59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9

Analysis

max time kernel
149s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 07:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Size

1.2MB
MD5

7c8c74a8626f40a3757ca14d82344754
SHA1

4e42062b48ddf1ba7cddad983964791f73bc5359
SHA256

59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9
SHA512

7ba6d5c9aa71758ac9b2033470f0c138d7e35e7827e9077aba4c01febdfa23ff2d087cd0302162e68b83d7112986884a510ec9ff5b19d864be25c7afbbc0c5a6
SSDEEP

3072:niNNzHy8upR2SDfhtPTnmQZpKVeLUDNn+pSfRW/Lz0lnmJqSDmIK57fD6SXm/Mls:ppRFz3

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1044	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	880	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	952	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	992	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	972	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	664	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1172	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1708	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1996	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1968	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1728	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1748	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1056	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1892	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1032	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1632	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1840	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	2040	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	596	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	520	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	980	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1256	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	568	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1804	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1852	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1436	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1420	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1580	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1668	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1040	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1224	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1332	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1756	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1984	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	844	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1624	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	760	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1708	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1524	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1736	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1540	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	984	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1304	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1812	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	880	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1476	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	876	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	556	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	468	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	844	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1624	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1528	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1472	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	112	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1560	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1368	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1692	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1108	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1232	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1224	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1800	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	912	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1012	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1172	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 880	1044	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	27
PID 1044 wrote to memory of 880	1044	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	27
PID 1044 wrote to memory of 880	1044	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	27
PID 880 wrote to memory of 952	880	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	28
PID 880 wrote to memory of 952	880	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	28
PID 880 wrote to memory of 952	880	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	28
PID 952 wrote to memory of 992	952	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	29
PID 952 wrote to memory of 992	952	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	29
PID 952 wrote to memory of 992	952	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	29
PID 992 wrote to memory of 972	992	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	30
PID 992 wrote to memory of 972	992	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	30
PID 992 wrote to memory of 972	992	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	30
PID 972 wrote to memory of 664	972	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	31
PID 972 wrote to memory of 664	972	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	31
PID 972 wrote to memory of 664	972	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	31
PID 664 wrote to memory of 1172	664	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	32
PID 664 wrote to memory of 1172	664	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	32
PID 664 wrote to memory of 1172	664	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	32
PID 1172 wrote to memory of 1708	1172	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	33
PID 1172 wrote to memory of 1708	1172	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	33
PID 1172 wrote to memory of 1708	1172	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	33
PID 1708 wrote to memory of 1996	1708	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	34
PID 1708 wrote to memory of 1996	1708	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	34
PID 1708 wrote to memory of 1996	1708	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	34
PID 1996 wrote to memory of 1968	1996	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	35
PID 1996 wrote to memory of 1968	1996	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	35
PID 1996 wrote to memory of 1968	1996	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	35
PID 1968 wrote to memory of 1728	1968	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	36
PID 1968 wrote to memory of 1728	1968	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	36
PID 1968 wrote to memory of 1728	1968	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	36
PID 1728 wrote to memory of 1748	1728	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	37
PID 1728 wrote to memory of 1748	1728	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	37
PID 1728 wrote to memory of 1748	1728	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	37
PID 1748 wrote to memory of 1056	1748	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	38
PID 1748 wrote to memory of 1056	1748	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	38
PID 1748 wrote to memory of 1056	1748	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	38
PID 1056 wrote to memory of 1892	1056	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	39
PID 1056 wrote to memory of 1892	1056	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	39
PID 1056 wrote to memory of 1892	1056	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	39
PID 1892 wrote to memory of 1032	1892	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	40
PID 1892 wrote to memory of 1032	1892	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	40
PID 1892 wrote to memory of 1032	1892	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	40
PID 1032 wrote to memory of 1632	1032	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	41
PID 1032 wrote to memory of 1632	1032	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	41
PID 1032 wrote to memory of 1632	1032	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	41
PID 1632 wrote to memory of 1840	1632	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	42
PID 1632 wrote to memory of 1840	1632	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	42
PID 1632 wrote to memory of 1840	1632	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	42
PID 1840 wrote to memory of 2040	1840	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	43
PID 1840 wrote to memory of 2040	1840	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	43
PID 1840 wrote to memory of 2040	1840	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	43
PID 2040 wrote to memory of 596	2040	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	44
PID 2040 wrote to memory of 596	2040	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	44
PID 2040 wrote to memory of 596	2040	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	44
PID 596 wrote to memory of 520	596	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	45
PID 596 wrote to memory of 520	596	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	45
PID 596 wrote to memory of 520	596	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	45
PID 520 wrote to memory of 980	520	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	46
PID 520 wrote to memory of 980	520	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	46
PID 520 wrote to memory of 980	520	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	46
PID 980 wrote to memory of 1256	980	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	47
PID 980 wrote to memory of 1256	980	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	47
PID 980 wrote to memory of 1256	980	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	47
PID 1256 wrote to memory of 568	1256	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	48

C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
"C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
  C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:880
- - C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
    C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:952
  - - C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
      C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:992
    - - C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        5⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        8⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        9⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        10⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        11⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        12⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        13⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        14⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        15⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        16⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        17⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        18⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        19⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        20⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        21⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        22⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        23⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        24⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        25⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        26⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        27⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        28⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        29⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        30⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        31⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        32⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        33⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        34⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        35⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        36⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        37⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        38⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        39⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        40⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        41⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        42⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        43⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        44⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        45⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        46⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        47⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        48⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        49⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        50⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        51⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        52⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        53⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        54⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        55⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        56⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        57⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        58⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        59⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        60⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        61⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        62⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        63⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        64⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        65⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        66⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        67⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        68⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        69⤵
        
        PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/112-160-0x000007FEF46B0000-0x000007FEF50D3000-memory.dmp

Filesize
10.1MB

Download
memory/112-159-0x0000000000000000-mapping.dmp

Download
memory/468-150-0x000007FEF2DA0000-0x000007FEF37C3000-memory.dmp

Filesize
10.1MB

Download
memory/468-149-0x0000000000000000-mapping.dmp

Download
memory/520-92-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/520-91-0x0000000000000000-mapping.dmp

Download
memory/556-148-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/556-147-0x0000000000000000-mapping.dmp

Download
memory/568-97-0x0000000000000000-mapping.dmp

Download
memory/568-98-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/596-90-0x000007FEF28F0000-0x000007FEF3313000-memory.dmp

Filesize
10.1MB

Download
memory/596-89-0x0000000000000000-mapping.dmp

Download
memory/664-64-0x000007FEF46B0000-0x000007FEF50D3000-memory.dmp

Filesize
10.1MB

Download
memory/664-63-0x0000000000000000-mapping.dmp

Download
memory/760-126-0x000007FEF46B0000-0x000007FEF50D3000-memory.dmp

Filesize
10.1MB

Download
memory/760-125-0x0000000000000000-mapping.dmp

Download
memory/844-122-0x000007FEF46B0000-0x000007FEF50D3000-memory.dmp

Filesize
10.1MB

Download
memory/844-121-0x0000000000000000-mapping.dmp

Download
memory/844-151-0x0000000000000000-mapping.dmp

Download
memory/844-152-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/876-145-0x0000000000000000-mapping.dmp

Download
memory/876-146-0x000007FEF28F0000-0x000007FEF3313000-memory.dmp

Filesize
10.1MB

Download
memory/880-141-0x0000000000000000-mapping.dmp

Download
memory/880-55-0x0000000000000000-mapping.dmp

Download
memory/880-142-0x000007FEF28F0000-0x000007FEF3313000-memory.dmp

Filesize
10.1MB

Download
memory/880-56-0x000007FEF2DA0000-0x000007FEF37C3000-memory.dmp

Filesize
10.1MB

Download
memory/912-175-0x0000000000000000-mapping.dmp

Download
memory/912-176-0x000007FEF2DA0000-0x000007FEF37C3000-memory.dmp

Filesize
10.1MB

Download
memory/952-57-0x0000000000000000-mapping.dmp

Download
memory/952-58-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/972-62-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/972-61-0x0000000000000000-mapping.dmp

Download
memory/980-94-0x000007FEF2DA0000-0x000007FEF37C3000-memory.dmp

Filesize
10.1MB

Download
memory/980-93-0x0000000000000000-mapping.dmp

Download
memory/984-135-0x0000000000000000-mapping.dmp

Download
memory/984-136-0x000007FEF2DA0000-0x000007FEF37C3000-memory.dmp

Filesize
10.1MB

Download
memory/992-60-0x000007FEF2DA0000-0x000007FEF37C3000-memory.dmp

Filesize
10.1MB

Download
memory/992-59-0x0000000000000000-mapping.dmp

Download
memory/1012-178-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/1012-177-0x0000000000000000-mapping.dmp

Download
memory/1032-81-0x0000000000000000-mapping.dmp

Download
memory/1032-82-0x000007FEF28F0000-0x000007FEF3313000-memory.dmp

Filesize
10.1MB

Download
memory/1040-111-0x0000000000000000-mapping.dmp

Download
memory/1040-112-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/1044-54-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/1056-78-0x000007FEF28F0000-0x000007FEF3313000-memory.dmp

Filesize
10.1MB

Download
memory/1056-77-0x0000000000000000-mapping.dmp

Download
memory/1108-168-0x000007FEF2DA0000-0x000007FEF37C3000-memory.dmp

Filesize
10.1MB

Download
memory/1108-167-0x0000000000000000-mapping.dmp

Download
memory/1172-179-0x0000000000000000-mapping.dmp

Download
memory/1172-180-0x000007FEF2DA0000-0x000007FEF37C3000-memory.dmp

Filesize
10.1MB

Download
memory/1172-65-0x0000000000000000-mapping.dmp

Download
memory/1172-66-0x000007FEF28F0000-0x000007FEF3313000-memory.dmp

Filesize
10.1MB

Download
memory/1224-113-0x0000000000000000-mapping.dmp

Download
memory/1224-171-0x0000000000000000-mapping.dmp

Download
memory/1224-172-0x000007FEF28F0000-0x000007FEF3313000-memory.dmp

Filesize
10.1MB

Download
memory/1232-170-0x000007FEF46B0000-0x000007FEF50D3000-memory.dmp

Filesize
10.1MB

Download
memory/1232-169-0x0000000000000000-mapping.dmp

Download
memory/1256-95-0x0000000000000000-mapping.dmp

Download
memory/1256-96-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/1304-138-0x000007FEF28F0000-0x000007FEF3313000-memory.dmp

Filesize
10.1MB

Download
memory/1332-115-0x0000000000000000-mapping.dmp

Download
memory/1332-116-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/1368-163-0x0000000000000000-mapping.dmp

Download
memory/1400-181-0x0000000000000000-mapping.dmp

Download
memory/1420-106-0x000007FEF28F0000-0x000007FEF3313000-memory.dmp

Filesize
10.1MB

Download
memory/1420-105-0x0000000000000000-mapping.dmp

Download
memory/1436-103-0x0000000000000000-mapping.dmp

Download
memory/1436-104-0x000007FEF46B0000-0x000007FEF50D3000-memory.dmp

Filesize
10.1MB

Download
memory/1472-158-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/1472-157-0x0000000000000000-mapping.dmp

Download
memory/1476-144-0x000007FEF46B0000-0x000007FEF50D3000-memory.dmp

Filesize
10.1MB

Download
memory/1476-143-0x0000000000000000-mapping.dmp

Download
memory/1524-130-0x000007FEF2DA0000-0x000007FEF37C3000-memory.dmp

Filesize
10.1MB

Download
memory/1524-129-0x0000000000000000-mapping.dmp

Download
memory/1528-155-0x0000000000000000-mapping.dmp

Download
memory/1528-156-0x000007FEF28F0000-0x000007FEF3313000-memory.dmp

Filesize
10.1MB

Download
memory/1540-133-0x0000000000000000-mapping.dmp

Download
memory/1540-134-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/1544-137-0x0000000000000000-mapping.dmp

Download
memory/1560-161-0x0000000000000000-mapping.dmp

Download
memory/1560-162-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/1580-108-0x000007FEF46B0000-0x000007FEF50D3000-memory.dmp

Filesize
10.1MB

Download
memory/1580-107-0x0000000000000000-mapping.dmp

Download
memory/1624-124-0x000007FEF28F0000-0x000007FEF3313000-memory.dmp

Filesize
10.1MB

Download
memory/1624-154-0x000007FEF46B0000-0x000007FEF50D3000-memory.dmp

Filesize
10.1MB

Download
memory/1624-123-0x0000000000000000-mapping.dmp

Download
memory/1624-153-0x0000000000000000-mapping.dmp

Download
memory/1632-84-0x000007FEF46B0000-0x000007FEF50D3000-memory.dmp

Filesize
10.1MB

Download
memory/1632-83-0x0000000000000000-mapping.dmp

Download
memory/1668-109-0x0000000000000000-mapping.dmp

Download
memory/1668-110-0x000007FEF28F0000-0x000007FEF3313000-memory.dmp

Filesize
10.1MB

Download
memory/1692-166-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/1692-165-0x0000000000000000-mapping.dmp

Download
memory/1708-128-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/1708-68-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/1708-67-0x0000000000000000-mapping.dmp

Download
memory/1708-127-0x0000000000000000-mapping.dmp

Download
memory/1728-73-0x0000000000000000-mapping.dmp

Download
memory/1728-74-0x000007FEF2DA0000-0x000007FEF37C3000-memory.dmp

Filesize
10.1MB

Download
memory/1736-131-0x0000000000000000-mapping.dmp

Download
memory/1736-132-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/1748-75-0x0000000000000000-mapping.dmp

Download
memory/1748-76-0x000007FEF46B0000-0x000007FEF50D3000-memory.dmp

Filesize
10.1MB

Download
memory/1756-117-0x0000000000000000-mapping.dmp

Download
memory/1756-118-0x000007FEF2DA0000-0x000007FEF37C3000-memory.dmp

Filesize
10.1MB

Download
memory/1800-174-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/1800-173-0x0000000000000000-mapping.dmp

Download
memory/1804-100-0x000007FEF46B0000-0x000007FEF50D3000-memory.dmp

Filesize
10.1MB

Download
memory/1804-99-0x0000000000000000-mapping.dmp

Download
memory/1812-139-0x0000000000000000-mapping.dmp

Download
memory/1812-140-0x000007FEF46B0000-0x000007FEF50D3000-memory.dmp

Filesize
10.1MB

Download
memory/1840-86-0x000007FEF28F0000-0x000007FEF3313000-memory.dmp

Filesize
10.1MB

Download
memory/1840-85-0x0000000000000000-mapping.dmp

Download
memory/1852-102-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/1852-101-0x0000000000000000-mapping.dmp

Download
memory/1892-80-0x000007FEF46B0000-0x000007FEF50D3000-memory.dmp

Filesize
10.1MB

Download
memory/1892-79-0x0000000000000000-mapping.dmp

Download
memory/1968-72-0x000007FEF37D0000-0x000007FEF41F3000-memory.dmp

Filesize
10.1MB

Download
memory/1968-71-0x0000000000000000-mapping.dmp

Download
memory/1984-119-0x0000000000000000-mapping.dmp

Download
memory/1984-120-0x000007FEF46B0000-0x000007FEF50D3000-memory.dmp

Filesize
10.1MB

Download
memory/1996-70-0x000007FEF2DA0000-0x000007FEF37C3000-memory.dmp

Filesize
10.1MB

Download
memory/1996-69-0x0000000000000000-mapping.dmp

Download
memory/2040-87-0x0000000000000000-mapping.dmp

Download
memory/2040-88-0x000007FEF46B0000-0x000007FEF50D3000-memory.dmp

Filesize
10.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads