Analysis
-
max time kernel
442s -
max time network
582s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
27-11-2024 22:23
General
-
Target
networkintegrityservice.exe
-
Size
14.6MB
-
MD5
63f8d0f6f8ff3fadebe4442b29a6e620
-
SHA1
e3ae4e555904f545c3cf60d2890cedcba1ee6d2e
-
SHA256
5f346eb7606a002be7b0d776838c28a606ad6e0416fa9668d0561d42099da27d
-
SHA512
af9a8119c4f0fbf5912b7bbb2167d99c96e66c7983abff60f1b45d505e0194a4d93e8eb2a4fd24de40bd922673fc22fbd488ab750edad447657a6ae4f979c267
-
SSDEEP
393216:w22L63hucWdQusl/l9foWOv+9rzIdEwGhSOIQ/RoPE:j53hrWdQuIhorvSr8Ww+SkRoPE
Score
10/10
Malware Config
Signatures
-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Exelastealer family
-
Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall 2 TTPs 4 IoCs
-
Clipboard Data 1 TTPs 4 IoCs
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL 64 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Network Service Discovery 1 TTPs 4 IoCs
Attempt to gather information on host's network.
-
Enumerates processes with tasklist 1 TTPs 4 IoCs
-
Launches sc.exe 2 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 18 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
Permission Groups Discovery: Local Groups 1 TTPs
Attempt to find local system groups and permission settings.
-
System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 4 IoCs
Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.
-
System Network Connections Discovery 1 TTPs 2 IoCs
Attempt to get a listing of network connections.
-
Collects information from the system 1 TTPs 2 IoCs
Uses WMIC.exe to find detailed system information.
-
Gathers network information 2 TTPs 4 IoCs
Uses commandline utility to view network configuration.
-
Gathers system information 1 TTPs 2 IoCs
Runs systeminfo.exe.
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exe"C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exe"C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exe"2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~3⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~4⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"5⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c5⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~5⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~6⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"7⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c7⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~7⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~8⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"9⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c9⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~9⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~10⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"11⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c11⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~11⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~12⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"13⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c13⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~13⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~14⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"15⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c15⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~15⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~16⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"17⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c17⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~17⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~18⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"19⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c19⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~19⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~20⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"21⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c21⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~21⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~22⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"23⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c23⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~23⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~24⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"25⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c25⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~25⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~26⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"27⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c27⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~27⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~28⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"29⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c29⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~29⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~30⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"31⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c31⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~31⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~32⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"33⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c33⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~33⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~34⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"35⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c35⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~35⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~36⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"37⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c37⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~37⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~38⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"39⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c39⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~39⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~40⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"41⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c41⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~41⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~42⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"43⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c43⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~43⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~44⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"45⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c45⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~45⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~46⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"47⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c47⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~47⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~48⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"49⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c49⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~49⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~50⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"51⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c51⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~51⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~52⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"53⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c53⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~53⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~54⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"55⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c55⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~55⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~56⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"57⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c57⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~57⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~58⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"59⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c59⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~59⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~60⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"61⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c61⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~61⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~62⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"63⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c63⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~63⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~64⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"65⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c65⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~65⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~66⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"67⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c67⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~67⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~68⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"69⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c69⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~69⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~70⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"71⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c71⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~71⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~72⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"73⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c73⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~73⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~74⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"75⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c75⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~75⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~76⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"77⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c77⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~77⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~78⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"79⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c79⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~79⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~80⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"81⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c81⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~81⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~82⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"83⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c83⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~83⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~84⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"85⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c85⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~85⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~86⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"87⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c87⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~87⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~88⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"89⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c89⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~89⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~90⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"91⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c91⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~91⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~92⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"93⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c93⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~93⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~94⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"95⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c95⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~95⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~96⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"97⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c97⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~97⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~98⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"99⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c99⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~99⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~100⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"101⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c101⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~101⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~102⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"103⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c103⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~103⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~104⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"105⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c105⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~105⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~106⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"107⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c107⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~107⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~108⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"109⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c109⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~109⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~110⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"111⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c111⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~111⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~112⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"113⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c113⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~113⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~114⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"115⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c115⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~115⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~116⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"117⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c117⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~117⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~118⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"119⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c119⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NetworkIntegrityService.exe ~ Midnight ~119⤵
-
C:\Users\Admin\AppData\Local\Temp\networkintegrityservice.exeNetworkIntegrityService.exe ~ Midnight ~120⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-