Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
26/08/2024, 06:26
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exe
-
Size
31KB
-
MD5
c2738b65e1b5c9e2decb3427766ccc8f
-
SHA1
96c1401b1e22387730da13ce28f6106462a95f3f
-
SHA256
4e76960999963dc1edc0f72ab8856bfd430e3118b9174b5e09d8511bb7312099
-
SHA512
88fbc5a4dbab574f25c6780214c26aa8a67992f5cdd50cbdf8fe982ecc45e01022599fcff1b1b52a89b13aa14ddb31e0fc2e026ba31c6127787bb906c7419e88
-
SSDEEP
768:wUvnGO4q4onfxlstuPtJtfNaoyib94gIpbwNL22tM:fuO4+fxlIgJDuib94z1C22tM
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
pid Process 2716 nvsvc86.exe 2676 nvsvc86.exe 2772 nvsvc86.exe 2896 nvsvc86.exe 2712 nvsvc86.exe 2868 nvsvc86.exe 2492 nvsvc86.exe 2528 nvsvc86.exe 2648 nvsvc86.exe 2308 nvsvc86.exe 1952 nvsvc86.exe 1480 nvsvc86.exe 1164 nvsvc86.exe 2268 nvsvc86.exe 776 nvsvc86.exe 1640 nvsvc86.exe 576 nvsvc86.exe 1888 nvsvc86.exe 2852 nvsvc86.exe 324 nvsvc86.exe 960 nvsvc86.exe 2364 nvsvc86.exe 2912 nvsvc86.exe 432 nvsvc86.exe 516 nvsvc86.exe 912 nvsvc86.exe 1844 nvsvc86.exe 2000 nvsvc86.exe 2096 nvsvc86.exe 3056 nvsvc86.exe 1568 nvsvc86.exe 760 nvsvc86.exe 872 nvsvc86.exe 2792 nvsvc86.exe 1708 nvsvc86.exe 764 nvsvc86.exe 2236 nvsvc86.exe 2900 nvsvc86.exe 1268 nvsvc86.exe 1900 nvsvc86.exe 276 nvsvc86.exe 3036 nvsvc86.exe 2464 nvsvc86.exe 1960 nvsvc86.exe 2072 nvsvc86.exe 2620 nvsvc86.exe 2820 nvsvc86.exe 2680 nvsvc86.exe 1712 nvsvc86.exe 1616 nvsvc86.exe 2376 nvsvc86.exe 2092 nvsvc86.exe 2732 nvsvc86.exe 2772 nvsvc86.exe 2780 nvsvc86.exe 2176 nvsvc86.exe 2548 nvsvc86.exe 2564 nvsvc86.exe 2356 nvsvc86.exe 2540 nvsvc86.exe 2600 nvsvc86.exe 2980 nvsvc86.exe 2568 nvsvc86.exe 1768 nvsvc86.exe -
Loads dropped DLL 64 IoCs
pid Process 1916 c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exe 1916 c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exe 2716 nvsvc86.exe 2676 nvsvc86.exe 2676 nvsvc86.exe 2772 nvsvc86.exe 2896 nvsvc86.exe 2896 nvsvc86.exe 2712 nvsvc86.exe 2868 nvsvc86.exe 2868 nvsvc86.exe 2492 nvsvc86.exe 2528 nvsvc86.exe 2528 nvsvc86.exe 2648 nvsvc86.exe 2308 nvsvc86.exe 2308 nvsvc86.exe 1952 nvsvc86.exe 1480 nvsvc86.exe 1480 nvsvc86.exe 1164 nvsvc86.exe 2268 nvsvc86.exe 2268 nvsvc86.exe 1640 nvsvc86.exe 1640 nvsvc86.exe 1888 nvsvc86.exe 1888 nvsvc86.exe 324 nvsvc86.exe 324 nvsvc86.exe 2364 nvsvc86.exe 2364 nvsvc86.exe 432 nvsvc86.exe 432 nvsvc86.exe 912 nvsvc86.exe 912 nvsvc86.exe 2000 nvsvc86.exe 2000 nvsvc86.exe 3056 nvsvc86.exe 3056 nvsvc86.exe 760 nvsvc86.exe 760 nvsvc86.exe 2792 nvsvc86.exe 2792 nvsvc86.exe 764 nvsvc86.exe 764 nvsvc86.exe 2900 nvsvc86.exe 2900 nvsvc86.exe 1900 nvsvc86.exe 1900 nvsvc86.exe 3036 nvsvc86.exe 3036 nvsvc86.exe 1960 nvsvc86.exe 1960 nvsvc86.exe 2620 nvsvc86.exe 2620 nvsvc86.exe 2680 nvsvc86.exe 2680 nvsvc86.exe 1616 nvsvc86.exe 1616 nvsvc86.exe 2092 nvsvc86.exe 2092 nvsvc86.exe 2772 nvsvc86.exe 2772 nvsvc86.exe 2176 nvsvc86.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe Process not Found File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe File created C:\Windows\SysWOW64\nvsvc86.exe nvsvc86.exe -
Suspicious use of SetThreadContext 64 IoCs
description pid Process procid_target PID 2120 set thread context of 1916 2120 c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exe 31 PID 2716 set thread context of 2676 2716 nvsvc86.exe 33 PID 2772 set thread context of 2896 2772 nvsvc86.exe 35 PID 2712 set thread context of 2868 2712 nvsvc86.exe 37 PID 2492 set thread context of 2528 2492 nvsvc86.exe 39 PID 2648 set thread context of 2308 2648 nvsvc86.exe 41 PID 1952 set thread context of 1480 1952 nvsvc86.exe 43 PID 1164 set thread context of 2268 1164 nvsvc86.exe 45 PID 776 set thread context of 1640 776 nvsvc86.exe 47 PID 576 set thread context of 1888 576 nvsvc86.exe 49 PID 2852 set thread context of 324 2852 nvsvc86.exe 51 PID 960 set thread context of 2364 960 nvsvc86.exe 53 PID 2912 set thread context of 432 2912 nvsvc86.exe 55 PID 516 set thread context of 912 516 nvsvc86.exe 57 PID 1844 set thread context of 2000 1844 nvsvc86.exe 59 PID 2096 set thread context of 3056 2096 nvsvc86.exe 61 PID 1568 set thread context of 760 1568 nvsvc86.exe 63 PID 872 set thread context of 2792 872 nvsvc86.exe 65 PID 1708 set thread context of 764 1708 nvsvc86.exe 67 PID 2236 set thread context of 2900 2236 nvsvc86.exe 69 PID 1268 set thread context of 1900 1268 nvsvc86.exe 71 PID 276 set thread context of 3036 276 nvsvc86.exe 73 PID 2464 set thread context of 1960 2464 nvsvc86.exe 75 PID 2072 set thread context of 2620 2072 nvsvc86.exe 77 PID 2820 set thread context of 2680 2820 nvsvc86.exe 79 PID 1712 set thread context of 1616 1712 nvsvc86.exe 81 PID 2376 set thread context of 2092 2376 nvsvc86.exe 83 PID 2732 set thread context of 2772 2732 nvsvc86.exe 85 PID 2780 set thread context of 2176 2780 nvsvc86.exe 87 PID 2548 set thread context of 2564 2548 nvsvc86.exe 89 PID 2356 set thread context of 2540 2356 nvsvc86.exe 91 PID 2600 set thread context of 2980 2600 nvsvc86.exe 93 PID 2568 set thread context of 1768 2568 nvsvc86.exe 95 PID 1952 set thread context of 1736 1952 nvsvc86.exe 97 PID 2064 set thread context of 1412 2064 nvsvc86.exe 99 PID 472 set thread context of 840 472 nvsvc86.exe 101 PID 368 set thread context of 524 368 nvsvc86.exe 103 PID 1776 set thread context of 2844 1776 nvsvc86.exe 105 PID 2996 set thread context of 2104 2996 nvsvc86.exe 107 PID 1184 set thread context of 2924 1184 nvsvc86.exe 109 PID 2012 set thread context of 1832 2012 nvsvc86.exe 111 PID 2408 set thread context of 936 2408 nvsvc86.exe 113 PID 1204 set thread context of 1632 1204 nvsvc86.exe 115 PID 900 set thread context of 2584 900 nvsvc86.exe 117 PID 832 set thread context of 1020 832 nvsvc86.exe 119 PID 1308 set thread context of 1812 1308 nvsvc86.exe 121 PID 1704 set thread context of 2008 1704 nvsvc86.exe 123 PID 2168 set thread context of 2360 2168 nvsvc86.exe 125 PID 2972 set thread context of 2032 2972 nvsvc86.exe 127 PID 1748 set thread context of 1968 1748 nvsvc86.exe 129 PID 888 set thread context of 1956 888 nvsvc86.exe 131 PID 236 set thread context of 2632 236 nvsvc86.exe 135 PID 2280 set thread context of 2140 2280 nvsvc86.exe 137 PID 2744 set thread context of 2652 2744 nvsvc86.exe 139 PID 2224 set thread context of 2804 2224 nvsvc86.exe 141 PID 2776 set thread context of 2800 2776 nvsvc86.exe 143 PID 2524 set thread context of 2640 2524 nvsvc86.exe 145 PID 3000 set thread context of 2984 3000 nvsvc86.exe 147 PID 1944 set thread context of 2300 1944 nvsvc86.exe 149 PID 956 set thread context of 1572 956 nvsvc86.exe 151 PID 1824 set thread context of 2040 1824 nvsvc86.exe 153 PID 2056 set thread context of 776 2056 nvsvc86.exe 155 PID 1784 set thread context of 368 1784 nvsvc86.exe 157 PID 580 set thread context of 2784 580 nvsvc86.exe 159 -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nvsvc86.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2120 wrote to memory of 1916 2120 c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exe 31 PID 2120 wrote to memory of 1916 2120 c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exe 31 PID 2120 wrote to memory of 1916 2120 c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exe 31 PID 2120 wrote to memory of 1916 2120 c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exe 31 PID 2120 wrote to memory of 1916 2120 c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exe 31 PID 2120 wrote to memory of 1916 2120 c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exe 31 PID 1916 wrote to memory of 2716 1916 c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exe 32 PID 1916 wrote to memory of 2716 1916 c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exe 32 PID 1916 wrote to memory of 2716 1916 c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exe 32 PID 1916 wrote to memory of 2716 1916 c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exe 32 PID 2716 wrote to memory of 2676 2716 nvsvc86.exe 33 PID 2716 wrote to memory of 2676 2716 nvsvc86.exe 33 PID 2716 wrote to memory of 2676 2716 nvsvc86.exe 33 PID 2716 wrote to memory of 2676 2716 nvsvc86.exe 33 PID 2716 wrote to memory of 2676 2716 nvsvc86.exe 33 PID 2716 wrote to memory of 2676 2716 nvsvc86.exe 33 PID 2676 wrote to memory of 2772 2676 nvsvc86.exe 34 PID 2676 wrote to memory of 2772 2676 nvsvc86.exe 34 PID 2676 wrote to memory of 2772 2676 nvsvc86.exe 34 PID 2676 wrote to memory of 2772 2676 nvsvc86.exe 34 PID 2772 wrote to memory of 2896 2772 nvsvc86.exe 35 PID 2772 wrote to memory of 2896 2772 nvsvc86.exe 35 PID 2772 wrote to memory of 2896 2772 nvsvc86.exe 35 PID 2772 wrote to memory of 2896 2772 nvsvc86.exe 35 PID 2772 wrote to memory of 2896 2772 nvsvc86.exe 35 PID 2772 wrote to memory of 2896 2772 nvsvc86.exe 35 PID 2896 wrote to memory of 2712 2896 nvsvc86.exe 36 PID 2896 wrote to memory of 2712 2896 nvsvc86.exe 36 PID 2896 wrote to memory of 2712 2896 nvsvc86.exe 36 PID 2896 wrote to memory of 2712 2896 nvsvc86.exe 36 PID 2712 wrote to memory of 2868 2712 nvsvc86.exe 37 PID 2712 wrote to memory of 2868 2712 nvsvc86.exe 37 PID 2712 wrote to memory of 2868 2712 nvsvc86.exe 37 PID 2712 wrote to memory of 2868 2712 nvsvc86.exe 37 PID 2712 wrote to memory of 2868 2712 nvsvc86.exe 37 PID 2712 wrote to memory of 2868 2712 nvsvc86.exe 37 PID 2868 wrote to memory of 2492 2868 nvsvc86.exe 38 PID 2868 wrote to memory of 2492 2868 nvsvc86.exe 38 PID 2868 wrote to memory of 2492 2868 nvsvc86.exe 38 PID 2868 wrote to memory of 2492 2868 nvsvc86.exe 38 PID 2492 wrote to memory of 2528 2492 nvsvc86.exe 39 PID 2492 wrote to memory of 2528 2492 nvsvc86.exe 39 PID 2492 wrote to memory of 2528 2492 nvsvc86.exe 39 PID 2492 wrote to memory of 2528 2492 nvsvc86.exe 39 PID 2492 wrote to memory of 2528 2492 nvsvc86.exe 39 PID 2492 wrote to memory of 2528 2492 nvsvc86.exe 39 PID 2528 wrote to memory of 2648 2528 nvsvc86.exe 40 PID 2528 wrote to memory of 2648 2528 nvsvc86.exe 40 PID 2528 wrote to memory of 2648 2528 nvsvc86.exe 40 PID 2528 wrote to memory of 2648 2528 nvsvc86.exe 40 PID 2648 wrote to memory of 2308 2648 nvsvc86.exe 41 PID 2648 wrote to memory of 2308 2648 nvsvc86.exe 41 PID 2648 wrote to memory of 2308 2648 nvsvc86.exe 41 PID 2648 wrote to memory of 2308 2648 nvsvc86.exe 41 PID 2648 wrote to memory of 2308 2648 nvsvc86.exe 41 PID 2648 wrote to memory of 2308 2648 nvsvc86.exe 41 PID 2308 wrote to memory of 1952 2308 nvsvc86.exe 42 PID 2308 wrote to memory of 1952 2308 nvsvc86.exe 42 PID 2308 wrote to memory of 1952 2308 nvsvc86.exe 42 PID 2308 wrote to memory of 1952 2308 nvsvc86.exe 42 PID 1952 wrote to memory of 1480 1952 nvsvc86.exe 43 PID 1952 wrote to memory of 1480 1952 nvsvc86.exe 43 PID 1952 wrote to memory of 1480 1952 nvsvc86.exe 43 PID 1952 wrote to memory of 1480 1952 nvsvc86.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2120 -
C:\Users\Admin\AppData\Local\Temp\c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\c2738b65e1b5c9e2decb3427766ccc8f_JaffaCakes118.exe2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1916 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2716 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2676 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2772 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2896 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2712 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2868 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2492 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2528 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2648 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2308 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1952 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe14⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1480 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"15⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:1164 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe16⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2268 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"17⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:776 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe18⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1640 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"19⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:576 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe20⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1888 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"21⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2852 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe22⤵
- Executes dropped EXE
- Loads dropped DLL
PID:324 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"23⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:960 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe24⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2364 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"25⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2912 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe26⤵
- Executes dropped EXE
- Loads dropped DLL
PID:432 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"27⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:516 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe28⤵
- Executes dropped EXE
- Loads dropped DLL
PID:912 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"29⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1844 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe30⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2000 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"31⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2096 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe32⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3056 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"33⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1568 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe34⤵
- Executes dropped EXE
- Loads dropped DLL
PID:760 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"35⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:872 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe36⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2792 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"37⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1708 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe38⤵
- Executes dropped EXE
- Loads dropped DLL
PID:764 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"39⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2236 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe40⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2900 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"41⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1268 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe42⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1900 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"43⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:276 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe44⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3036 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"45⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2464 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe46⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:1960 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"47⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2072 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe48⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2620 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"49⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2820 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe50⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2680 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"51⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1712 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe52⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1616 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"53⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2376 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe54⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2092 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"55⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2732 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe56⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2772 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"57⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2780 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe58⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2176 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"59⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2548 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe60⤵
- Executes dropped EXE
PID:2564 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"61⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2356 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe62⤵
- Executes dropped EXE
PID:2540 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"63⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2600 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe64⤵
- Executes dropped EXE
PID:2980 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"65⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2568 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe66⤵
- Executes dropped EXE
PID:1768 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"67⤵
- Suspicious use of SetThreadContext
PID:1952 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe68⤵PID:1736
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"69⤵
- Suspicious use of SetThreadContext
PID:2064 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe70⤵PID:1412
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"71⤵
- Suspicious use of SetThreadContext
PID:472 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe72⤵PID:840
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"73⤵
- Suspicious use of SetThreadContext
PID:368 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe74⤵PID:524
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"75⤵
- Suspicious use of SetThreadContext
PID:1776 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe76⤵PID:2844
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"77⤵
- Suspicious use of SetThreadContext
PID:2996 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe78⤵PID:2104
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"79⤵
- Suspicious use of SetThreadContext
PID:1184 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe80⤵PID:2924
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"81⤵
- Suspicious use of SetThreadContext
PID:2012 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe82⤵PID:1832
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"83⤵
- Suspicious use of SetThreadContext
PID:2408 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe84⤵PID:936
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"85⤵
- Suspicious use of SetThreadContext
PID:1204 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe86⤵PID:1632
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"87⤵
- Suspicious use of SetThreadContext
PID:900 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe88⤵
- Drops file in System32 directory
PID:2584 -
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"89⤵
- Suspicious use of SetThreadContext
PID:832 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe90⤵PID:1020
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"91⤵
- Suspicious use of SetThreadContext
PID:1308 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe92⤵PID:1812
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"93⤵
- Suspicious use of SetThreadContext
PID:1704 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe94⤵PID:2008
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"95⤵
- Suspicious use of SetThreadContext
PID:2168 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe96⤵PID:2360
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"97⤵
- Suspicious use of SetThreadContext
PID:2972 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe98⤵PID:2032
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"99⤵
- Suspicious use of SetThreadContext
PID:1748 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe100⤵PID:1968
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"101⤵
- Suspicious use of SetThreadContext
PID:888 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe102⤵PID:1956
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"103⤵PID:3004
-
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe104⤵PID:2120
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"105⤵
- Suspicious use of SetThreadContext
PID:236 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe106⤵PID:2632
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"107⤵
- Suspicious use of SetThreadContext
PID:2280 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe108⤵PID:2140
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"109⤵
- Suspicious use of SetThreadContext
PID:2744 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe110⤵PID:2652
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"111⤵
- Suspicious use of SetThreadContext
PID:2224 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe112⤵PID:2804
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"113⤵
- Suspicious use of SetThreadContext
PID:2776 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe114⤵PID:2800
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"115⤵
- Suspicious use of SetThreadContext
PID:2524 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe116⤵PID:2640
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"117⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3000 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe118⤵PID:2984
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"119⤵
- Suspicious use of SetThreadContext
PID:1944 -
C:\Windows\SysWOW64\nvsvc86.exeC:\Windows\SysWOW64\nvsvc86.exe120⤵PID:2300
-
C:\Windows\SysWOW64\nvsvc86.exe"C:\Windows\system32\nvsvc86.exe"121⤵
- Suspicious use of SetThreadContext
PID:956
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-