f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-07-2023 21:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe
Size

4.9MB
MD5

b1417930b362afa743ccc22ee0897616
SHA1

8223e4108872d80ac7946ba40228d727a0c8474b
SHA256

f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388
SHA512

9750b25661a1f2a7768eb0f0c8778a4f166f240250e0e6be40f7b4198eb6168bedefd66bca206d34c8f20fbf8103a86bf0b7096e32365e73e4328687a8715a67
SSDEEP

49152:Kcy+hHebo3rvGLHMjOPgNOlE8XHg1itvjKWv54O3BgBaLhx7ooJCKk:hy+hHGo3rqoIlOqj6oJCK

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2788	wmic.exe
Token: SeSecurityPrivilege	2788	wmic.exe
Token: SeTakeOwnershipPrivilege	2788	wmic.exe
Token: SeLoadDriverPrivilege	2788	wmic.exe
Token: SeSystemProfilePrivilege	2788	wmic.exe
Token: SeSystemtimePrivilege	2788	wmic.exe
Token: SeProfSingleProcessPrivilege	2788	wmic.exe
Token: SeIncBasePriorityPrivilege	2788	wmic.exe
Token: SeCreatePagefilePrivilege	2788	wmic.exe
Token: SeBackupPrivilege	2788	wmic.exe
Token: SeRestorePrivilege	2788	wmic.exe
Token: SeShutdownPrivilege	2788	wmic.exe
Token: SeDebugPrivilege	2788	wmic.exe
Token: SeSystemEnvironmentPrivilege	2788	wmic.exe
Token: SeRemoteShutdownPrivilege	2788	wmic.exe
Token: SeUndockPrivilege	2788	wmic.exe
Token: SeManageVolumePrivilege	2788	wmic.exe
Token: 33	2788	wmic.exe
Token: 34	2788	wmic.exe
Token: 35	2788	wmic.exe
Token: 36	2788	wmic.exe
Token: SeIncreaseQuotaPrivilege	2788	wmic.exe
Token: SeSecurityPrivilege	2788	wmic.exe
Token: SeTakeOwnershipPrivilege	2788	wmic.exe
Token: SeLoadDriverPrivilege	2788	wmic.exe
Token: SeSystemProfilePrivilege	2788	wmic.exe
Token: SeSystemtimePrivilege	2788	wmic.exe
Token: SeProfSingleProcessPrivilege	2788	wmic.exe
Token: SeIncBasePriorityPrivilege	2788	wmic.exe
Token: SeCreatePagefilePrivilege	2788	wmic.exe
Token: SeBackupPrivilege	2788	wmic.exe
Token: SeRestorePrivilege	2788	wmic.exe
Token: SeShutdownPrivilege	2788	wmic.exe
Token: SeDebugPrivilege	2788	wmic.exe
Token: SeSystemEnvironmentPrivilege	2788	wmic.exe
Token: SeRemoteShutdownPrivilege	2788	wmic.exe
Token: SeUndockPrivilege	2788	wmic.exe
Token: SeManageVolumePrivilege	2788	wmic.exe
Token: 33	2788	wmic.exe
Token: 34	2788	wmic.exe
Token: 35	2788	wmic.exe
Token: 36	2788	wmic.exe
Token: SeIncreaseQuotaPrivilege	3040	wmic.exe
Token: SeSecurityPrivilege	3040	wmic.exe
Token: SeTakeOwnershipPrivilege	3040	wmic.exe
Token: SeLoadDriverPrivilege	3040	wmic.exe
Token: SeSystemProfilePrivilege	3040	wmic.exe
Token: SeSystemtimePrivilege	3040	wmic.exe
Token: SeProfSingleProcessPrivilege	3040	wmic.exe
Token: SeIncBasePriorityPrivilege	3040	wmic.exe
Token: SeCreatePagefilePrivilege	3040	wmic.exe
Token: SeBackupPrivilege	3040	wmic.exe
Token: SeRestorePrivilege	3040	wmic.exe
Token: SeShutdownPrivilege	3040	wmic.exe
Token: SeDebugPrivilege	3040	wmic.exe
Token: SeSystemEnvironmentPrivilege	3040	wmic.exe
Token: SeRemoteShutdownPrivilege	3040	wmic.exe
Token: SeUndockPrivilege	3040	wmic.exe
Token: SeManageVolumePrivilege	3040	wmic.exe
Token: 33	3040	wmic.exe
Token: 34	3040	wmic.exe
Token: 35	3040	wmic.exe
Token: 36	3040	wmic.exe
Token: SeIncreaseQuotaPrivilege	3040	wmic.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 2788	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	85
PID 1576 wrote to memory of 2788	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	85
PID 1576 wrote to memory of 2788	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	85
PID 1576 wrote to memory of 3040	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	88
PID 1576 wrote to memory of 3040	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	88
PID 1576 wrote to memory of 3040	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	88
PID 1576 wrote to memory of 3644	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	90
PID 1576 wrote to memory of 3644	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	90
PID 1576 wrote to memory of 3644	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	90
PID 1576 wrote to memory of 4872	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	92
PID 1576 wrote to memory of 4872	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	92
PID 1576 wrote to memory of 4872	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	92
PID 1576 wrote to memory of 3620	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	94
PID 1576 wrote to memory of 3620	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	94
PID 1576 wrote to memory of 3620	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	94
PID 1576 wrote to memory of 4612	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	96
PID 1576 wrote to memory of 4612	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	96
PID 1576 wrote to memory of 4612	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	96
PID 1576 wrote to memory of 628	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	98
PID 1576 wrote to memory of 628	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	98
PID 1576 wrote to memory of 628	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	98
PID 1576 wrote to memory of 4592	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	100
PID 1576 wrote to memory of 4592	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	100
PID 1576 wrote to memory of 4592	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	100
PID 1576 wrote to memory of 864	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	102
PID 1576 wrote to memory of 864	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	102
PID 1576 wrote to memory of 864	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	102
PID 1576 wrote to memory of 4328	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	104
PID 1576 wrote to memory of 4328	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	104
PID 1576 wrote to memory of 4328	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	104
PID 1576 wrote to memory of 4172	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	106
PID 1576 wrote to memory of 4172	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	106
PID 1576 wrote to memory of 4172	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	106
PID 1576 wrote to memory of 4180	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	109
PID 1576 wrote to memory of 4180	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	109
PID 1576 wrote to memory of 4180	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	109
PID 1576 wrote to memory of 4112	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	111
PID 1576 wrote to memory of 4112	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	111
PID 1576 wrote to memory of 4112	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	111
PID 1576 wrote to memory of 1492	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	113
PID 1576 wrote to memory of 1492	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	113
PID 1576 wrote to memory of 1492	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	113
PID 1576 wrote to memory of 4804	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	116
PID 1576 wrote to memory of 4804	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	116
PID 1576 wrote to memory of 4804	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	116
PID 1576 wrote to memory of 2236	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	118
PID 1576 wrote to memory of 2236	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	118
PID 1576 wrote to memory of 2236	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	118
PID 1576 wrote to memory of 2156	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	120
PID 1576 wrote to memory of 2156	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	120
PID 1576 wrote to memory of 2156	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	120
PID 1576 wrote to memory of 4620	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	122
PID 1576 wrote to memory of 4620	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	122
PID 1576 wrote to memory of 4620	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	122
PID 1576 wrote to memory of 3276	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	124
PID 1576 wrote to memory of 3276	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	124
PID 1576 wrote to memory of 3276	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	124
PID 1576 wrote to memory of 4820	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	126
PID 1576 wrote to memory of 4820	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	126
PID 1576 wrote to memory of 4820	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	126
PID 1576 wrote to memory of 2144	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	128
PID 1576 wrote to memory of 2144	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	128
PID 1576 wrote to memory of 2144	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	128
PID 1576 wrote to memory of 1516	1576	f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe	130

C:\Users\Admin\AppData\Local\Temp\f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe
"C:\Users\Admin\AppData\Local\Temp\f46cdce2eb09df5bc3475df6fd8f6d512859f6307daccc180ff8b0bb4785b388.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2788
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3040
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:3644
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:4872
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:3620
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:4612
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:628
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:4592
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:864
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:4328
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:4172
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:4180
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:4112
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:1492
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:4804
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:2236
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:2156
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:4620
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:3276
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:4820
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:2144
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:1516
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:4292
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:408
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:4480
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:1956
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:1624
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:2596
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:5056
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:2160
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:1676
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:3008
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:2780
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:3324
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:1212
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:1932
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:1768
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:3084
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:2812
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:2268
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:404
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:3860
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:4640
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:1708
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:1904
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:4588
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:3432
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:3320
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:4464
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:540
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:4872
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:2032
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:4044
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:4776
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:1232
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:1692
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic process where caption='LeagueClientUx.exe' get commandline
  2⤵
  PID:4824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1576-133-0x00000000006A0000-0x0000000000D67000-memory.dmp

Filesize
6.8MB

Download
memory/1576-134-0x00000000006A0000-0x0000000000D67000-memory.dmp

Filesize
6.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads