Analysis
-
max time kernel
150s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
23-09-2024 16:11
General
-
Target
f2a2a1ff78930e3465c115672b5992da_JaffaCakes118.exe
-
Size
362KB
-
MD5
f2a2a1ff78930e3465c115672b5992da
-
SHA1
8b8ec549638496c5933d579cc1a429ebceffee96
-
SHA256
976cb27f27db00e77ffc592a8fa5e03668b2bf13e709531e60ea6911b15ec306
-
SHA512
9cdea4f7cd75f5f92fab819e4f2934f89b1cec2ed2353c0b2f5a9196d9bb469a205eb1278b30189d7834df094a34829d4f3da93c9b2bc6249389dd946cd42b05
-
SSDEEP
6144:5S6p7C/ZzSBw6q6shq6sUbN+WnQcj1LzcvZvAMa8+5KrJERbKzQ:8ZmC6sY6sUbEWnnj9CZYM/TQ
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
encoder/call4_dword_xor
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Suspicious use of SetThreadContext 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f2a2a1ff78930e3465c115672b5992da_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f2a2a1ff78930e3465c115672b5992da_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\f2a2a1ff78930e3465c115672b5992da_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\f2a2a1ff78930e3465c115672b5992da_JaffaCakes118.exe D:\Hex Proje2⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\nwtxvaaz.exeC:\Windows\system32\nwtxvaaz.exe 476 "C:\Users\Admin\AppData\Local\Temp\f2a2a1ff78930e3465c115672b5992da_JaffaCakes118.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\nwtxvaaz.exeC:\Windows\SysWOW64\nwtxvaaz.exe D:\Hex Proje4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\jxdczema.exeC:\Windows\system32\jxdczema.exe 516 "C:\Windows\SysWOW64\nwtxvaaz.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\jxdczema.exeC:\Windows\SysWOW64\jxdczema.exe D:\Hex Proje6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\obxkknqi.exeC:\Windows\system32\obxkknqi.exe 456 "C:\Windows\SysWOW64\jxdczema.exe"7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\obxkknqi.exeC:\Windows\SysWOW64\obxkknqi.exe D:\Hex Proje8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wghxbyty.exeC:\Windows\system32\wghxbyty.exe 456 "C:\Windows\SysWOW64\obxkknqi.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wghxbyty.exeC:\Windows\SysWOW64\wghxbyty.exe D:\Hex Proje10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\gqwiocia.exeC:\Windows\system32\gqwiocia.exe 516 "C:\Windows\SysWOW64\wghxbyty.exe"11⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\gqwiocia.exeC:\Windows\SysWOW64\gqwiocia.exe D:\Hex Proje12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\thrkfkfh.exeC:\Windows\system32\thrkfkfh.exe 516 "C:\Windows\SysWOW64\gqwiocia.exe"13⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\thrkfkfh.exeC:\Windows\SysWOW64\thrkfkfh.exe D:\Hex Proje14⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\gujalgem.exeC:\Windows\system32\gujalgem.exe 516 "C:\Windows\SysWOW64\thrkfkfh.exe"15⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\gujalgem.exeC:\Windows\SysWOW64\gujalgem.exe D:\Hex Proje16⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\qbnxvelm.exeC:\Windows\system32\qbnxvelm.exe 464 "C:\Windows\SysWOW64\gujalgem.exe"17⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\qbnxvelm.exeC:\Windows\SysWOW64\qbnxvelm.exe D:\Hex Proje18⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\xiiyqcve.exeC:\Windows\system32\xiiyqcve.exe 468 "C:\Windows\SysWOW64\qbnxvelm.exe"19⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\xiiyqcve.exeC:\Windows\SysWOW64\xiiyqcve.exe D:\Hex Proje20⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\iimvabce.exeC:\Windows\system32\iimvabce.exe 516 "C:\Windows\SysWOW64\xiiyqcve.exe"21⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\iimvabce.exeC:\Windows\SysWOW64\iimvabce.exe D:\Hex Proje22⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\uypyjbil.exeC:\Windows\system32\uypyjbil.exe 528 "C:\Windows\SysWOW64\iimvabce.exe"23⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\uypyjbil.exeC:\Windows\SysWOW64\uypyjbil.exe D:\Hex Proje24⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\fftvtaik.exeC:\Windows\system32\fftvtaik.exe 484 "C:\Windows\SysWOW64\uypyjbil.exe"25⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\fftvtaik.exeC:\Windows\SysWOW64\fftvtaik.exe D:\Hex Proje26⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\mqsaqtyx.exeC:\Windows\system32\mqsaqtyx.exe 476 "C:\Windows\SysWOW64\fftvtaik.exe"27⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mqsaqtyx.exeC:\Windows\SysWOW64\mqsaqtyx.exe D:\Hex Proje28⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\zhvdzbve.exeC:\Windows\system32\zhvdzbve.exe 516 "C:\Windows\SysWOW64\mqsaqtyx.exe"29⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\zhvdzbve.exeC:\Windows\SysWOW64\zhvdzbve.exe D:\Hex Proje30⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\efqghkbl.exeC:\Windows\system32\efqghkbl.exe 516 "C:\Windows\SysWOW64\zhvdzbve.exe"31⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\efqghkbl.exeC:\Windows\SysWOW64\efqghkbl.exe D:\Hex Proje32⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\qwkiqkhb.exeC:\Windows\system32\qwkiqkhb.exe 524 "C:\Windows\SysWOW64\efqghkbl.exe"33⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\qwkiqkhb.exeC:\Windows\SysWOW64\qwkiqkhb.exe D:\Hex Proje34⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\aklyorux.exeC:\Windows\system32\aklyorux.exe 520 "C:\Windows\SysWOW64\qwkiqkhb.exe"35⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\aklyorux.exeC:\Windows\SysWOW64\aklyorux.exe D:\Hex Proje36⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\naoawzre.exeC:\Windows\system32\naoawzre.exe 524 "C:\Windows\SysWOW64\aklyorux.exe"37⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\naoawzre.exeC:\Windows\SysWOW64\naoawzre.exe D:\Hex Proje38⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\anxqcdyj.exeC:\Windows\system32\anxqcdyj.exe 516 "C:\Windows\SysWOW64\naoawzre.exe"39⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\anxqcdyj.exeC:\Windows\SysWOW64\anxqcdyj.exe D:\Hex Proje40⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\kcynsddg.exeC:\Windows\system32\kcynsddg.exe 516 "C:\Windows\SysWOW64\anxqcdyj.exe"41⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\kcynsddg.exeC:\Windows\SysWOW64\kcynsddg.exe D:\Hex Proje42⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\xpqdygks.exeC:\Windows\system32\xpqdygks.exe 520 "C:\Windows\SysWOW64\kcynsddg.exe"43⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\xpqdygks.exeC:\Windows\SysWOW64\xpqdygks.exe D:\Hex Proje44⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\hzfotkqm.exeC:\Windows\system32\hzfotkqm.exe 528 "C:\Windows\SysWOW64\xpqdygks.exe"45⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\hzfotkqm.exeC:\Windows\SysWOW64\hzfotkqm.exe D:\Hex Proje46⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\uqaqcswu.exeC:\Windows\system32\uqaqcswu.exe 516 "C:\Windows\SysWOW64\hzfotkqm.exe"47⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\uqaqcswu.exeC:\Windows\SysWOW64\uqaqcswu.exe D:\Hex Proje48⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\hodtlstj.exeC:\Windows\system32\hodtlstj.exe 516 "C:\Windows\SysWOW64\uqaqcswu.exe"49⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\hodtlstj.exeC:\Windows\SysWOW64\hodtlstj.exe D:\Hex Proje50⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\ufxwtazq.exeC:\Windows\system32\ufxwtazq.exe 516 "C:\Windows\SysWOW64\hodtlstj.exe"51⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\ufxwtazq.exeC:\Windows\SysWOW64\ufxwtazq.exe D:\Hex Proje52⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\dpnggdfk.exeC:\Windows\system32\dpnggdfk.exe 516 "C:\Windows\SysWOW64\ufxwtazq.exe"53⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\dpnggdfk.exeC:\Windows\SysWOW64\dpnggdfk.exe D:\Hex Proje54⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\qgijpllr.exeC:\Windows\system32\qgijpllr.exe 520 "C:\Windows\SysWOW64\dpnggdfk.exe"55⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\qgijpllr.exeC:\Windows\SysWOW64\qgijpllr.exe D:\Hex Proje56⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\dwklgmqg.exeC:\Windows\system32\dwklgmqg.exe 516 "C:\Windows\SysWOW64\qgijpllr.exe"57⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\dwklgmqg.exeC:\Windows\SysWOW64\dwklgmqg.exe D:\Hex Proje58⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\nklbwtdd.exeC:\Windows\system32\nklbwtdd.exe 516 "C:\Windows\SysWOW64\dwklgmqg.exe"59⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\nklbwtdd.exeC:\Windows\SysWOW64\nklbwtdd.exe D:\Hex Proje60⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\ajgdebbk.exeC:\Windows\system32\ajgdebbk.exe 524 "C:\Windows\SysWOW64\nklbwtdd.exe"61⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\ajgdebbk.exeC:\Windows\SysWOW64\ajgdebbk.exe D:\Hex Proje62⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\nzbgnbgr.exeC:\Windows\system32\nzbgnbgr.exe 528 "C:\Windows\SysWOW64\ajgdebbk.exe"63⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\nzbgnbgr.exeC:\Windows\SysWOW64\nzbgnbgr.exe D:\Hex Proje64⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\xcqrienl.exeC:\Windows\system32\xcqrienl.exe 516 "C:\Windows\SysWOW64\nzbgnbgr.exe"65⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\xcqrienl.exeC:\Windows\SysWOW64\xcqrienl.exe D:\Hex Proje66⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\kxigoimy.exeC:\Windows\system32\kxigoimy.exe 520 "C:\Windows\SysWOW64\xcqrienl.exe"67⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\kxigoimy.exeC:\Windows\SysWOW64\kxigoimy.exe D:\Hex Proje68⤵
-
C:\Windows\SysWOW64\uzxrblas.exeC:\Windows\system32\uzxrblas.exe 536 "C:\Windows\SysWOW64\kxigoimy.exe"69⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\uzxrblas.exeC:\Windows\SysWOW64\uzxrblas.exe D:\Hex Proje70⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\hystkuxz.exeC:\Windows\system32\hystkuxz.exe 524 "C:\Windows\SysWOW64\uzxrblas.exe"71⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\hystkuxz.exeC:\Windows\SysWOW64\hystkuxz.exe D:\Hex Proje72⤵
-
C:\Windows\SysWOW64\uovwsudp.exeC:\Windows\system32\uovwsudp.exe 520 "C:\Windows\SysWOW64\hystkuxz.exe"73⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\uovwsudp.exeC:\Windows\SysWOW64\uovwsudp.exe D:\Hex Proje74⤵
-
C:\Windows\SysWOW64\drkgnxjj.exeC:\Windows\system32\drkgnxjj.exe 516 "C:\Windows\SysWOW64\uovwsudp.exe"75⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\drkgnxjj.exeC:\Windows\SysWOW64\drkgnxjj.exe D:\Hex Proje76⤵
-
C:\Windows\SysWOW64\qqfjwfpq.exeC:\Windows\system32\qqfjwfpq.exe 524 "C:\Windows\SysWOW64\drkgnxjj.exe"77⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\qqfjwfpq.exeC:\Windows\SysWOW64\qqfjwfpq.exe D:\Hex Proje78⤵
-
C:\Windows\SysWOW64\dgimffux.exeC:\Windows\system32\dgimffux.exe 524 "C:\Windows\SysWOW64\qqfjwfpq.exe"79⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\dgimffux.exeC:\Windows\SysWOW64\dgimffux.exe D:\Hex Proje80⤵
-
C:\Windows\SysWOW64\qfconnae.exeC:\Windows\system32\qfconnae.exe 516 "C:\Windows\SysWOW64\dgimffux.exe"81⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\qfconnae.exeC:\Windows\SysWOW64\qfconnae.exe D:\Hex Proje82⤵
-
C:\Windows\SysWOW64\aldedvfj.exeC:\Windows\system32\aldedvfj.exe 516 "C:\Windows\SysWOW64\qfconnae.exe"83⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\aldedvfj.exeC:\Windows\SysWOW64\aldedvfj.exe D:\Hex Proje84⤵
-
C:\Windows\SysWOW64\njyhmdlq.exeC:\Windows\system32\njyhmdlq.exe 516 "C:\Windows\SysWOW64\aldedvfj.exe"85⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\njyhmdlq.exeC:\Windows\SysWOW64\njyhmdlq.exe D:\Hex Proje86⤵
-
C:\Windows\SysWOW64\awpeszjv.exeC:\Windows\system32\awpeszjv.exe 520 "C:\Windows\SysWOW64\njyhmdlq.exe"87⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\awpeszjv.exeC:\Windows\SysWOW64\awpeszjv.exe D:\Hex Proje88⤵
-
C:\Windows\SysWOW64\kkquqgwr.exeC:\Windows\system32\kkquqgwr.exe 528 "C:\Windows\SysWOW64\awpeszjv.exe"89⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\kkquqgwr.exeC:\Windows\SysWOW64\kkquqgwr.exe D:\Hex Proje90⤵
-
C:\Windows\SysWOW64\wblwyocy.exeC:\Windows\system32\wblwyocy.exe 524 "C:\Windows\SysWOW64\kkquqgwr.exe"91⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wblwyocy.exeC:\Windows\SysWOW64\wblwyocy.exe D:\Hex Proje92⤵
-
C:\Windows\SysWOW64\hapujnky.exeC:\Windows\system32\hapujnky.exe 532 "C:\Windows\SysWOW64\wblwyocy.exe"93⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\hapujnky.exeC:\Windows\SysWOW64\hapujnky.exe D:\Hex Proje94⤵
-
C:\Windows\SysWOW64\tcvjusoi.exeC:\Windows\system32\tcvjusoi.exe 520 "C:\Windows\SysWOW64\hapujnky.exe"95⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\tcvjusoi.exeC:\Windows\SysWOW64\tcvjusoi.exe D:\Hex Proje96⤵
-
C:\Windows\SysWOW64\gsymlatp.exeC:\Windows\system32\gsymlatp.exe 520 "C:\Windows\SysWOW64\tcvjusoi.exe"97⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\gsymlatp.exeC:\Windows\SysWOW64\gsymlatp.exe D:\Hex Proje98⤵
-
C:\Windows\SysWOW64\tnhcresc.exeC:\Windows\system32\tnhcresc.exe 524 "C:\Windows\SysWOW64\gsymlatp.exe"99⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\tnhcresc.exeC:\Windows\SysWOW64\tnhcresc.exe D:\Hex Proje100⤵
-
C:\Windows\SysWOW64\ghnrcixd.exeC:\Windows\system32\ghnrcixd.exe 528 "C:\Windows\SysWOW64\tnhcresc.exe"101⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\ghnrcixd.exeC:\Windows\SysWOW64\ghnrcixd.exe D:\Hex Proje102⤵
-
C:\Windows\SysWOW64\qslcpldf.exeC:\Windows\system32\qslcpldf.exe 516 "C:\Windows\SysWOW64\ghnrcixd.exe"103⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\qslcpldf.exeC:\Windows\SysWOW64\qslcpldf.exe D:\Hex Proje104⤵
-
C:\Windows\SysWOW64\dmrkbypp.exeC:\Windows\system32\dmrkbypp.exe 516 "C:\Windows\SysWOW64\qslcpldf.exe"105⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\dmrkbypp.exeC:\Windows\SysWOW64\dmrkbypp.exe D:\Hex Proje106⤵
-
C:\Windows\SysWOW64\pkmmjgnw.exeC:\Windows\system32\pkmmjgnw.exe 516 "C:\Windows\SysWOW64\dmrkbypp.exe"107⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\pkmmjgnw.exeC:\Windows\SysWOW64\pkmmjgnw.exe D:\Hex Proje108⤵
-
C:\Windows\SysWOW64\dxdcpcub.exeC:\Windows\system32\dxdcpcub.exe 516 "C:\Windows\SysWOW64\pkmmjgnw.exe"109⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\dxdcpcub.exeC:\Windows\SysWOW64\dxdcpcub.exe D:\Hex Proje110⤵
-
C:\Windows\SysWOW64\pzjsioyl.exeC:\Windows\system32\pzjsioyl.exe 516 "C:\Windows\SysWOW64\dxdcpcub.exe"111⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\pzjsioyl.exeC:\Windows\SysWOW64\pzjsioyl.exe D:\Hex Proje112⤵
-
C:\Windows\SysWOW64\cqeurwvs.exeC:\Windows\system32\cqeurwvs.exe 516 "C:\Windows\SysWOW64\pzjsioyl.exe"113⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\cqeurwvs.exeC:\Windows\SysWOW64\cqeurwvs.exe D:\Hex Proje114⤵
-
C:\Windows\SysWOW64\matferku.exeC:\Windows\system32\matferku.exe 524 "C:\Windows\SysWOW64\cqeurwvs.exe"115⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\matferku.exeC:\Windows\SysWOW64\matferku.exe D:\Hex Proje116⤵
-
C:\Windows\SysWOW64\zuauqeov.exeC:\Windows\system32\zuauqeov.exe 520 "C:\Windows\SysWOW64\matferku.exe"117⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\zuauqeov.exeC:\Windows\SysWOW64\zuauqeov.exe D:\Hex Proje118⤵
-
C:\Windows\SysWOW64\mhrkwini.exeC:\Windows\system32\mhrkwini.exe 516 "C:\Windows\SysWOW64\zuauqeov.exe"119⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mhrkwini.exeC:\Windows\SysWOW64\mhrkwini.exe D:\Hex Proje120⤵
-
C:\Windows\SysWOW64\wwszupaf.exeC:\Windows\system32\wwszupaf.exe 528 "C:\Windows\SysWOW64\mhrkwini.exe"121⤵
- Suspicious use of SetThreadContext
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-