98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124

Analysis

max time kernel
94s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Size

790KB
MD5

25d7739321a40cc16396de939920af07
SHA1

ef9968e2043191503b4f866eb87493f4602986e7
SHA256

98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124
SHA512

358924cb43c11d14dd444dd574a3f09d02fcae63d9c6b58c4ebd8b40234d0dd66586fc759f3c69076ac6566af188f6538faa5addec896e14afd39334e69bfe35
SSDEEP

24576:+n1UJtYWqUdVZ4M0CoGt/nWvuHa13EA2xdrMW:iUJtBVdVhVWvb1UTrMW

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 2008 set thread context of 3616	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	84
PID 3616 set thread context of 3624	3616	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	85
PID 3624 set thread context of 4272	3624	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	86
PID 4272 set thread context of 3192	4272	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	87
PID 3192 set thread context of 408	3192	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	88
PID 408 set thread context of 1828	408	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	89
PID 1828 set thread context of 4508	1828	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	91
PID 4508 set thread context of 3936	4508	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	92
PID 3936 set thread context of 1472	3936	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	94
PID 1472 set thread context of 4112	1472	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	95
PID 4112 set thread context of 2004	4112	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	96
PID 2004 set thread context of 2664	2004	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	97
PID 2664 set thread context of 1352	2664	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	98
PID 1352 set thread context of 3532	1352	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	99
PID 3532 set thread context of 2796	3532	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	100
PID 2796 set thread context of 1460	2796	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	101
PID 1460 set thread context of 3060	1460	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	102
PID 3060 set thread context of 3428	3060	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	103
PID 3428 set thread context of 1088	3428	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	104
PID 1088 set thread context of 4596	1088	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	105
PID 4596 set thread context of 4000	4596	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	106
PID 4000 set thread context of 772	4000	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	107
PID 772 set thread context of 5012	772	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	108
PID 5012 set thread context of 3892	5012	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	109
PID 3892 set thread context of 3252	3892	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	110
PID 3252 set thread context of 4092	3252	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	111
PID 4092 set thread context of 4072	4092	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	112
PID 4072 set thread context of 3804	4072	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	113
PID 3804 set thread context of 4512	3804	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	114
PID 4512 set thread context of 4372	4512	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	115
PID 4372 set thread context of 1176	4372	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	116
PID 1176 set thread context of 3180	1176	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	117
PID 3180 set thread context of 1348	3180	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	118
PID 1348 set thread context of 4828	1348	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	119
PID 4828 set thread context of 4284	4828	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	120
PID 4284 set thread context of 3968	4284	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	121
PID 3968 set thread context of 208	3968	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	122
PID 208 set thread context of 2324	208	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	123
PID 2324 set thread context of 4380	2324	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	124
PID 4380 set thread context of 2316	4380	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	125
PID 2316 set thread context of 4036	2316	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	126
PID 4036 set thread context of 632	4036	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	127
PID 632 set thread context of 3196	632	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	128
PID 3196 set thread context of 4516	3196	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	129
PID 4516 set thread context of 2996	4516	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	130
PID 2996 set thread context of 1584	2996	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	131
PID 1584 set thread context of 2952	1584	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	133
PID 2952 set thread context of 1660	2952	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	134
PID 1660 set thread context of 3080	1660	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	135
PID 3080 set thread context of 1020	3080	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	136
PID 1020 set thread context of 4592	1020	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	137
PID 4592 set thread context of 3992	4592	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	138
PID 3992 set thread context of 4156	3992	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	139
PID 4156 set thread context of 4860	4156	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	140
PID 4860 set thread context of 3880	4860	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	141
PID 3880 set thread context of 3784	3880	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	142
PID 3784 set thread context of 4588	3784	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	143
PID 4588 set thread context of 4216	4588	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	144
PID 4216 set thread context of 1560	4216	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	145
PID 1560 set thread context of 4432	1560	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	148
PID 4432 set thread context of 2068	4432	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	150
PID 2068 set thread context of 4884	2068	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	151
PID 4884 set thread context of 3140	4884	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	153
PID 3140 set thread context of 2140	3140	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	154

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: 33	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
Token: SeIncBasePriorityPrivilege	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe

Suspicious use of SetWindowsHookEx 34 IoCs

pid	Process
3616	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
4272	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
408	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
4508	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
1472	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
2004	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
1352	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
2796	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
3060	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
1088	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
4000	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
5012	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
3252	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
4072	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
4512	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
1176	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
1348	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
4284	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
208	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
4380	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
4036	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
3196	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
2996	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
2952	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
3080	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
4592	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
4156	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
3880	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
4588	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
1560	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
2068	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
3140	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
3956	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
396	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 3616	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	84
PID 2008 wrote to memory of 3616	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	84
PID 2008 wrote to memory of 3616	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	84
PID 2008 wrote to memory of 3616	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	84
PID 2008 wrote to memory of 3616	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	84
PID 2008 wrote to memory of 3616	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	84
PID 2008 wrote to memory of 3616	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	84
PID 2008 wrote to memory of 3616	2008	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	84
PID 3616 wrote to memory of 3624	3616	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	85
PID 3616 wrote to memory of 3624	3616	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	85
PID 3616 wrote to memory of 3624	3616	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	85
PID 3616 wrote to memory of 3624	3616	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	85
PID 3616 wrote to memory of 3624	3616	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	85
PID 3616 wrote to memory of 3624	3616	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	85
PID 3616 wrote to memory of 3624	3616	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	85
PID 3616 wrote to memory of 3624	3616	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	85
PID 3616 wrote to memory of 3624	3616	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	85
PID 3616 wrote to memory of 3624	3616	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	85
PID 3616 wrote to memory of 3624	3616	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	85
PID 3624 wrote to memory of 4272	3624	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	86
PID 3624 wrote to memory of 4272	3624	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	86
PID 3624 wrote to memory of 4272	3624	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	86
PID 3624 wrote to memory of 4272	3624	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	86
PID 3624 wrote to memory of 4272	3624	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	86
PID 3624 wrote to memory of 4272	3624	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	86
PID 3624 wrote to memory of 4272	3624	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	86
PID 3624 wrote to memory of 4272	3624	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	86
PID 4272 wrote to memory of 3192	4272	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	87
PID 4272 wrote to memory of 3192	4272	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	87
PID 4272 wrote to memory of 3192	4272	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	87
PID 4272 wrote to memory of 3192	4272	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	87
PID 4272 wrote to memory of 3192	4272	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	87
PID 4272 wrote to memory of 3192	4272	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	87
PID 4272 wrote to memory of 3192	4272	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	87
PID 4272 wrote to memory of 3192	4272	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	87
PID 4272 wrote to memory of 3192	4272	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	87
PID 4272 wrote to memory of 3192	4272	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	87
PID 4272 wrote to memory of 3192	4272	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	87
PID 3192 wrote to memory of 408	3192	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	88
PID 3192 wrote to memory of 408	3192	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	88
PID 3192 wrote to memory of 408	3192	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	88
PID 3192 wrote to memory of 408	3192	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	88
PID 3192 wrote to memory of 408	3192	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	88
PID 3192 wrote to memory of 408	3192	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	88
PID 3192 wrote to memory of 408	3192	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	88
PID 3192 wrote to memory of 408	3192	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	88
PID 408 wrote to memory of 1828	408	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	89
PID 408 wrote to memory of 1828	408	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	89
PID 408 wrote to memory of 1828	408	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	89
PID 408 wrote to memory of 1828	408	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	89
PID 408 wrote to memory of 1828	408	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	89
PID 408 wrote to memory of 1828	408	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	89
PID 408 wrote to memory of 1828	408	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	89
PID 408 wrote to memory of 1828	408	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	89
PID 408 wrote to memory of 1828	408	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	89
PID 408 wrote to memory of 1828	408	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	89
PID 408 wrote to memory of 1828	408	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	89
PID 1828 wrote to memory of 4508	1828	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	91
PID 1828 wrote to memory of 4508	1828	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	91
PID 1828 wrote to memory of 4508	1828	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	91
PID 1828 wrote to memory of 4508	1828	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	91
PID 1828 wrote to memory of 4508	1828	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	91
PID 1828 wrote to memory of 4508	1828	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	91
PID 1828 wrote to memory of 4508	1828	98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe	91

C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
"C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
  C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3616
- - C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
      C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
      4⤵
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        5⤵
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        6⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        7⤵
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        8⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        9⤵
        Suspicious use of SetThreadContext
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        10⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        11⤵
        Suspicious use of SetThreadContext
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        12⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        13⤵
        Suspicious use of SetThreadContext
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        14⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        15⤵
        Suspicious use of SetThreadContext
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        16⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        17⤵
        Suspicious use of SetThreadContext
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        18⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        19⤵
        Suspicious use of SetThreadContext
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        20⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        21⤵
        Suspicious use of SetThreadContext
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        22⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        23⤵
        Suspicious use of SetThreadContext
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        24⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        25⤵
        Suspicious use of SetThreadContext
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        26⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        27⤵
        Suspicious use of SetThreadContext
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        28⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        29⤵
        Suspicious use of SetThreadContext
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        30⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        31⤵
        Suspicious use of SetThreadContext
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        32⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        33⤵
        Suspicious use of SetThreadContext
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        34⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        35⤵
        Suspicious use of SetThreadContext
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        36⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        37⤵
        Suspicious use of SetThreadContext
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        38⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        39⤵
        Suspicious use of SetThreadContext
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        40⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        41⤵
        Suspicious use of SetThreadContext
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        42⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        43⤵
        Suspicious use of SetThreadContext
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        44⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        45⤵
        Suspicious use of SetThreadContext
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        46⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        47⤵
        Suspicious use of SetThreadContext
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        48⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        49⤵
        Suspicious use of SetThreadContext
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        50⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        51⤵
        Suspicious use of SetThreadContext
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        52⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        53⤵
        Suspicious use of SetThreadContext
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        54⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        55⤵
        Suspicious use of SetThreadContext
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        56⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        57⤵
        Suspicious use of SetThreadContext
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        58⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        59⤵
        Suspicious use of SetThreadContext
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        60⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        61⤵
        Suspicious use of SetThreadContext
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        62⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        63⤵
        Suspicious use of SetThreadContext
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        64⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        65⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        66⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        67⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        68⤵
        Suspicious use of SetWindowsHookEx
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        69⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        70⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        71⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        72⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        73⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        74⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        75⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        76⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        77⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        78⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        79⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        80⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        81⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        82⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        83⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        84⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        85⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        86⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        87⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        88⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        89⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        90⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        91⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        92⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        93⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        94⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        95⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        96⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        97⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        98⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        99⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        100⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        101⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        102⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        103⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        104⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        105⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        106⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        107⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        108⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        109⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        110⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        111⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        112⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        113⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        114⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        115⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        116⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        117⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        118⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        119⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        120⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        121⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        122⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        123⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        124⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        125⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        126⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        127⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        128⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        129⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        130⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        131⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        132⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        133⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        134⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        135⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        136⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\98796a1fa203c4426bfa47da9ddfa9919dc9c42e44a0eebe749a66594db92124.exe
        
        137⤵
        
        PID:1588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/208-396-0x0000000000000000-mapping.dmp

Download
memory/208-409-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/408-174-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/408-161-0x0000000000000000-mapping.dmp

Download
memory/632-444-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/632-433-0x0000000000000000-mapping.dmp

Download
memory/632-438-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/772-301-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/772-289-0x0000000000000000-mapping.dmp

Download
memory/772-294-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1020-491-0x0000000000000000-mapping.dmp

Download
memory/1088-265-0x0000000000000000-mapping.dmp

Download
memory/1088-277-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1176-368-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1176-355-0x0000000000000000-mapping.dmp

Download
memory/1348-369-0x0000000000000000-mapping.dmp

Download
memory/1348-381-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1352-235-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1352-222-0x0000000000000000-mapping.dmp

Download
memory/1460-246-0x0000000000000000-mapping.dmp

Download
memory/1472-203-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1472-191-0x0000000000000000-mapping.dmp

Download
memory/1560-552-0x0000000000000000-mapping.dmp

Download
memory/1584-463-0x0000000000000000-mapping.dmp

Download
memory/1660-487-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1660-481-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1660-476-0x0000000000000000-mapping.dmp

Download
memory/1828-181-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1828-175-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1828-170-0x0000000000000000-mapping.dmp

Download
memory/2004-220-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2004-206-0x0000000000000000-mapping.dmp

Download
memory/2004-215-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2068-566-0x0000000000000000-mapping.dmp

Download
memory/2140-590-0x0000000000000000-mapping.dmp

Download
memory/2316-420-0x0000000000000000-mapping.dmp

Download
memory/2324-405-0x0000000000000000-mapping.dmp

Download
memory/2324-410-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2324-417-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2664-216-0x0000000000000000-mapping.dmp

Download
memory/2664-228-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2664-221-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2796-237-0x0000000000000000-mapping.dmp

Download
memory/2796-249-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2952-468-0x0000000000000000-mapping.dmp

Download
memory/2952-479-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2996-454-0x0000000000000000-mapping.dmp

Download
memory/2996-467-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3060-262-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3060-251-0x0000000000000000-mapping.dmp

Download
memory/3080-494-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3080-482-0x0000000000000000-mapping.dmp

Download
memory/3140-581-0x0000000000000000-mapping.dmp

Download
memory/3180-364-0x0000000000000000-mapping.dmp

Download
memory/3192-167-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3192-155-0x0000000000000000-mapping.dmp

Download
memory/3192-160-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3196-439-0x0000000000000000-mapping.dmp

Download
memory/3196-452-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3252-323-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3252-310-0x0000000000000000-mapping.dmp

Download
memory/3428-259-0x0000000000000000-mapping.dmp

Download
memory/3428-264-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3428-270-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3532-236-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3532-231-0x0000000000000000-mapping.dmp

Download
memory/3532-242-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3616-132-0x0000000000000000-mapping.dmp

Download
memory/3616-133-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3616-144-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3616-135-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3624-143-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3624-141-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3624-140-0x0000000000000000-mapping.dmp

Download
memory/3624-145-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3624-152-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3784-532-0x0000000000000000-mapping.dmp

Download
memory/3804-346-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3804-339-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3804-334-0x0000000000000000-mapping.dmp

Download
memory/3880-524-0x0000000000000000-mapping.dmp

Download
memory/3892-316-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3892-304-0x0000000000000000-mapping.dmp

Download
memory/3892-309-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3936-190-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3936-185-0x0000000000000000-mapping.dmp

Download
memory/3936-196-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3968-395-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3968-390-0x0000000000000000-mapping.dmp

Download
memory/3968-401-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/3992-506-0x0000000000000000-mapping.dmp

Download
memory/4000-280-0x0000000000000000-mapping.dmp

Download
memory/4000-293-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4036-437-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4036-425-0x0000000000000000-mapping.dmp

Download
memory/4072-325-0x0000000000000000-mapping.dmp

Download
memory/4072-337-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4092-319-0x0000000000000000-mapping.dmp

Download
memory/4092-324-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4092-331-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4112-205-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4112-200-0x0000000000000000-mapping.dmp

Download
memory/4112-212-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4156-511-0x0000000000000000-mapping.dmp

Download
memory/4216-547-0x0000000000000000-mapping.dmp

Download
memory/4272-159-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4272-146-0x0000000000000000-mapping.dmp

Download
memory/4284-382-0x0000000000000000-mapping.dmp

Download
memory/4284-394-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4372-361-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4372-354-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4372-349-0x0000000000000000-mapping.dmp

Download
memory/4380-423-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4380-411-0x0000000000000000-mapping.dmp

Download
memory/4432-560-0x0000000000000000-mapping.dmp

Download
memory/4508-176-0x0000000000000000-mapping.dmp

Download
memory/4508-188-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4512-352-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4512-340-0x0000000000000000-mapping.dmp

Download
memory/4516-453-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4516-448-0x0000000000000000-mapping.dmp

Download
memory/4516-459-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4588-538-0x0000000000000000-mapping.dmp

Download
memory/4592-497-0x0000000000000000-mapping.dmp

Download
memory/4596-285-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4596-279-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4596-274-0x0000000000000000-mapping.dmp

Download
memory/4828-377-0x0000000000000000-mapping.dmp

Download
memory/4860-519-0x0000000000000000-mapping.dmp

Download
memory/4884-575-0x0000000000000000-mapping.dmp

Download
memory/5012-308-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/5012-295-0x0000000000000000-mapping.dmp

Download