Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
19-07-2024 11:17
General
-
Target
5bb68cbc88a927f2399e0b5404fe9368_JaffaCakes118.exe
-
Size
48KB
-
MD5
5bb68cbc88a927f2399e0b5404fe9368
-
SHA1
2e321e5a77658492932a3fd58cb8ea3a38edda89
-
SHA256
b6c7ae9985097367e00bbf60d1436a7d52afafd26a931ef9523643fc533ce24f
-
SHA512
ca76e4c550e4a9ef6ce88d742d84f72c333b8ee361caece7f73de6754fadd2bba37bbd2d0ea609f6356b2a1ee86bab1647b5226ba48523f81c39fa76bfe4c712
-
SSDEEP
768:5UzZqNeSIAaE6EtzwuZDfDc8iTEc38Z0D6Z878OHQxVE0kCSiqyLeCDyBrIBN4sI:qVqMSgow0Lcyc1Dc8NCZSirx8rS4H
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5bb68cbc88a927f2399e0b5404fe9368_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5bb68cbc88a927f2399e0b5404fe9368_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\libxoqjv.exeC:\Windows\system32\libxoqjv.exe 380 "C:\Users\Admin\AppData\Local\Temp\5bb68cbc88a927f2399e0b5404fe9368_JaffaCakes118.exe"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\syswsotu.exeC:\Windows\system32\syswsotu.exe 344 "C:\Windows\SysWOW64\libxoqjv.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regveles.exeC:\Windows\system32\regveles.exe 344 "C:\Windows\SysWOW64\syswsotu.exe"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\drviobrw.exeC:\Windows\system32\drviobrw.exe 344 "C:\Windows\SysWOW64\regveles.exe"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\umcvfrxa.exeC:\Windows\system32\umcvfrxa.exe 344 "C:\Windows\SysWOW64\drviobrw.exe"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\atlqxgdw.exeC:\Windows\system32\atlqxgdw.exe 348 "C:\Windows\SysWOW64\umcvfrxa.exe"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\nettmrqz.exeC:\Windows\system32\nettmrqz.exe 348 "C:\Windows\SysWOW64\atlqxgdw.exe"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\libgwowd.exeC:\Windows\system32\libgwowd.exe 344 "C:\Windows\SysWOW64\nettmrqz.exe"9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\comtnech.exeC:\Windows\system32\comtnech.exe 344 "C:\Windows\SysWOW64\libgwowd.exe"10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schofuik.exeC:\Windows\system32\schofuik.exe 348 "C:\Windows\SysWOW64\comtnech.exe"11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\drvruedg.exeC:\Windows\system32\drvruedg.exe 344 "C:\Windows\SysWOW64\schofuik.exe"12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\umceeujj.exeC:\Windows\system32\umceeujj.exe 344 "C:\Windows\SysWOW64\drvruedg.exe"13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\atlrvkon.exeC:\Windows\system32\atlrvkon.exe 344 "C:\Windows\SysWOW64\umceeujj.exe"14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regmfzur.exeC:\Windows\system32\regmfzur.exe 344 "C:\Windows\SysWOW64\atlrvkon.exe"15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\libockhu.exeC:\Windows\system32\libockhu.exe 344 "C:\Windows\SysWOW64\regmfzur.exe"16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\clibmanq.exeC:\Windows\system32\clibmanq.exe 344 "C:\Windows\SysWOW64\libockhu.exe"17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\xmlodxtu.exeC:\Windows\system32\xmlodxtu.exe 344 "C:\Windows\SysWOW64\clibmanq.exe"18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netjnnzy.exeC:\Windows\system32\netjnnzy.exe 344 "C:\Windows\SysWOW64\xmlodxtu.exe"19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\xmlizkrx.exeC:\Windows\system32\xmlizkrx.exe 344 "C:\Windows\SysWOW64\netjnnzy.exe"20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netviaxa.exeC:\Windows\system32\netviaxa.exe 212 "C:\Windows\SysWOW64\xmlizkrx.exe"21⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\libiaqdw.exeC:\Windows\system32\libiaqdw.exe 344 "C:\Windows\SysWOW64\netviaxa.exe"22⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\syshmnnv.exeC:\Windows\system32\syshmnnv.exe 344 "C:\Windows\SysWOW64\libiaqdw.exe"23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\igfcwltz.exeC:\Windows\system32\igfcwltz.exe 344 "C:\Windows\SysWOW64\syshmnnv.exe"24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\schflvoc.exeC:\Windows\system32\schflvoc.exe 344 "C:\Windows\SysWOW64\igfcwltz.exe"25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\dllsdlug.exeC:\Windows\system32\dllsdlug.exe 344 "C:\Windows\SysWOW64\schflvoc.exe"26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\advfubac.exeC:\Windows\system32\advfubac.exe 344 "C:\Windows\SysWOW64\dllsdlug.exe"27⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\rdlaeqgg.exeC:\Windows\system32\rdlaeqgg.exe 344 "C:\Windows\SysWOW64\advfubac.exe"28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regctbtj.exeC:\Windows\system32\regctbtj.exe 336 "C:\Windows\SysWOW64\rdlaeqgg.exe"29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\sysplrzm.exeC:\Windows\system32\sysplrzm.exe 344 "C:\Windows\SysWOW64\regctbtj.exe"30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\igfcugeq.exeC:\Windows\system32\igfcugeq.exe 344 "C:\Windows\SysWOW64\sysplrzm.exe"31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\capxmwkm.exeC:\Windows\system32\capxmwkm.exe 344 "C:\Windows\SysWOW64\igfcugeq.exe"32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\dllabgfp.exeC:\Windows\system32\dllabgfp.exe 344 "C:\Windows\SysWOW64\capxmwkm.exe"33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\advntelt.exeC:\Windows\system32\advntelt.exe 344 "C:\Windows\SysWOW64\dllabgfp.exe"34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\comacurx.exeC:\Windows\system32\comacurx.exe 360 "C:\Windows\SysWOW64\advntelt.exe"35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\schvujxt.exeC:\Windows\system32\schvujxt.exe 348 "C:\Windows\SysWOW64\comacurx.exe"36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\drvyjukw.exeC:\Windows\system32\drvyjukw.exe 344 "C:\Windows\SysWOW64\schvujxt.exe"37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\umclbkqa.exeC:\Windows\system32\umclbkqa.exe 348 "C:\Windows\SysWOW64\drvyjukw.exe"38⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\capykzwe.exeC:\Windows\system32\capykzwe.exe 344 "C:\Windows\SysWOW64\umclbkqa.exe"39⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\contcpkh.exeC:\Windows\system32\contcpkh.exe 344 "C:\Windows\SysWOW64\capykzwe.exe"40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\atlvrzxd.exeC:\Windows\system32\atlvrzxd.exe 344 "C:\Windows\SysWOW64\contcpkh.exe"41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regijpdg.exeC:\Windows\system32\regijpdg.exe 344 "C:\Windows\SysWOW64\atlvrzxd.exe"42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\drvvsnik.exeC:\Windows\system32\drvvsnik.exe 344 "C:\Windows\SysWOW64\regijpdg.exe"43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\umcqkdoo.exeC:\Windows\system32\umcqkdoo.exe 344 "C:\Windows\SysWOW64\drvvsnik.exe"44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\xmltznjr.exeC:\Windows\system32\xmltznjr.exe 344 "C:\Windows\SysWOW64\umcqkdoo.exe"45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\netgrdpn.exeC:\Windows\system32\netgrdpn.exe 344 "C:\Windows\SysWOW64\xmltznjr.exe"46⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\libtasvr.exeC:\Windows\system32\libtasvr.exe 344 "C:\Windows\SysWOW64\netgrdpn.exe"47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\comgsibv.exeC:\Windows\system32\comgsibv.exe 344 "C:\Windows\SysWOW64\libtasvr.exe"48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmdqhsoy.exeC:\Windows\system32\cmdqhsoy.exe 344 "C:\Windows\SysWOW64\comgsibv.exe"49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\drvdziuc.exeC:\Windows\system32\drvdziuc.exe 380 "C:\Windows\SysWOW64\cmdqhsoy.exe"50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\umcqigay.exeC:\Windows\system32\umcqigay.exe 344 "C:\Windows\SysWOW64\drvdziuc.exe"51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\atldawfb.exeC:\Windows\system32\atldawfb.exe 360 "C:\Windows\SysWOW64\umcqigay.exe"52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\netopgbe.exeC:\Windows\system32\netopgbe.exe 364 "C:\Windows\SysWOW64\atldawfb.exe"53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\libbhwgi.exeC:\Windows\system32\libbhwgi.exe 384 "C:\Windows\SysWOW64\netopgbe.exe"54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\clioqlme.exeC:\Windows\system32\clioqlme.exe 360 "C:\Windows\SysWOW64\libbhwgi.exe"55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\xmlbibsi.exeC:\Windows\system32\xmlbibsi.exe 344 "C:\Windows\SysWOW64\clioqlme.exe"56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\winmxlfl.exeC:\Windows\system32\winmxlfl.exe 344 "C:\Windows\SysWOW64\xmlbibsi.exe"57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\rdlzpblp.exeC:\Windows\system32\rdlzpblp.exe 344 "C:\Windows\SysWOW64\winmxlfl.exe"58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\secmyrrt.exeC:\Windows\system32\secmyrrt.exe 344 "C:\Windows\SysWOW64\rdlzpblp.exe"59⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regzqpxp.exeC:\Windows\system32\regzqpxp.exe 344 "C:\Windows\SysWOW64\secmyrrt.exe"60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\libjfrss.exeC:\Windows\system32\libjfrss.exe 344 "C:\Windows\SysWOW64\regzqpxp.exe"61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cliwxpyw.exeC:\Windows\system32\cliwxpyw.exe 344 "C:\Windows\SysWOW64\libjfrss.exe"62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\xmljgedz.exeC:\Windows\system32\xmljgedz.exe 344 "C:\Windows\SysWOW64\cliwxpyw.exe"63⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\netwyujv.exeC:\Windows\system32\netwyujv.exe 344 "C:\Windows\SysWOW64\xmljgedz.exe"64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\rdlhnewy.exeC:\Windows\system32\rdlhnewy.exe 388 "C:\Windows\SysWOW64\netwyujv.exe"65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\secufucc.exeC:\Windows\system32\secufucc.exe 344 "C:\Windows\SysWOW64\rdlhnewy.exe"66⤵
-
C:\Windows\SysWOW64\cmdhokig.exeC:\Windows\system32\cmdhokig.exe 344 "C:\Windows\SysWOW64\secufucc.exe"67⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\winugawk.exeC:\Windows\system32\winugawk.exe 344 "C:\Windows\SysWOW64\cmdhokig.exe"68⤵
-
C:\Windows\SysWOW64\capevkjn.exeC:\Windows\system32\capevkjn.exe 344 "C:\Windows\SysWOW64\winugawk.exe"69⤵
-
C:\Windows\SysWOW64\winocvmf.exeC:\Windows\system32\winocvmf.exe 344 "C:\Windows\SysWOW64\capevkjn.exe"70⤵
-
C:\Windows\SysWOW64\rdlbtksi.exeC:\Windows\system32\rdlbtksi.exe 344 "C:\Windows\SysWOW64\winocvmf.exe"71⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\condjvfl.exeC:\Windows\system32\condjvfl.exe 348 "C:\Windows\SysWOW64\rdlbtksi.exe"72⤵
-
C:\Windows\SysWOW64\sysysllp.exeC:\Windows\system32\sysysllp.exe 344 "C:\Windows\SysWOW64\condjvfl.exe"73⤵
-
C:\Windows\SysWOW64\igflkazl.exeC:\Windows\system32\igflkazl.exe 348 "C:\Windows\SysWOW64\sysysllp.exe"74⤵
-
C:\Windows\SysWOW64\capytqep.exeC:\Windows\system32\capytqep.exe 344 "C:\Windows\SysWOW64\igflkazl.exe"75⤵
-
C:\Windows\SysWOW64\dllbrass.exeC:\Windows\system32\dllbrass.exe 344 "C:\Windows\SysWOW64\capytqep.exe"76⤵
-
C:\Windows\SysWOW64\advwaqxw.exeC:\Windows\system32\advwaqxw.exe 344 "C:\Windows\SysWOW64\dllbrass.exe"77⤵
-
C:\Windows\SysWOW64\comjsoda.exeC:\Windows\system32\comjsoda.exe 344 "C:\Windows\SysWOW64\advwaqxw.exe"78⤵
-
C:\Windows\SysWOW64\secwbdjw.exeC:\Windows\system32\secwbdjw.exe 344 "C:\Windows\SysWOW64\comjsoda.exe"79⤵
-
C:\Windows\SysWOW64\syszzoez.exeC:\Windows\system32\syszzoez.exe 344 "C:\Windows\SysWOW64\secwbdjw.exe"80⤵
-
C:\Windows\SysWOW64\igfuiekd.exeC:\Windows\system32\igfuiekd.exe 348 "C:\Windows\SysWOW64\syszzoez.exe"81⤵
-
C:\Windows\SysWOW64\caphatqg.exeC:\Windows\system32\caphatqg.exe 348 "C:\Windows\SysWOW64\igfuiekd.exe"82⤵
-
C:\Windows\SysWOW64\conujjwk.exeC:\Windows\system32\conujjwk.exe 344 "C:\Windows\SysWOW64\caphatqg.exe"83⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\advwhtjf.exeC:\Windows\system32\advwhtjf.exe 344 "C:\Windows\SysWOW64\conujjwk.exe"84⤵
-
C:\Windows\SysWOW64\comrqjpj.exeC:\Windows\system32\comrqjpj.exe 344 "C:\Windows\SysWOW64\advwhtjf.exe"85⤵
-
C:\Windows\SysWOW64\drveihun.exeC:\Windows\system32\drveihun.exe 216 "C:\Windows\SysWOW64\comrqjpj.exe"86⤵
-
C:\Windows\SysWOW64\umcrrxar.exeC:\Windows\system32\umcrrxar.exe 380 "C:\Windows\SysWOW64\drveihun.exe"87⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\xmluphvu.exeC:\Windows\system32\xmluphvu.exe 344 "C:\Windows\SysWOW64\umcrrxar.exe"88⤵
-
C:\Windows\SysWOW64\netpyxbq.exeC:\Windows\system32\netpyxbq.exe 344 "C:\Windows\SysWOW64\xmluphvu.exe"89⤵
-
C:\Windows\SysWOW64\advcqmhu.exeC:\Windows\system32\advcqmhu.exe 216 "C:\Windows\SysWOW64\netpyxbq.exe"90⤵
-
C:\Windows\SysWOW64\compzcny.exeC:\Windows\system32\compzcny.exe 344 "C:\Windows\SysWOW64\advcqmhu.exe"91⤵
-
C:\Windows\SysWOW64\regrxmab.exeC:\Windows\system32\regrxmab.exe 344 "C:\Windows\SysWOW64\compzcny.exe"92⤵
-
C:\Windows\SysWOW64\drvmgcgx.exeC:\Windows\system32\drvmgcgx.exe 344 "C:\Windows\SysWOW64\regrxmab.exe"93⤵
-
C:\Windows\SysWOW64\umczysma.exeC:\Windows\system32\umczysma.exe 344 "C:\Windows\SysWOW64\drvmgcgx.exe"94⤵
-
C:\Windows\SysWOW64\atlmhqse.exeC:\Windows\system32\atlmhqse.exe 384 "C:\Windows\SysWOW64\umczysma.exe"95⤵
-
C:\Windows\SysWOW64\netpfanh.exeC:\Windows\system32\netpfanh.exe 344 "C:\Windows\SysWOW64\atlmhqse.exe"96⤵
-
C:\Windows\SysWOW64\libkoqtl.exeC:\Windows\system32\libkoqtl.exe 344 "C:\Windows\SysWOW64\netpfanh.exe"97⤵
-
C:\Windows\SysWOW64\clixgfyh.exeC:\Windows\system32\clixgfyh.exe 344 "C:\Windows\SysWOW64\libkoqtl.exe"98⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\schkpvel.exeC:\Windows\system32\schkpvel.exe 360 "C:\Windows\SysWOW64\clixgfyh.exe"99⤵
-
C:\Windows\SysWOW64\winnffro.exeC:\Windows\system32\winnffro.exe 348 "C:\Windows\SysWOW64\schkpvel.exe"100⤵
-
C:\Windows\SysWOW64\umciwvxs.exeC:\Windows\system32\umciwvxs.exe 344 "C:\Windows\SysWOW64\winnffro.exe"101⤵
-
C:\Windows\SysWOW64\atlvollw.exeC:\Windows\system32\atlvollw.exe 220 "C:\Windows\SysWOW64\umciwvxs.exe"102⤵
-
C:\Windows\SysWOW64\regixbrr.exeC:\Windows\system32\regixbrr.exe 348 "C:\Windows\SysWOW64\atlvollw.exe"103⤵
-
C:\Windows\SysWOW64\libknlev.exeC:\Windows\system32\libknlev.exe 344 "C:\Windows\SysWOW64\regixbrr.exe"104⤵
-
C:\Windows\SysWOW64\clifejky.exeC:\Windows\system32\clifejky.exe 344 "C:\Windows\SysWOW64\libknlev.exe"105⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\xmlswyqc.exeC:\Windows\system32\xmlswyqc.exe 384 "C:\Windows\SysWOW64\clifejky.exe"106⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\netffovy.exeC:\Windows\system32\netffovy.exe 344 "C:\Windows\SysWOW64\xmlswyqc.exe"107⤵
-
C:\Windows\SysWOW64\rdlivzrb.exeC:\Windows\system32\rdlivzrb.exe 344 "C:\Windows\SysWOW64\netffovy.exe"108⤵
-
C:\Windows\SysWOW64\secdmowf.exeC:\Windows\system32\secdmowf.exe 344 "C:\Windows\SysWOW64\rdlivzrb.exe"109⤵
-
C:\Windows\SysWOW64\regqeecj.exeC:\Windows\system32\regqeecj.exe 344 "C:\Windows\SysWOW64\secdmowf.exe"110⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\drvdouin.exeC:\Windows\system32\drvdouin.exe 352 "C:\Windows\SysWOW64\regqeecj.exe"111⤵
-
C:\Windows\SysWOW64\clifdevi.exeC:\Windows\system32\clifdevi.exe 348 "C:\Windows\SysWOW64\drvdouin.exe"112⤵
-
C:\Windows\SysWOW64\xmlauubm.exeC:\Windows\system32\xmlauubm.exe 344 "C:\Windows\SysWOW64\clifdevi.exe"113⤵
-
C:\Windows\SysWOW64\netnmrhq.exeC:\Windows\system32\netnmrhq.exe 352 "C:\Windows\SysWOW64\xmlauubm.exe"114⤵
-
C:\Windows\SysWOW64\libawhnt.exeC:\Windows\system32\libawhnt.exe 344 "C:\Windows\SysWOW64\netnmrhq.exe"115⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\secdlsix.exeC:\Windows\system32\secdlsix.exe 348 "C:\Windows\SysWOW64\libawhnt.exe"116⤵
-
C:\Windows\SysWOW64\cmdychos.exeC:\Windows\system32\cmdychos.exe 344 "C:\Windows\SysWOW64\secdlsix.exe"117⤵
-
C:\Windows\SysWOW64\winluxtw.exeC:\Windows\system32\winluxtw.exe 344 "C:\Windows\SysWOW64\cmdychos.exe"118⤵
-
C:\Windows\SysWOW64\rdlyenza.exeC:\Windows\system32\rdlyenza.exe 344 "C:\Windows\SysWOW64\winluxtw.exe"119⤵
-
C:\Windows\SysWOW64\conbtxmd.exeC:\Windows\system32\conbtxmd.exe 344 "C:\Windows\SysWOW64\rdlyenza.exe"120⤵
-
C:\Windows\SysWOW64\netoknsz.exeC:\Windows\system32\netoknsz.exe 388 "C:\Windows\SysWOW64\conbtxmd.exe"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-