9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-11-2024 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
Size

1.2MB
MD5

2f79684349eb97b0e072d21a1b462243
SHA1

ed9b9eeafc5535802e498e78611f262055d736af
SHA256

9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04
SHA512

4d94ae4633f3bf489d1bc9613fc6028865064ec98f73b5e9e775f08ff55d246daeddce6a4a0a013a9d05e65edc726768c397d0382e5c35352144b5338d6467d3
SSDEEP

24576:9piXI12TyeC5m71MsNon4J0t1TBUV1E1HP9yjy3anIPXD:9pYaeC52KsNgFtxBUvWIaaKz

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 2744	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	31
PID 1684 wrote to memory of 2744	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	31
PID 1684 wrote to memory of 2744	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	31
PID 1684 wrote to memory of 2744	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	31
PID 1684 wrote to memory of 2744	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	31
PID 1684 wrote to memory of 2744	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	31
PID 1684 wrote to memory of 2744	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	31
PID 1684 wrote to memory of 2772	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	32
PID 1684 wrote to memory of 2772	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	32
PID 1684 wrote to memory of 2772	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	32
PID 1684 wrote to memory of 2772	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	32
PID 1684 wrote to memory of 2772	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	32
PID 1684 wrote to memory of 2772	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	32
PID 1684 wrote to memory of 2772	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	32
PID 1684 wrote to memory of 2776	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	33
PID 1684 wrote to memory of 2776	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	33
PID 1684 wrote to memory of 2776	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	33
PID 1684 wrote to memory of 2776	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	33
PID 1684 wrote to memory of 2776	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	33
PID 1684 wrote to memory of 2776	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	33
PID 1684 wrote to memory of 2776	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	33
PID 1684 wrote to memory of 2660	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	34
PID 1684 wrote to memory of 2660	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	34
PID 1684 wrote to memory of 2660	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	34
PID 1684 wrote to memory of 2660	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	34
PID 1684 wrote to memory of 2660	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	34
PID 1684 wrote to memory of 2660	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	34
PID 1684 wrote to memory of 2660	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	34
PID 1684 wrote to memory of 2888	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	35
PID 1684 wrote to memory of 2888	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	35
PID 1684 wrote to memory of 2888	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	35
PID 1684 wrote to memory of 2888	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	35
PID 1684 wrote to memory of 2888	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	35
PID 1684 wrote to memory of 2888	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	35
PID 1684 wrote to memory of 2888	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	35
PID 1684 wrote to memory of 2604	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	36
PID 1684 wrote to memory of 2604	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	36
PID 1684 wrote to memory of 2604	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	36
PID 1684 wrote to memory of 2604	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	36
PID 1684 wrote to memory of 2604	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	36
PID 1684 wrote to memory of 2604	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	36
PID 1684 wrote to memory of 2604	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	36
PID 1684 wrote to memory of 2600	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	37
PID 1684 wrote to memory of 2600	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	37
PID 1684 wrote to memory of 2600	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	37
PID 1684 wrote to memory of 2600	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	37
PID 1684 wrote to memory of 2600	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	37
PID 1684 wrote to memory of 2600	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	37
PID 1684 wrote to memory of 2600	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	37
PID 1684 wrote to memory of 2620	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	38
PID 1684 wrote to memory of 2620	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	38
PID 1684 wrote to memory of 2620	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	38
PID 1684 wrote to memory of 2620	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	38
PID 1684 wrote to memory of 2620	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	38
PID 1684 wrote to memory of 2620	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	38
PID 1684 wrote to memory of 2620	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	38
PID 1684 wrote to memory of 1444	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	39
PID 1684 wrote to memory of 1444	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	39
PID 1684 wrote to memory of 1444	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	39
PID 1684 wrote to memory of 1444	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	39
PID 1684 wrote to memory of 1444	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	39
PID 1684 wrote to memory of 1444	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	39
PID 1684 wrote to memory of 1444	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	39
PID 1684 wrote to memory of 2652	1684	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	40

C:\Users\Admin\AppData\Local\Temp\9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
"C:\Users\Admin\AppData\Local\Temp\9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2744
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2772
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2776
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2660
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2888
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2604
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2600
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2620
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1444
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2652
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2676
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1140
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2128
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1820
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2900
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2648
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2472
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2196
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2728
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1992
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2708
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1692
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:560
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1972
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1872
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1488
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:3056
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2228
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2592
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2148
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2368
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1612
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2952
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2512
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1716
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2428
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1936
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1520
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2040
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1332
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:840
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1284
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:760
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1772
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:440
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2212
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2272
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2644
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2164
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:600
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2124
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2516
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2068
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:644
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2324
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1868
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2108
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1492
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2396
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2080
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2060
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:292
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:764
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1812
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2996
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1032
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1036
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1296
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1628
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:920
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:444
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2200
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2508
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1044
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2504
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2992
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1976
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1244
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1088
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1348
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1616
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:540
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:936
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2088
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1764
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1396
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1844
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1564
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:620
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1500
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1364
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1556
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1536
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1700
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2260
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1720
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1884
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1704
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1688
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1684-0-0x000007FEF5973000-0x000007FEF5974000-memory.dmp

Filesize
4KB

Download
memory/1684-1-0x0000000000E60000-0x0000000000FA2000-memory.dmp

Filesize
1.3MB

Download
memory/1684-2-0x000007FEF5970000-0x000007FEF635C000-memory.dmp

Filesize
9.9MB

Download
memory/1684-3-0x000000001B700000-0x000000001B800000-memory.dmp

Filesize
1024KB

Download
memory/1684-4-0x000007FEF5973000-0x000007FEF5974000-memory.dmp

Filesize
4KB

Download
memory/1684-5-0x000007FEF5970000-0x000007FEF635C000-memory.dmp

Filesize
9.9MB

Download