Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
26-10-2024 03:33
Static task
static1
Behavioral task
behavioral1
Sample
d540c15e87f5ef91de29ed9d6c3c830ec610873d9c7fb874777d62f554178c62.dll
Resource
win7-20240903-en
General
-
Target
d540c15e87f5ef91de29ed9d6c3c830ec610873d9c7fb874777d62f554178c62.dll
-
Size
879KB
-
MD5
a8f7c07bb05fa504247aaeb462c441b3
-
SHA1
3c43fc52e5781e85b58092fe48959ffb24e019d2
-
SHA256
d540c15e87f5ef91de29ed9d6c3c830ec610873d9c7fb874777d62f554178c62
-
SHA512
b966f4f6f4a617e9f9ca9595b076ed104861f40cb42da813f1ad2cd8c5c018821dafecda8f9ad80e1fd711edf42905c45926d8bc8cc541a6071fb4f1c986b2c8
-
SSDEEP
12288:UNIyZN4+Wv4PLq6Okrh9ZN/hs9Dsdt+SrQtw7:U9TPmirh9Zdh6vS6q
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "userinit.exe,c:\\program files (x86)\\microsoft\\watermark.exe" svchost.exe -
Ramnit family
-
Executes dropped EXE 2 IoCs
pid Process 352 rundll32mgr.exe 2484 WaterMark.exe -
Loads dropped DLL 4 IoCs
pid Process 1784 rundll32.exe 1784 rundll32.exe 352 rundll32mgr.exe 352 rundll32mgr.exe -
Drops file in System32 directory 3 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\dmlconf.dat svchost.exe File created C:\Windows\SysWOW64\rundll32mgr.exe rundll32.exe File created C:\Windows\SysWOW64\dmlconf.dat svchost.exe -
resource yara_rule behavioral1/memory/352-24-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2484-42-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2484-41-0x0000000000400000-0x0000000000454000-memory.dmp upx behavioral1/memory/352-21-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/352-20-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/352-18-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/352-17-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/352-16-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/352-15-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2484-89-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2484-663-0x0000000000400000-0x0000000000421000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll svchost.exe File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckg.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libchain_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Photo Viewer\ImagingDevices.exe svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\slideShow.html svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html svchost.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libaom_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows NT\Accessories\wordpad.exe svchost.exe File opened for modification C:\Program Files\Internet Explorer\networkinspection.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Printing.resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\settings.html svchost.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ccme_base.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\settings.html svchost.exe File opened for modification C:\Program Files\DVD Maker\DVDMaker.exe svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\d3d11\libdirect3d11_filters_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\ink\mraut.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\tnameserv.exe svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL svchost.exe File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\decora-sse.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\RSSFeeds.html svchost.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeLinguistic.dll svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\hxdsui.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\jfxmedia.dll svchost.exe File opened for modification C:\Program Files\Microsoft Games\Hearts\Hearts.exe svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.DataSetExtensions.Resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\spu\liblogo_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\liboldmovie_plugin.dll svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll svchost.exe File opened for modification C:\Program Files\Common Files\System\msadc\msadce.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Design.Resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll svchost.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 1468 1784 WerFault.exe 30 -
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32mgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WaterMark.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe -
Suspicious behavior: EnumeratesProcesses 37 IoCs
pid Process 2484 WaterMark.exe 2484 WaterMark.exe 2484 WaterMark.exe 2484 WaterMark.exe 2484 WaterMark.exe 2484 WaterMark.exe 2484 WaterMark.exe 2484 WaterMark.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 2484 WaterMark.exe Token: SeDebugPrivilege 2688 svchost.exe Token: SeDebugPrivilege 2484 WaterMark.exe Token: SeDebugPrivilege 1784 rundll32.exe Token: SeDebugPrivilege 1468 WerFault.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 352 rundll32mgr.exe 2484 WaterMark.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1632 wrote to memory of 1784 1632 rundll32.exe 30 PID 1632 wrote to memory of 1784 1632 rundll32.exe 30 PID 1632 wrote to memory of 1784 1632 rundll32.exe 30 PID 1632 wrote to memory of 1784 1632 rundll32.exe 30 PID 1632 wrote to memory of 1784 1632 rundll32.exe 30 PID 1632 wrote to memory of 1784 1632 rundll32.exe 30 PID 1632 wrote to memory of 1784 1632 rundll32.exe 30 PID 1784 wrote to memory of 352 1784 rundll32.exe 31 PID 1784 wrote to memory of 352 1784 rundll32.exe 31 PID 1784 wrote to memory of 352 1784 rundll32.exe 31 PID 1784 wrote to memory of 352 1784 rundll32.exe 31 PID 352 wrote to memory of 2484 352 rundll32mgr.exe 32 PID 352 wrote to memory of 2484 352 rundll32mgr.exe 32 PID 352 wrote to memory of 2484 352 rundll32mgr.exe 32 PID 352 wrote to memory of 2484 352 rundll32mgr.exe 32 PID 2484 wrote to memory of 2860 2484 WaterMark.exe 33 PID 2484 wrote to memory of 2860 2484 WaterMark.exe 33 PID 2484 wrote to memory of 2860 2484 WaterMark.exe 33 PID 2484 wrote to memory of 2860 2484 WaterMark.exe 33 PID 2484 wrote to memory of 2860 2484 WaterMark.exe 33 PID 2484 wrote to memory of 2860 2484 WaterMark.exe 33 PID 2484 wrote to memory of 2860 2484 WaterMark.exe 33 PID 2484 wrote to memory of 2860 2484 WaterMark.exe 33 PID 2484 wrote to memory of 2860 2484 WaterMark.exe 33 PID 2484 wrote to memory of 2860 2484 WaterMark.exe 33 PID 1784 wrote to memory of 1468 1784 rundll32.exe 34 PID 1784 wrote to memory of 1468 1784 rundll32.exe 34 PID 1784 wrote to memory of 1468 1784 rundll32.exe 34 PID 1784 wrote to memory of 1468 1784 rundll32.exe 34 PID 2484 wrote to memory of 2688 2484 WaterMark.exe 35 PID 2484 wrote to memory of 2688 2484 WaterMark.exe 35 PID 2484 wrote to memory of 2688 2484 WaterMark.exe 35 PID 2484 wrote to memory of 2688 2484 WaterMark.exe 35 PID 2484 wrote to memory of 2688 2484 WaterMark.exe 35 PID 2484 wrote to memory of 2688 2484 WaterMark.exe 35 PID 2484 wrote to memory of 2688 2484 WaterMark.exe 35 PID 2484 wrote to memory of 2688 2484 WaterMark.exe 35 PID 2484 wrote to memory of 2688 2484 WaterMark.exe 35 PID 2484 wrote to memory of 2688 2484 WaterMark.exe 35 PID 2688 wrote to memory of 256 2688 svchost.exe 1 PID 2688 wrote to memory of 256 2688 svchost.exe 1 PID 2688 wrote to memory of 256 2688 svchost.exe 1 PID 2688 wrote to memory of 256 2688 svchost.exe 1 PID 2688 wrote to memory of 256 2688 svchost.exe 1 PID 2688 wrote to memory of 336 2688 svchost.exe 2 PID 2688 wrote to memory of 336 2688 svchost.exe 2 PID 2688 wrote to memory of 336 2688 svchost.exe 2 PID 2688 wrote to memory of 336 2688 svchost.exe 2 PID 2688 wrote to memory of 336 2688 svchost.exe 2 PID 2688 wrote to memory of 384 2688 svchost.exe 3 PID 2688 wrote to memory of 384 2688 svchost.exe 3 PID 2688 wrote to memory of 384 2688 svchost.exe 3 PID 2688 wrote to memory of 384 2688 svchost.exe 3 PID 2688 wrote to memory of 384 2688 svchost.exe 3 PID 2688 wrote to memory of 392 2688 svchost.exe 4 PID 2688 wrote to memory of 392 2688 svchost.exe 4 PID 2688 wrote to memory of 392 2688 svchost.exe 4 PID 2688 wrote to memory of 392 2688 svchost.exe 4 PID 2688 wrote to memory of 392 2688 svchost.exe 4 PID 2688 wrote to memory of 432 2688 svchost.exe 5 PID 2688 wrote to memory of 432 2688 svchost.exe 5 PID 2688 wrote to memory of 432 2688 svchost.exe 5 PID 2688 wrote to memory of 432 2688 svchost.exe 5 PID 2688 wrote to memory of 432 2688 svchost.exe 5
Processes
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe1⤵PID:256
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵PID:336
-
C:\Windows\system32\wininit.exewininit.exe1⤵PID:384
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵PID:476
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵PID:592
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe4⤵PID:1616
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵PID:284
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵PID:672
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵PID:740
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵PID:812
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵PID:1128
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵PID:856
-
C:\Windows\system32\wbem\WMIADAP.EXEwmiadap.exe /F /T /R4⤵PID:680
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵PID:964
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵PID:112
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵PID:1056
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵PID:1064
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵PID:1172
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"3⤵PID:1500
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵PID:2496
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵PID:2132
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵PID:492
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵PID:500
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵PID:392
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵PID:432
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1152
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d540c15e87f5ef91de29ed9d6c3c830ec610873d9c7fb874777d62f554178c62.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:1632 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d540c15e87f5ef91de29ed9d6c3c830ec610873d9c7fb874777d62f554178c62.dll,#13⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1784 -
C:\Windows\SysWOW64\rundll32mgr.exeC:\Windows\SysWOW64\rundll32mgr.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:352 -
C:\Program Files (x86)\Microsoft\WaterMark.exe"C:\Program Files (x86)\Microsoft\WaterMark.exe"5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2484 -
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe6⤵
- Modifies WinLogon for persistence
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2860
-
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe6⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2688
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 2244⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:1468
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize601KB
MD5b42b35681d399132e47b338504dc32cb
SHA1ad675b26968088a9e89115054be4da8280bf2401
SHA256c44e923864965d3c65558c23fe84c28e5211c244645f4a2cc4eeec2acfeccfec
SHA51218dc3d6413cd2d1dcb25396933c7f75f6b8cd5c973cf266ae4ec363d588472fe1e755ab6eca9848add04f3b4c6fad3bc2931498c60ca4d27069235c75dab4f52
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize597KB
MD52315baa7c9bd4bd9ce41b0849a4b0bbe
SHA14bb9f3654fbd2758bcdc3835482293070cc8faab
SHA256a1ad5bd18ba115898fe3836c13fd60a6ed7c076bfaae777108375d17e3a98511
SHA512ae9646c63ab9737c56e59b6fa55db8991a73db065f2c9971c49dd98ae35d43ad0670cf074cdc27c10aa77cbcd7b13e5ce6591ee3a36076c6390356e5acfd35c4
-
Filesize
293KB
MD5b913d0bea98b4e215fc9c9c0fb4bd351
SHA1bc6a89a2895bff53c0e80ef390ffaf022e38dc86
SHA2569621bb5921c596eb5246df3b5d59d3be598b4ef2d92dbf19a25c8f66cee9f2f9
SHA5123739ab8eeeea6d3759fa519e0c095b357e7044551a0e743cbf63b70e991bd9c52d4c6bd322cb6126d014ac85e07b081ef57591935b3225c9a30db0f3866f275b