1620
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        37⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        37⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        38⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        38⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2992
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        38⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        38⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        39⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        39⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2232
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        39⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        39⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        40⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        40⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2164
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        40⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        40⤵
        System Location Discovery: System Language Discovery
        
        PID:1588
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        41⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        41⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2784
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        41⤵
        
        PID:936
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        41⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        42⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        42⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1568
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        42⤵
        
        PID:276
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        42⤵
        
        PID:564
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        43⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        43⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1524
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        43⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        43⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        44⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        44⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2940
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        44⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        44⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        45⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        45⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2632
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        45⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        45⤵
        
        PID:1180
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        46⤵
        Delays execution with timeout.exe
        
        PID:1264
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        46⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2172
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        46⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        46⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        47⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        47⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2208
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        47⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        47⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        48⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        48⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1656
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        48⤵
        
        PID:300
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        48⤵
        
        PID:1172
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        49⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        49⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2948
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        49⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        49⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        50⤵
        
        PID:1408
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        50⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:872
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        50⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        50⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        51⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        51⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2540
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        51⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        51⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        52⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        52⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2004
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        52⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        52⤵
        
        PID:524
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        53⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        53⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:1780
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        53⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        53⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        54⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        54⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2492
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        54⤵
        
        PID:748
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        54⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        55⤵
        Delays execution with timeout.exe
        
        PID:3052
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        55⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:680
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        55⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        55⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        56⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        56⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1816
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        56⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        56⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        57⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        57⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2644
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        57⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        57⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        58⤵
        System Location Discovery: System Language Discovery
        
        PID:1620
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        58⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2172
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        58⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        58⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        59⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        59⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:3052
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        59⤵
        
        PID:332
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        59⤵
        
        PID:680
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        60⤵
        Delays execution with timeout.exe
        
        PID:2888
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        60⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:2892
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        60⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        60⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        61⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        61⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2620
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        61⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        61⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        62⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        62⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2948
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        62⤵
        
        PID:1408
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        62⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        63⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        63⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2856
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        63⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        63⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        64⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        64⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1864
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        64⤵
        
        PID:796
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        64⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        65⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        65⤵
        Enumerates processes with tasklist
        System Location Discovery: System Language Discovery
        
        PID:2844
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        65⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        65⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        66⤵
        Delays execution with timeout.exe
        
        PID:2532
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        66⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        66⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        66⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        67⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        67⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        67⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        67⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        68⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        68⤵
        
        PID:264
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        68⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        68⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        69⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        69⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        69⤵
        System Location Discovery: System Language Discovery
        
        PID:2804
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        69⤵
        
        PID:264
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        70⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        70⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        70⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        70⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        71⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        71⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        71⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        71⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        72⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        72⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        72⤵
        System Location Discovery: System Language Discovery
        
        PID:3136
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        72⤵
        
        PID:3164
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        73⤵
        Delays execution with timeout.exe
        
        PID:3188
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        73⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        73⤵
        
        PID:3204
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        73⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        74⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        74⤵
        Enumerates processes with tasklist
        
        PID:3264
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        74⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        74⤵
        
        PID:3300
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        75⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        75⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        75⤵
        
        PID:3340
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        75⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:3392
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        76⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        76⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:3436
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        77⤵
        Delays execution with timeout.exe
        
        PID:3460
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        77⤵
        System Location Discovery: System Language Discovery
        
        PID:3468
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        77⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        77⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        78⤵
        Delays execution with timeout.exe
        
        PID:3532
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        78⤵
        Enumerates processes with tasklist
        
        PID:3540
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        78⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        78⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        79⤵
        
        PID:3600
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        79⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        79⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        79⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        80⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        80⤵
        Enumerates processes with tasklist
        
        PID:3676
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        80⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        80⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        81⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        81⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        81⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        81⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        82⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        82⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        82⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        82⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        83⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        83⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        83⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        83⤵
        System Location Discovery: System Language Discovery
        
        PID:3916
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        84⤵
        Delays execution with timeout.exe
        
        PID:3940
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        84⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        84⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        84⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        85⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        85⤵
        
        PID:4016
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        85⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        85⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        86⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        86⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        86⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        86⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        87⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        87⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        87⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        87⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        88⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        88⤵
        
        PID:3204
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        88⤵
        
        PID:3260
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        88⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        89⤵
        Delays execution with timeout.exe
        
        PID:3324
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        89⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        89⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        89⤵
        
        PID:3380
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        90⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        90⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        90⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        90⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        91⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        91⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        91⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        91⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        92⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        92⤵
        Enumerates processes with tasklist
        
        PID:3632
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        92⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        92⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        93⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        93⤵
        
        PID:3688
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        93⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        93⤵
        
        PID:3748
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        94⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        94⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        94⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        94⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        95⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        95⤵
        Enumerates processes with tasklist
        
        PID:3884
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        95⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        95⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        96⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        96⤵
        System Location Discovery: System Language Discovery
        
        PID:4012
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        96⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        96⤵
        
        PID:4016
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        97⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        97⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        97⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        97⤵
        System Location Discovery: System Language Discovery
        
        PID:3192
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        98⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        98⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        98⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        98⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        99⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        99⤵
        Enumerates processes with tasklist
        
        PID:3340
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        99⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        99⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        100⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        100⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        100⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        100⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        101⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        101⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        101⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        101⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        102⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        102⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        102⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        102⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        103⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        103⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        103⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        103⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        104⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        104⤵
        
        PID:4040
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        104⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        104⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        105⤵
        
        PID:3124
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        105⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        105⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        105⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        106⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        106⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        106⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        106⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        107⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        107⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        107⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        107⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        108⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        108⤵
        System Location Discovery: System Language Discovery
        
        PID:3680
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        108⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        108⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        109⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        109⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        109⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        109⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        110⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        110⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        110⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        110⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        111⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        111⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        111⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        111⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        112⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        112⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        112⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        112⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        113⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        113⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        113⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        113⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        114⤵
        Delays execution with timeout.exe
        
        PID:3132
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        114⤵
        Enumerates processes with tasklist
        
        PID:3292
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        114⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        114⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        115⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        115⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        115⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        115⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        116⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        116⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        116⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        116⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        117⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        117⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        117⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        117⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        118⤵
        Delays execution with timeout.exe
        
        PID:3400
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        118⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        118⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        118⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        119⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        119⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        119⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        119⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        120⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        120⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        120⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        120⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        121⤵
        Delays execution with timeout.exe
        
        PID:3332
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        121⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        121⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        121⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        122⤵
        Delays execution with timeout.exe
        
        PID:3400
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        122⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        122⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        122⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        123⤵
        Delays execution with timeout.exe
        
        PID:4140
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        123⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        123⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        123⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        124⤵
        Delays execution with timeout.exe
        
        PID:4208
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        124⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        124⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        124⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        125⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        125⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        125⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        125⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        126⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        126⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        126⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        126⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        127⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        127⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        127⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        127⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        128⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        128⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        128⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        128⤵
        System Location Discovery: System Language Discovery
        
        PID:4528
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        129⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        129⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        129⤵
        System Location Discovery: System Language Discovery
        
        PID:4568
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        129⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        130⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        130⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        130⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        130⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        131⤵
        Delays execution with timeout.exe
        
        PID:4688
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        131⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        131⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        131⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        132⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        132⤵
        Enumerates processes with tasklist
        
        PID:4764
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        132⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        132⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        133⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        133⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        133⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        133⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        134⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        134⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        134⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        134⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        135⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        135⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        135⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        135⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        136⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        136⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        136⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        136⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        137⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        137⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        137⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        137⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        138⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        138⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        138⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        138⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        139⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        139⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        139⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        139⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        140⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        140⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        140⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        140⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        141⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        141⤵
        Enumerates processes with tasklist
        
        PID:4428
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        141⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        141⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        142⤵
        Delays execution with timeout.exe
        
        PID:4556
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        142⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        142⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        142⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        143⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        143⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        143⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        143⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        144⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        144⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        144⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        144⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        145⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        145⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        145⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        145⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        146⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        146⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        146⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        146⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        147⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        147⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        147⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        147⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        148⤵
        Delays execution with timeout.exe
        
        PID:3364
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        148⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        148⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        148⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        149⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        149⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        149⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        149⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        150⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        150⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        150⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        150⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        151⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        151⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        151⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        151⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        152⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        152⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        152⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        152⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        153⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        153⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        153⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        153⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        154⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        154⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        154⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        154⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        155⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        155⤵
        Enumerates processes with tasklist
        
        PID:5052
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        155⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        155⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        156⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        156⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        156⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        156⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        157⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        157⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        157⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        157⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        158⤵
        Delays execution with timeout.exe
        
        PID:4568
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        158⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        158⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        158⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        159⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        159⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        159⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        159⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        160⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        160⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        160⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        160⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        161⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        161⤵
        Enumerates processes with tasklist
        
        PID:5076
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        161⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        161⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        162⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        162⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        162⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        162⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        163⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        163⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        163⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        163⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        164⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        164⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        164⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        164⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        165⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        165⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        165⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        165⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        166⤵
        System Location Discovery: System Language Discovery
        
        PID:4360
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        166⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        166⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        166⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        167⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        167⤵
        Enumerates processes with tasklist
        
        PID:5000
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        167⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        167⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        168⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        168⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        168⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        168⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        169⤵
        System Location Discovery: System Language Discovery
        Delays execution with timeout.exe
        
        PID:4932
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        169⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        169⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        169⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        170⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        170⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        170⤵
        System Location Discovery: System Language Discovery
        
        PID:4384
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        170⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        171⤵
        Delays execution with timeout.exe
        
        PID:5052
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        171⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        171⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        171⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        172⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        172⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        172⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        172⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        173⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        173⤵
        Enumerates processes with tasklist
        
        PID:4360
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        173⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        173⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        174⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        174⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        174⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        174⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        175⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        175⤵
        Enumerates processes with tasklist
        
        PID:5244
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        175⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        175⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        176⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        176⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        176⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        176⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        177⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        177⤵
        Enumerates processes with tasklist
        
        PID:5384
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        177⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        177⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        178⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        178⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        178⤵
        System Location Discovery: System Language Discovery
        
        PID:5460
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        178⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        179⤵
        Delays execution with timeout.exe
        
        PID:5512
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        179⤵
        Enumerates processes with tasklist
        
        PID:5520
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        179⤵
        System Location Discovery: System Language Discovery
        
        PID:5528
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        179⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        180⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        180⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        180⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        180⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        181⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        181⤵
        Enumerates processes with tasklist
        
        PID:5656
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        181⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        181⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        182⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        182⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        182⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        182⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        183⤵
        Delays execution with timeout.exe
        
        PID:5784
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        183⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        183⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        183⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        184⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        184⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        184⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        184⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        185⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        185⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        185⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        185⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        186⤵
        Delays execution with timeout.exe
        
        PID:5992
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        186⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        186⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        186⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        187⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        187⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        187⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        187⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        188⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        188⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        188⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        188⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        189⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        189⤵
        Enumerates processes with tasklist
        
        PID:5176
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        189⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        189⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        190⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        190⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        190⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        190⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        191⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        191⤵
        Enumerates processes with tasklist
        
        PID:5400
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        191⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        191⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        192⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        192⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        192⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        192⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        193⤵
        System Location Discovery: System Language Discovery
        
        PID:5620
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        193⤵
        Enumerates processes with tasklist
        
        PID:5612
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        193⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        193⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        194⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        194⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        194⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        194⤵
        System Location Discovery: System Language Discovery
        
        PID:5740
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        195⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        195⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        195⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        195⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        196⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        196⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        196⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        196⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        197⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        197⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        197⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        197⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        198⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        198⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        198⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        198⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        199⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        199⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        199⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        199⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        200⤵
        Delays execution with timeout.exe
        
        PID:5292
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        200⤵
        Enumerates processes with tasklist
        
        PID:5324
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        200⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        200⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        201⤵
        Delays execution with timeout.exe
        
        PID:5392
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        201⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        201⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        201⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        202⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        202⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        202⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        202⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        203⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        203⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        203⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        203⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        204⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        204⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        204⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        204⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        205⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        205⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        205⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        205⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        206⤵
        Delays execution with timeout.exe
        
        PID:6088
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        206⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        206⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        206⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        207⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        207⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        207⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        207⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        208⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        208⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        208⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        208⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        209⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        209⤵
        Enumerates processes with tasklist
        
        PID:5656
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        209⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        209⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        210⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        210⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        210⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        210⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        211⤵
        
        PID:1468
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        211⤵
        
        PID:1000
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        211⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        211⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        212⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        212⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        212⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        212⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        213⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        213⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        213⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        213⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        214⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        214⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        214⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        214⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        215⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        215⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        215⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        215⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        216⤵
        System Location Discovery: System Language Discovery
        
        PID:6092
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        216⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        216⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        216⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        217⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        217⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        217⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        217⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        218⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        218⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        218⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        218⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        219⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        219⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        219⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        219⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        220⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        220⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        220⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        220⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        221⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        221⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        221⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        221⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        222⤵
        System Location Discovery: System Language Discovery
        
        PID:5636
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        222⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        222⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        222⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        223⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        223⤵
        Enumerates processes with tasklist
        
        PID:5196
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        223⤵
        System Location Discovery: System Language Discovery
        
        PID:5928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        223⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        224⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        224⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        224⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        224⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        225⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        225⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        225⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        225⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        226⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        226⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        226⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        226⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        227⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        227⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        227⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        227⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        228⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        228⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        228⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        228⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        229⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        229⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        229⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        229⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        230⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        230⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        230⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        230⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        231⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        231⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        231⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        231⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        232⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        232⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        232⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        232⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        233⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        233⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        233⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        233⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        234⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        234⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        234⤵
        System Location Discovery: System Language Discovery
        
        PID:6760
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        234⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        235⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        235⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        235⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        235⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        236⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        236⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        236⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        236⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        237⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        237⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        237⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        237⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        238⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        238⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        238⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        238⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        239⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        239⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        239⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        239⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        240⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        240⤵
        Enumerates processes with tasklist
        
        PID:6152
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        240⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        240⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        241⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        241⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        241⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        241⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        242⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        242⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        242⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        242⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        243⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        243⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        243⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        243⤵
        
        PID:916
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        244⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        244⤵
        Enumerates processes with tasklist
        
        PID:6500
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        244⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        244⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        245⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        245⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        245⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        245⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        246⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        246⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        246⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        246⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        247⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        247⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        247⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        247⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        248⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        248⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        248⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        248⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        249⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        249⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        249⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        249⤵
        
        PID:1140
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        250⤵
        
        PID:828
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        250⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        250⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        250⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        251⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        251⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        251⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        251⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        252⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        252⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        252⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        252⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        253⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        253⤵
        System Location Discovery: System Language Discovery
        
        PID:6356
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        253⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        253⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        254⤵
        System Location Discovery: System Language Discovery
        Delays execution with timeout.exe
        
        PID:6412
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        254⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        254⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        254⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        255⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        255⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        255⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        255⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        256⤵
        Delays execution with timeout.exe
        
        PID:6700
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        256⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\find.exe
        
        find /i ".exe"
        256⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz"
        256⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6006599339700
        257⤵
        Delays execution with timeout.exe
        
        PID:6752
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /nh /fi "imagename eq .exe"
        257⤵
        
        PID:6828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\FolderN\tygfdfxxz.bat

Filesize
203B

MD5
b386b46393db2889c175c7f151c31f4e

SHA1
f81767749fdfa585b88e3fc5a80f9b3f65548a45

SHA256
de6ef20799ca9b5fabda14f85284b9602509fbf49c1ba57991e98502f5a558bd

SHA512
e9ac8d8d67add839b9bd13b52faf35ce6ada1e81a299b9b566f6c72e0badd0a4306145d9f5c60cadd500164d5b1e1eac585718b26d87fcb0815d4b486069a430

Download Submit
\Users\Admin\AppData\Local\Temp\svhost.exe

Filesize
1.6MB

MD5
32827e69b293b99013bbbe37d029245d

SHA1
bc9f80a38f09354d71467a05b0c5a82c3f7dac53

SHA256
9250b89157770e3ab59a2c7e2dd6b12b3c61d9b7c6620c3b4727e4bfff10f01f

SHA512
58c9a072e2bea0a8f22b4e69512abafad271ca91f2e3d2b4233796dd3d83021aad1c6da69fc8f7e7ca7919d34bde941cb8b5d185b668168866d1180558b93cf5

Download Submit
\Users\Admin\AppData\Roaming\tmp.exe

Filesize
202KB

MD5
4d85a254fdaf6113c27f454898bc4b43

SHA1
47a9b19a2ad77612e780dd911c408bc89d71c0fe

SHA256
dd2b3eeed29150dada731be3f1b5fb61a23e86917ee129aae3fec2e8fd7b10e3

SHA512
7361dfaf41d3c2d3884e6ee14d9dfd4c987faaa373096be65c211b8f9bbdff548da350e83b81c9fea047056f20c165c114f3eccb0a7b098ccb17eada1ac17bdf

Download Submit
memory/264-0-0x0000000074EE1000-0x0000000074EE2000-memory.dmp

Filesize
4KB

Download
memory/264-1-0x0000000074EE0000-0x000000007548B000-memory.dmp

Filesize
5.7MB

Download
memory/264-2-0x0000000074EE0000-0x000000007548B000-memory.dmp

Filesize
5.7MB

Download
memory/264-3-0x0000000074EE0000-0x000000007548B000-memory.dmp

Filesize
5.7MB

Download
memory/264-48-0x0000000074EE0000-0x000000007548B000-memory.dmp

Filesize
5.7MB

Download
memory/2612-22-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2612-34-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2612-33-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2612-31-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2612-30-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2612-28-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2612-24-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2612-26-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2920-18-0x0000000074EE0000-0x000000007548B000-memory.dmp

Filesize
5.7MB

Download
memory/2920-45-0x0000000074EE0000-0x000000007548B000-memory.dmp

Filesize
5.7MB

Download
memory/2920-46-0x0000000074EE0000-0x000000007548B000-memory.dmp

Filesize
5.7MB

Download
memory/2920-47-0x0000000074EE0000-0x000000007548B000-memory.dmp

Filesize
5.7MB

Download
memory/2920-17-0x0000000074EE0000-0x000000007548B000-memory.dmp

Filesize
5.7MB

Download