description	ioc	Process
File created	C:\Windows\SysWOW64\kdoqe.exe	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
File opened for modification	C:\Windows\SysWOW64\kdoqe.exe	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe

pid	Process
3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: SeSecurityPrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: SeTakeOwnershipPrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: SeLoadDriverPrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: SeSystemProfilePrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: SeSystemtimePrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: SeProfSingleProcessPrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: SeIncBasePriorityPrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: SeCreatePagefilePrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: SeBackupPrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: SeRestorePrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: SeShutdownPrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: SeDebugPrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: SeSystemEnvironmentPrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: SeChangeNotifyPrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: SeRemoteShutdownPrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: SeUndockPrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: SeManageVolumePrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: SeImpersonatePrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: SeCreateGlobalPrivilege	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: 33	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: 34	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: 35	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
Token: 36	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe

description	pid	Process	procid_target
PID 3276 wrote to memory of 1924	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe	81
PID 3276 wrote to memory of 1924	3276	9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe	81

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.