9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
04-11-2024 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
Size

1.2MB
MD5

2f79684349eb97b0e072d21a1b462243
SHA1

ed9b9eeafc5535802e498e78611f262055d736af
SHA256

9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04
SHA512

4d94ae4633f3bf489d1bc9613fc6028865064ec98f73b5e9e775f08ff55d246daeddce6a4a0a013a9d05e65edc726768c397d0382e5c35352144b5338d6467d3
SSDEEP

24576:9piXI12TyeC5m71MsNon4J0t1TBUV1E1HP9yjy3anIPXD:9pYaeC52KsNgFtxBUvWIaaKz

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 524 wrote to memory of 2648	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	31
PID 524 wrote to memory of 2648	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	31
PID 524 wrote to memory of 2648	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	31
PID 524 wrote to memory of 2648	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	31
PID 524 wrote to memory of 2648	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	31
PID 524 wrote to memory of 2648	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	31
PID 524 wrote to memory of 2648	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	31
PID 524 wrote to memory of 3024	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	32
PID 524 wrote to memory of 3024	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	32
PID 524 wrote to memory of 3024	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	32
PID 524 wrote to memory of 3024	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	32
PID 524 wrote to memory of 3024	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	32
PID 524 wrote to memory of 3024	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	32
PID 524 wrote to memory of 3024	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	32
PID 524 wrote to memory of 2380	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	33
PID 524 wrote to memory of 2380	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	33
PID 524 wrote to memory of 2380	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	33
PID 524 wrote to memory of 2380	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	33
PID 524 wrote to memory of 2380	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	33
PID 524 wrote to memory of 2380	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	33
PID 524 wrote to memory of 2380	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	33
PID 524 wrote to memory of 2756	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	34
PID 524 wrote to memory of 2756	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	34
PID 524 wrote to memory of 2756	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	34
PID 524 wrote to memory of 2756	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	34
PID 524 wrote to memory of 2756	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	34
PID 524 wrote to memory of 2756	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	34
PID 524 wrote to memory of 2756	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	34
PID 524 wrote to memory of 2896	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	35
PID 524 wrote to memory of 2896	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	35
PID 524 wrote to memory of 2896	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	35
PID 524 wrote to memory of 2896	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	35
PID 524 wrote to memory of 2896	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	35
PID 524 wrote to memory of 2896	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	35
PID 524 wrote to memory of 2896	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	35
PID 524 wrote to memory of 2788	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	36
PID 524 wrote to memory of 2788	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	36
PID 524 wrote to memory of 2788	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	36
PID 524 wrote to memory of 2788	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	36
PID 524 wrote to memory of 2788	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	36
PID 524 wrote to memory of 2788	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	36
PID 524 wrote to memory of 2788	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	36
PID 524 wrote to memory of 2668	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	37
PID 524 wrote to memory of 2668	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	37
PID 524 wrote to memory of 2668	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	37
PID 524 wrote to memory of 2668	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	37
PID 524 wrote to memory of 2668	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	37
PID 524 wrote to memory of 2668	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	37
PID 524 wrote to memory of 2668	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	37
PID 524 wrote to memory of 2676	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	38
PID 524 wrote to memory of 2676	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	38
PID 524 wrote to memory of 2676	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	38
PID 524 wrote to memory of 2676	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	38
PID 524 wrote to memory of 2676	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	38
PID 524 wrote to memory of 2676	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	38
PID 524 wrote to memory of 2676	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	38
PID 524 wrote to memory of 2620	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	39
PID 524 wrote to memory of 2620	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	39
PID 524 wrote to memory of 2620	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	39
PID 524 wrote to memory of 2620	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	39
PID 524 wrote to memory of 2620	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	39
PID 524 wrote to memory of 2620	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	39
PID 524 wrote to memory of 2620	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	39
PID 524 wrote to memory of 2616	524	9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe	40

C:\Users\Admin\AppData\Local\Temp\9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe
"C:\Users\Admin\AppData\Local\Temp\9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:524
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2648
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:3024
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2380
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2756
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2896
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2788
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2668
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2676
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2620
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2616
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2636
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2684
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2692
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:320
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2124
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2104
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2464
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2148
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2576
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2088
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2080
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2600
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2296
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2688
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1648
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1872
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2916
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1984
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2508
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:800
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:560
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1948
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1176
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2796
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2980
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1928
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1464
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1932
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1288
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2364
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:924
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:3008
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1892
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1888
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1752
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2396
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2384
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2660
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1972
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2076
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1068
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1628
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:940
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2168
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2716
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2248
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1484
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1504
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1332
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1908
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2028
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2288
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2096
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2020
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1076
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1180
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1172
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1352
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1052
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1064
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:432
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2816
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:3060
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:3068
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:928
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1268
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:640
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:688
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:756
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1704
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2504
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:972
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1184
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1016
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:968
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2400
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:328
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2864
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1772
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2420
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1748
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2004
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1724
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1780
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:896
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:2032
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1056
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1688
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:1416
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"
  2⤵
  PID:676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/524-0-0x000007FEF58E3000-0x000007FEF58E4000-memory.dmp

Filesize
4KB

Download
memory/524-1-0x00000000009C0000-0x0000000000B02000-memory.dmp

Filesize
1.3MB

Download
memory/524-2-0x000007FEF58E0000-0x000007FEF62CC000-memory.dmp

Filesize
9.9MB

Download
memory/524-3-0x000000001C050000-0x000000001C150000-memory.dmp

Filesize
1024KB

Download
memory/524-4-0x000007FEF58E3000-0x000007FEF58E4000-memory.dmp

Filesize
4KB

Download
memory/524-5-0x000007FEF58E0000-0x000007FEF62CC000-memory.dmp

Filesize
9.9MB

Download