Analysis
-
max time kernel
143s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
23-12-2024 19:16
Behavioral task
behavioral1
Sample
JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe
-
Size
2.9MB
-
MD5
afa73edc2a937c08b64b4577e5634042
-
SHA1
a62790807b0f805273cbd9120ab4643a0d86ce79
-
SHA256
ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b
-
SHA512
0100891fe883da707ffd76b5a88358524cd59cc43ce4b6aab4d929e33e798d2879428ae225f0e463d5fefeb4ebc98c9f2bbdc481686201020cd98ca933f905d1
-
SSDEEP
49152:EnCbL83y9FdfE0pZ0zCa4wI156uL3pgrCEdMKPFotsgEBr6D:EniLf9FdfE0pZB156utgpPFotBEk
Malware Config
Signatures
-
Xmrig family
-
XMRig Miner payload 64 IoCs
resource yara_rule behavioral1/memory/1916-0-0x000000013F590000-0x000000013F8E4000-memory.dmp xmrig behavioral1/files/0x000b00000001226a-3.dat xmrig behavioral1/files/0x0007000000016855-26.dat xmrig behavioral1/files/0x0008000000016c62-41.dat xmrig behavioral1/files/0x00060000000173f4-60.dat xmrig behavioral1/memory/2100-62-0x000000013F930000-0x000000013FC84000-memory.dmp xmrig behavioral1/files/0x00060000000173da-61.dat xmrig behavioral1/files/0x000800000001612f-12.dat xmrig behavioral1/memory/2764-59-0x000000013F460000-0x000000013F7B4000-memory.dmp xmrig behavioral1/memory/2576-72-0x000000013FCE0000-0x0000000140034000-memory.dmp xmrig behavioral1/memory/2588-87-0x000000013FC50000-0x000000013FFA4000-memory.dmp xmrig behavioral1/files/0x00060000000173fc-86.dat xmrig behavioral1/memory/2584-85-0x000000013F630000-0x000000013F984000-memory.dmp xmrig behavioral1/memory/1916-84-0x000000013F590000-0x000000013F8E4000-memory.dmp xmrig behavioral1/files/0x00060000000173f1-83.dat xmrig behavioral1/memory/2772-82-0x000000013FB90000-0x000000013FEE4000-memory.dmp xmrig behavioral1/files/0x000600000001706d-81.dat xmrig behavioral1/memory/2920-80-0x000000013F660000-0x000000013F9B4000-memory.dmp xmrig behavioral1/files/0x0008000000016aa9-79.dat xmrig behavioral1/memory/2108-78-0x000000013FA90000-0x000000013FDE4000-memory.dmp xmrig behavioral1/files/0x000700000001662e-77.dat xmrig behavioral1/memory/1040-89-0x000000013F930000-0x000000013FC84000-memory.dmp xmrig behavioral1/memory/2216-88-0x000000013FD70000-0x00000001400C4000-memory.dmp xmrig behavioral1/memory/2536-76-0x000000013F210000-0x000000013F564000-memory.dmp xmrig behavioral1/memory/1916-73-0x000000013FCE0000-0x0000000140034000-memory.dmp xmrig behavioral1/memory/1916-67-0x000000013FB90000-0x000000013FEE4000-memory.dmp xmrig behavioral1/memory/1784-90-0x000000013F090000-0x000000013F3E4000-memory.dmp xmrig behavioral1/memory/2668-50-0x000000013FEF0000-0x0000000140244000-memory.dmp xmrig behavioral1/memory/1040-34-0x000000013F930000-0x000000013FC84000-memory.dmp xmrig behavioral1/memory/1784-25-0x000000013F090000-0x000000013F3E4000-memory.dmp xmrig behavioral1/files/0x00080000000161f6-45.dat xmrig behavioral1/files/0x000700000001658c-27.dat xmrig behavioral1/memory/2216-20-0x000000013FD70000-0x00000001400C4000-memory.dmp xmrig behavioral1/memory/1916-6-0x000000013F090000-0x000000013F3E4000-memory.dmp xmrig behavioral1/memory/2536-97-0x000000013F210000-0x000000013F564000-memory.dmp xmrig behavioral1/files/0x0009000000015e71-102.dat xmrig behavioral1/memory/584-119-0x000000013F9D0000-0x000000013FD24000-memory.dmp xmrig behavioral1/files/0x0006000000017525-115.dat xmrig behavioral1/memory/2108-109-0x000000013FA90000-0x000000013FDE4000-memory.dmp xmrig behavioral1/files/0x0006000000017487-105.dat xmrig behavioral1/files/0x0006000000017472-101.dat xmrig behavioral1/files/0x0014000000018663-129.dat xmrig behavioral1/files/0x0005000000018687-140.dat xmrig behavioral1/files/0x0006000000018c1a-150.dat xmrig behavioral1/files/0x0006000000018c26-155.dat xmrig behavioral1/files/0x0005000000019244-195.dat xmrig behavioral1/memory/2588-583-0x000000013FC50000-0x000000013FFA4000-memory.dmp xmrig behavioral1/memory/2584-489-0x000000013F630000-0x000000013F984000-memory.dmp xmrig behavioral1/memory/2772-311-0x000000013FB90000-0x000000013FEE4000-memory.dmp xmrig behavioral1/files/0x000500000001922c-190.dat xmrig behavioral1/files/0x00050000000191ff-185.dat xmrig behavioral1/files/0x00050000000191d4-180.dat xmrig behavioral1/files/0x00060000000190e0-175.dat xmrig behavioral1/files/0x00060000000190ce-170.dat xmrig behavioral1/files/0x000600000001903b-165.dat xmrig behavioral1/files/0x0006000000018f53-160.dat xmrig behavioral1/files/0x0005000000018792-145.dat xmrig behavioral1/files/0x00060000000174a2-128.dat xmrig behavioral1/memory/2920-123-0x000000013F660000-0x000000013F9B4000-memory.dmp xmrig behavioral1/memory/1916-114-0x000000013F9D0000-0x000000013FD24000-memory.dmp xmrig behavioral1/files/0x000d00000001866e-134.dat xmrig behavioral1/memory/1916-584-0x000000013F9D0000-0x000000013FD24000-memory.dmp xmrig behavioral1/memory/2216-585-0x000000013FD70000-0x00000001400C4000-memory.dmp xmrig behavioral1/memory/1784-586-0x000000013F090000-0x000000013F3E4000-memory.dmp xmrig -
Executes dropped EXE 64 IoCs
pid Process 2216 BewnfcI.exe 1784 hSkJysz.exe 1040 LWcBaMM.exe 2764 WmMLGZg.exe 2668 JyzEYAe.exe 2100 haMAJSf.exe 2576 cLbjaKE.exe 2536 qnMRzRq.exe 2108 PwIvEGw.exe 2920 jalKjru.exe 2772 vvlzxwW.exe 2584 QxhozDR.exe 2588 byGFsUP.exe 584 arFGpEc.exe 1252 PMRLDAN.exe 1788 BlRponL.exe 1492 BMlTprf.exe 1696 IblONtl.exe 864 KFKCQko.exe 2524 skLQoRR.exe 1812 NuFTQmm.exe 668 OwIGhRw.exe 2392 cHghhqY.exe 2864 kLafzhY.exe 2376 ZnabiZk.exe 1152 WObORwG.exe 2384 oxgLSrJ.exe 1944 ODjGvzT.exe 2060 KpSuLym.exe 756 sQFWbaY.exe 1724 DoKnKIM.exe 916 ebBgGPc.exe 1520 FXvtdNY.exe 1560 OHfFARc.exe 596 iSoNTRX.exe 1344 mEfGZpp.exe 1540 KFkyBqo.exe 2220 gKNuLVE.exe 3032 WFVUZck.exe 1900 GxddNor.exe 2056 JNcCIok.exe 2448 gkigAEv.exe 2256 xvHTeBO.exe 2408 UCgasGN.exe 1924 KaYxHAV.exe 2972 cuaCuXK.exe 888 bBiBuvN.exe 1756 ttGYHPK.exe 3036 SZawMRT.exe 1600 WFVlCvS.exe 1604 wuDArwP.exe 2244 LghovLr.exe 2140 AfqliRO.exe 2196 jQreopx.exe 2568 pHodEUo.exe 2740 nhcKvEb.exe 2560 WUoJcUb.exe 2704 hJjMfgA.exe 2136 bpXDUiR.exe 2736 KtSgErf.exe 592 nOZtRKn.exe 2768 fsHcJJF.exe 2816 mKVerrk.exe 2700 CWzphFb.exe -
Loads dropped DLL 64 IoCs
pid Process 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe -
resource yara_rule behavioral1/memory/1916-0-0x000000013F590000-0x000000013F8E4000-memory.dmp upx behavioral1/files/0x000b00000001226a-3.dat upx behavioral1/files/0x0007000000016855-26.dat upx behavioral1/files/0x0008000000016c62-41.dat upx behavioral1/files/0x00060000000173f4-60.dat upx behavioral1/memory/2100-62-0x000000013F930000-0x000000013FC84000-memory.dmp upx behavioral1/files/0x00060000000173da-61.dat upx behavioral1/files/0x000800000001612f-12.dat upx behavioral1/memory/2764-59-0x000000013F460000-0x000000013F7B4000-memory.dmp upx behavioral1/memory/2576-72-0x000000013FCE0000-0x0000000140034000-memory.dmp upx behavioral1/memory/2588-87-0x000000013FC50000-0x000000013FFA4000-memory.dmp upx behavioral1/files/0x00060000000173fc-86.dat upx behavioral1/memory/2584-85-0x000000013F630000-0x000000013F984000-memory.dmp upx behavioral1/memory/1916-84-0x000000013F590000-0x000000013F8E4000-memory.dmp upx behavioral1/files/0x00060000000173f1-83.dat upx behavioral1/memory/2772-82-0x000000013FB90000-0x000000013FEE4000-memory.dmp upx behavioral1/files/0x000600000001706d-81.dat upx behavioral1/memory/2920-80-0x000000013F660000-0x000000013F9B4000-memory.dmp upx behavioral1/files/0x0008000000016aa9-79.dat upx behavioral1/memory/2108-78-0x000000013FA90000-0x000000013FDE4000-memory.dmp upx behavioral1/files/0x000700000001662e-77.dat upx behavioral1/memory/1040-89-0x000000013F930000-0x000000013FC84000-memory.dmp upx behavioral1/memory/2216-88-0x000000013FD70000-0x00000001400C4000-memory.dmp upx behavioral1/memory/2536-76-0x000000013F210000-0x000000013F564000-memory.dmp upx behavioral1/memory/1784-90-0x000000013F090000-0x000000013F3E4000-memory.dmp upx behavioral1/memory/2668-50-0x000000013FEF0000-0x0000000140244000-memory.dmp upx behavioral1/memory/1040-34-0x000000013F930000-0x000000013FC84000-memory.dmp upx behavioral1/memory/1784-25-0x000000013F090000-0x000000013F3E4000-memory.dmp upx behavioral1/files/0x00080000000161f6-45.dat upx behavioral1/files/0x000700000001658c-27.dat upx behavioral1/memory/2216-20-0x000000013FD70000-0x00000001400C4000-memory.dmp upx behavioral1/memory/1916-6-0x000000013F090000-0x000000013F3E4000-memory.dmp upx behavioral1/memory/2536-97-0x000000013F210000-0x000000013F564000-memory.dmp upx behavioral1/files/0x0009000000015e71-102.dat upx behavioral1/memory/584-119-0x000000013F9D0000-0x000000013FD24000-memory.dmp upx behavioral1/files/0x0006000000017525-115.dat upx behavioral1/memory/2108-109-0x000000013FA90000-0x000000013FDE4000-memory.dmp upx behavioral1/files/0x0006000000017487-105.dat upx behavioral1/files/0x0006000000017472-101.dat upx behavioral1/files/0x0014000000018663-129.dat upx behavioral1/files/0x0005000000018687-140.dat upx behavioral1/files/0x0006000000018c1a-150.dat upx behavioral1/files/0x0006000000018c26-155.dat upx behavioral1/files/0x0005000000019244-195.dat upx behavioral1/memory/2588-583-0x000000013FC50000-0x000000013FFA4000-memory.dmp upx behavioral1/memory/2584-489-0x000000013F630000-0x000000013F984000-memory.dmp upx behavioral1/memory/2772-311-0x000000013FB90000-0x000000013FEE4000-memory.dmp upx behavioral1/files/0x000500000001922c-190.dat upx behavioral1/files/0x00050000000191ff-185.dat upx behavioral1/files/0x00050000000191d4-180.dat upx behavioral1/files/0x00060000000190e0-175.dat upx behavioral1/files/0x00060000000190ce-170.dat upx behavioral1/files/0x000600000001903b-165.dat upx behavioral1/files/0x0006000000018f53-160.dat upx behavioral1/files/0x0005000000018792-145.dat upx behavioral1/files/0x00060000000174a2-128.dat upx behavioral1/memory/2920-123-0x000000013F660000-0x000000013F9B4000-memory.dmp upx behavioral1/files/0x000d00000001866e-134.dat upx behavioral1/memory/2216-585-0x000000013FD70000-0x00000001400C4000-memory.dmp upx behavioral1/memory/1784-586-0x000000013F090000-0x000000013F3E4000-memory.dmp upx behavioral1/memory/1040-587-0x000000013F930000-0x000000013FC84000-memory.dmp upx behavioral1/memory/2668-588-0x000000013FEF0000-0x0000000140244000-memory.dmp upx behavioral1/memory/2576-589-0x000000013FCE0000-0x0000000140034000-memory.dmp upx behavioral1/memory/2100-591-0x000000013F930000-0x000000013FC84000-memory.dmp upx -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\System\sDKhQRc.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\voLTivb.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\VBJPVfa.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\KtSgErf.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\ojVdvPK.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\YHlemmx.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\ttGYHPK.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\yqMEsYJ.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\aGULnus.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\quqMLKy.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\eVlmaST.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\kjShdlc.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\QyZXkaL.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\haMAJSf.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\KpSuLym.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\GeJhHYe.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\ahwTinj.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\iICPXuo.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\wuDArwP.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\niPyPxg.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\KefbmtD.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\wdrHGXQ.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\cHghhqY.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\OHfFARc.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\TbPSsWQ.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\fsLzXPM.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\MNCbQXJ.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\IjWiijL.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\otRoXaH.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\mHmKfIJ.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\NuFTQmm.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\ODjGvzT.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\arFGpEc.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\GxddNor.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\xKEqRmI.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\ooifHwD.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\LWcBaMM.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\vvlzxwW.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\ksqATQN.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\FAAhmPt.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\orbxfKC.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\qnMRzRq.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\IblONtl.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\jQreopx.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\KFKCQko.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\KaYxHAV.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\PnKFZaU.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\RnTDXgI.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\VbnrACo.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\JyzEYAe.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\YbAGNmo.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\QxhozDR.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\DoKnKIM.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\SZawMRT.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\CWzphFb.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\rGNmePe.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\ZVogVmW.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\hSkJysz.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\PwIvEGw.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\PrfLvKx.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\RiZWHhh.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\MARSoCX.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\sWxSVME.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe File created C:\Windows\System\bBiBuvN.exe JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeLockMemoryPrivilege 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe Token: SeLockMemoryPrivilege 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1916 wrote to memory of 1784 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 32 PID 1916 wrote to memory of 1784 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 32 PID 1916 wrote to memory of 1784 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 32 PID 1916 wrote to memory of 2216 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 33 PID 1916 wrote to memory of 2216 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 33 PID 1916 wrote to memory of 2216 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 33 PID 1916 wrote to memory of 2100 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 34 PID 1916 wrote to memory of 2100 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 34 PID 1916 wrote to memory of 2100 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 34 PID 1916 wrote to memory of 1040 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 35 PID 1916 wrote to memory of 1040 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 35 PID 1916 wrote to memory of 1040 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 35 PID 1916 wrote to memory of 2108 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 36 PID 1916 wrote to memory of 2108 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 36 PID 1916 wrote to memory of 2108 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 36 PID 1916 wrote to memory of 2764 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 37 PID 1916 wrote to memory of 2764 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 37 PID 1916 wrote to memory of 2764 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 37 PID 1916 wrote to memory of 2920 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 38 PID 1916 wrote to memory of 2920 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 38 PID 1916 wrote to memory of 2920 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 38 PID 1916 wrote to memory of 2668 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 39 PID 1916 wrote to memory of 2668 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 39 PID 1916 wrote to memory of 2668 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 39 PID 1916 wrote to memory of 2772 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 40 PID 1916 wrote to memory of 2772 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 40 PID 1916 wrote to memory of 2772 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 40 PID 1916 wrote to memory of 2576 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 41 PID 1916 wrote to memory of 2576 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 41 PID 1916 wrote to memory of 2576 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 41 PID 1916 wrote to memory of 2584 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 42 PID 1916 wrote to memory of 2584 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 42 PID 1916 wrote to memory of 2584 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 42 PID 1916 wrote to memory of 2536 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 43 PID 1916 wrote to memory of 2536 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 43 PID 1916 wrote to memory of 2536 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 43 PID 1916 wrote to memory of 2588 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 44 PID 1916 wrote to memory of 2588 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 44 PID 1916 wrote to memory of 2588 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 44 PID 1916 wrote to memory of 584 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 45 PID 1916 wrote to memory of 584 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 45 PID 1916 wrote to memory of 584 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 45 PID 1916 wrote to memory of 1252 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 46 PID 1916 wrote to memory of 1252 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 46 PID 1916 wrote to memory of 1252 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 46 PID 1916 wrote to memory of 1788 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 47 PID 1916 wrote to memory of 1788 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 47 PID 1916 wrote to memory of 1788 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 47 PID 1916 wrote to memory of 1696 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 48 PID 1916 wrote to memory of 1696 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 48 PID 1916 wrote to memory of 1696 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 48 PID 1916 wrote to memory of 1492 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 49 PID 1916 wrote to memory of 1492 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 49 PID 1916 wrote to memory of 1492 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 49 PID 1916 wrote to memory of 864 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 50 PID 1916 wrote to memory of 864 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 50 PID 1916 wrote to memory of 864 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 50 PID 1916 wrote to memory of 2524 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 51 PID 1916 wrote to memory of 2524 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 51 PID 1916 wrote to memory of 2524 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 51 PID 1916 wrote to memory of 1812 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 52 PID 1916 wrote to memory of 1812 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 52 PID 1916 wrote to memory of 1812 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 52 PID 1916 wrote to memory of 668 1916 JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe 53
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ec1cbfc7c5360e59bc7ae21907d7d060eb0e9bf5005fd6a5ddc8cce8e7fb2b9b.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1916 -
C:\Windows\System\hSkJysz.exeC:\Windows\System\hSkJysz.exe2⤵
- Executes dropped EXE
PID:1784
-
-
C:\Windows\System\BewnfcI.exeC:\Windows\System\BewnfcI.exe2⤵
- Executes dropped EXE
PID:2216
-
-
C:\Windows\System\haMAJSf.exeC:\Windows\System\haMAJSf.exe2⤵
- Executes dropped EXE
PID:2100
-
-
C:\Windows\System\LWcBaMM.exeC:\Windows\System\LWcBaMM.exe2⤵
- Executes dropped EXE
PID:1040
-
-
C:\Windows\System\PwIvEGw.exeC:\Windows\System\PwIvEGw.exe2⤵
- Executes dropped EXE
PID:2108
-
-
C:\Windows\System\WmMLGZg.exeC:\Windows\System\WmMLGZg.exe2⤵
- Executes dropped EXE
PID:2764
-
-
C:\Windows\System\jalKjru.exeC:\Windows\System\jalKjru.exe2⤵
- Executes dropped EXE
PID:2920
-
-
C:\Windows\System\JyzEYAe.exeC:\Windows\System\JyzEYAe.exe2⤵
- Executes dropped EXE
PID:2668
-
-
C:\Windows\System\vvlzxwW.exeC:\Windows\System\vvlzxwW.exe2⤵
- Executes dropped EXE
PID:2772
-
-
C:\Windows\System\cLbjaKE.exeC:\Windows\System\cLbjaKE.exe2⤵
- Executes dropped EXE
PID:2576
-
-
C:\Windows\System\QxhozDR.exeC:\Windows\System\QxhozDR.exe2⤵
- Executes dropped EXE
PID:2584
-
-
C:\Windows\System\qnMRzRq.exeC:\Windows\System\qnMRzRq.exe2⤵
- Executes dropped EXE
PID:2536
-
-
C:\Windows\System\byGFsUP.exeC:\Windows\System\byGFsUP.exe2⤵
- Executes dropped EXE
PID:2588
-
-
C:\Windows\System\arFGpEc.exeC:\Windows\System\arFGpEc.exe2⤵
- Executes dropped EXE
PID:584
-
-
C:\Windows\System\PMRLDAN.exeC:\Windows\System\PMRLDAN.exe2⤵
- Executes dropped EXE
PID:1252
-
-
C:\Windows\System\BlRponL.exeC:\Windows\System\BlRponL.exe2⤵
- Executes dropped EXE
PID:1788
-
-
C:\Windows\System\IblONtl.exeC:\Windows\System\IblONtl.exe2⤵
- Executes dropped EXE
PID:1696
-
-
C:\Windows\System\BMlTprf.exeC:\Windows\System\BMlTprf.exe2⤵
- Executes dropped EXE
PID:1492
-
-
C:\Windows\System\KFKCQko.exeC:\Windows\System\KFKCQko.exe2⤵
- Executes dropped EXE
PID:864
-
-
C:\Windows\System\skLQoRR.exeC:\Windows\System\skLQoRR.exe2⤵
- Executes dropped EXE
PID:2524
-
-
C:\Windows\System\NuFTQmm.exeC:\Windows\System\NuFTQmm.exe2⤵
- Executes dropped EXE
PID:1812
-
-
C:\Windows\System\OwIGhRw.exeC:\Windows\System\OwIGhRw.exe2⤵
- Executes dropped EXE
PID:668
-
-
C:\Windows\System\cHghhqY.exeC:\Windows\System\cHghhqY.exe2⤵
- Executes dropped EXE
PID:2392
-
-
C:\Windows\System\kLafzhY.exeC:\Windows\System\kLafzhY.exe2⤵
- Executes dropped EXE
PID:2864
-
-
C:\Windows\System\ZnabiZk.exeC:\Windows\System\ZnabiZk.exe2⤵
- Executes dropped EXE
PID:2376
-
-
C:\Windows\System\WObORwG.exeC:\Windows\System\WObORwG.exe2⤵
- Executes dropped EXE
PID:1152
-
-
C:\Windows\System\oxgLSrJ.exeC:\Windows\System\oxgLSrJ.exe2⤵
- Executes dropped EXE
PID:2384
-
-
C:\Windows\System\ODjGvzT.exeC:\Windows\System\ODjGvzT.exe2⤵
- Executes dropped EXE
PID:1944
-
-
C:\Windows\System\KpSuLym.exeC:\Windows\System\KpSuLym.exe2⤵
- Executes dropped EXE
PID:2060
-
-
C:\Windows\System\sQFWbaY.exeC:\Windows\System\sQFWbaY.exe2⤵
- Executes dropped EXE
PID:756
-
-
C:\Windows\System\DoKnKIM.exeC:\Windows\System\DoKnKIM.exe2⤵
- Executes dropped EXE
PID:1724
-
-
C:\Windows\System\ebBgGPc.exeC:\Windows\System\ebBgGPc.exe2⤵
- Executes dropped EXE
PID:916
-
-
C:\Windows\System\FXvtdNY.exeC:\Windows\System\FXvtdNY.exe2⤵
- Executes dropped EXE
PID:1520
-
-
C:\Windows\System\OHfFARc.exeC:\Windows\System\OHfFARc.exe2⤵
- Executes dropped EXE
PID:1560
-
-
C:\Windows\System\iSoNTRX.exeC:\Windows\System\iSoNTRX.exe2⤵
- Executes dropped EXE
PID:596
-
-
C:\Windows\System\mEfGZpp.exeC:\Windows\System\mEfGZpp.exe2⤵
- Executes dropped EXE
PID:1344
-
-
C:\Windows\System\KFkyBqo.exeC:\Windows\System\KFkyBqo.exe2⤵
- Executes dropped EXE
PID:1540
-
-
C:\Windows\System\gKNuLVE.exeC:\Windows\System\gKNuLVE.exe2⤵
- Executes dropped EXE
PID:2220
-
-
C:\Windows\System\WFVUZck.exeC:\Windows\System\WFVUZck.exe2⤵
- Executes dropped EXE
PID:3032
-
-
C:\Windows\System\GxddNor.exeC:\Windows\System\GxddNor.exe2⤵
- Executes dropped EXE
PID:1900
-
-
C:\Windows\System\JNcCIok.exeC:\Windows\System\JNcCIok.exe2⤵
- Executes dropped EXE
PID:2056
-
-
C:\Windows\System\gkigAEv.exeC:\Windows\System\gkigAEv.exe2⤵
- Executes dropped EXE
PID:2448
-
-
C:\Windows\System\xvHTeBO.exeC:\Windows\System\xvHTeBO.exe2⤵
- Executes dropped EXE
PID:2256
-
-
C:\Windows\System\UCgasGN.exeC:\Windows\System\UCgasGN.exe2⤵
- Executes dropped EXE
PID:2408
-
-
C:\Windows\System\KaYxHAV.exeC:\Windows\System\KaYxHAV.exe2⤵
- Executes dropped EXE
PID:1924
-
-
C:\Windows\System\cuaCuXK.exeC:\Windows\System\cuaCuXK.exe2⤵
- Executes dropped EXE
PID:2972
-
-
C:\Windows\System\bBiBuvN.exeC:\Windows\System\bBiBuvN.exe2⤵
- Executes dropped EXE
PID:888
-
-
C:\Windows\System\ttGYHPK.exeC:\Windows\System\ttGYHPK.exe2⤵
- Executes dropped EXE
PID:1756
-
-
C:\Windows\System\SZawMRT.exeC:\Windows\System\SZawMRT.exe2⤵
- Executes dropped EXE
PID:3036
-
-
C:\Windows\System\WFVlCvS.exeC:\Windows\System\WFVlCvS.exe2⤵
- Executes dropped EXE
PID:1600
-
-
C:\Windows\System\wuDArwP.exeC:\Windows\System\wuDArwP.exe2⤵
- Executes dropped EXE
PID:1604
-
-
C:\Windows\System\LghovLr.exeC:\Windows\System\LghovLr.exe2⤵
- Executes dropped EXE
PID:2244
-
-
C:\Windows\System\AfqliRO.exeC:\Windows\System\AfqliRO.exe2⤵
- Executes dropped EXE
PID:2140
-
-
C:\Windows\System\jQreopx.exeC:\Windows\System\jQreopx.exe2⤵
- Executes dropped EXE
PID:2196
-
-
C:\Windows\System\pHodEUo.exeC:\Windows\System\pHodEUo.exe2⤵
- Executes dropped EXE
PID:2568
-
-
C:\Windows\System\nhcKvEb.exeC:\Windows\System\nhcKvEb.exe2⤵
- Executes dropped EXE
PID:2740
-
-
C:\Windows\System\WUoJcUb.exeC:\Windows\System\WUoJcUb.exe2⤵
- Executes dropped EXE
PID:2560
-
-
C:\Windows\System\hJjMfgA.exeC:\Windows\System\hJjMfgA.exe2⤵
- Executes dropped EXE
PID:2704
-
-
C:\Windows\System\bpXDUiR.exeC:\Windows\System\bpXDUiR.exe2⤵
- Executes dropped EXE
PID:2136
-
-
C:\Windows\System\KtSgErf.exeC:\Windows\System\KtSgErf.exe2⤵
- Executes dropped EXE
PID:2736
-
-
C:\Windows\System\nOZtRKn.exeC:\Windows\System\nOZtRKn.exe2⤵
- Executes dropped EXE
PID:592
-
-
C:\Windows\System\fsHcJJF.exeC:\Windows\System\fsHcJJF.exe2⤵
- Executes dropped EXE
PID:2768
-
-
C:\Windows\System\mKVerrk.exeC:\Windows\System\mKVerrk.exe2⤵
- Executes dropped EXE
PID:2816
-
-
C:\Windows\System\CWzphFb.exeC:\Windows\System\CWzphFb.exe2⤵
- Executes dropped EXE
PID:2700
-
-
C:\Windows\System\TbPSsWQ.exeC:\Windows\System\TbPSsWQ.exe2⤵PID:2608
-
-
C:\Windows\System\WBQnFCu.exeC:\Windows\System\WBQnFCu.exe2⤵PID:3012
-
-
C:\Windows\System\fUNqYIM.exeC:\Windows\System\fUNqYIM.exe2⤵PID:2748
-
-
C:\Windows\System\fsLzXPM.exeC:\Windows\System\fsLzXPM.exe2⤵PID:3028
-
-
C:\Windows\System\bOIURQt.exeC:\Windows\System\bOIURQt.exe2⤵PID:484
-
-
C:\Windows\System\AcSZqlm.exeC:\Windows\System\AcSZqlm.exe2⤵PID:616
-
-
C:\Windows\System\HiRdoRe.exeC:\Windows\System\HiRdoRe.exe2⤵PID:1384
-
-
C:\Windows\System\niPyPxg.exeC:\Windows\System\niPyPxg.exe2⤵PID:2016
-
-
C:\Windows\System\GqNBKbN.exeC:\Windows\System\GqNBKbN.exe2⤵PID:1624
-
-
C:\Windows\System\ojVdvPK.exeC:\Windows\System\ojVdvPK.exe2⤵PID:1644
-
-
C:\Windows\System\OchTTIQ.exeC:\Windows\System\OchTTIQ.exe2⤵PID:2868
-
-
C:\Windows\System\yqMEsYJ.exeC:\Windows\System\yqMEsYJ.exe2⤵PID:2624
-
-
C:\Windows\System\LLwEpch.exeC:\Windows\System\LLwEpch.exe2⤵PID:2716
-
-
C:\Windows\System\xNtgqoj.exeC:\Windows\System\xNtgqoj.exe2⤵PID:1316
-
-
C:\Windows\System\sDKhQRc.exeC:\Windows\System\sDKhQRc.exe2⤵PID:2636
-
-
C:\Windows\System\YHlemmx.exeC:\Windows\System\YHlemmx.exe2⤵PID:1088
-
-
C:\Windows\System\ksqATQN.exeC:\Windows\System\ksqATQN.exe2⤵PID:1956
-
-
C:\Windows\System\OhQnjdE.exeC:\Windows\System\OhQnjdE.exe2⤵PID:2496
-
-
C:\Windows\System\KefbmtD.exeC:\Windows\System\KefbmtD.exe2⤵PID:2944
-
-
C:\Windows\System\xsqmzEd.exeC:\Windows\System\xsqmzEd.exe2⤵PID:1776
-
-
C:\Windows\System\MNCbQXJ.exeC:\Windows\System\MNCbQXJ.exe2⤵PID:2112
-
-
C:\Windows\System\DEYBYrF.exeC:\Windows\System\DEYBYrF.exe2⤵PID:780
-
-
C:\Windows\System\IjWiijL.exeC:\Windows\System\IjWiijL.exe2⤵PID:3040
-
-
C:\Windows\System\FAAhmPt.exeC:\Windows\System\FAAhmPt.exe2⤵PID:2436
-
-
C:\Windows\System\gSJzsmb.exeC:\Windows\System\gSJzsmb.exe2⤵PID:820
-
-
C:\Windows\System\aIQZGKU.exeC:\Windows\System\aIQZGKU.exe2⤵PID:1752
-
-
C:\Windows\System\aGULnus.exeC:\Windows\System\aGULnus.exe2⤵PID:2132
-
-
C:\Windows\System\CanotZi.exeC:\Windows\System\CanotZi.exe2⤵PID:304
-
-
C:\Windows\System\tVfErrj.exeC:\Windows\System\tVfErrj.exe2⤵PID:1712
-
-
C:\Windows\System\vqVqRRO.exeC:\Windows\System\vqVqRRO.exe2⤵PID:2076
-
-
C:\Windows\System\rGNmePe.exeC:\Windows\System\rGNmePe.exe2⤵PID:2572
-
-
C:\Windows\System\bpzYHtw.exeC:\Windows\System\bpzYHtw.exe2⤵PID:2684
-
-
C:\Windows\System\mtpwBsh.exeC:\Windows\System\mtpwBsh.exe2⤵PID:1800
-
-
C:\Windows\System\wMzLMFK.exeC:\Windows\System\wMzLMFK.exe2⤵PID:1920
-
-
C:\Windows\System\xKEqRmI.exeC:\Windows\System\xKEqRmI.exe2⤵PID:2644
-
-
C:\Windows\System\GSUxzuQ.exeC:\Windows\System\GSUxzuQ.exe2⤵PID:2548
-
-
C:\Windows\System\aPVcmlT.exeC:\Windows\System\aPVcmlT.exe2⤵PID:2804
-
-
C:\Windows\System\qARNnih.exeC:\Windows\System\qARNnih.exe2⤵PID:2352
-
-
C:\Windows\System\YbAGNmo.exeC:\Windows\System\YbAGNmo.exe2⤵PID:2204
-
-
C:\Windows\System\kWYBKrJ.exeC:\Windows\System\kWYBKrJ.exe2⤵PID:2656
-
-
C:\Windows\System\OCEDvvt.exeC:\Windows\System\OCEDvvt.exe2⤵PID:2348
-
-
C:\Windows\System\PnKFZaU.exeC:\Windows\System\PnKFZaU.exe2⤵PID:1744
-
-
C:\Windows\System\xMdOSaf.exeC:\Windows\System\xMdOSaf.exe2⤵PID:2780
-
-
C:\Windows\System\WAIExFN.exeC:\Windows\System\WAIExFN.exe2⤵PID:1052
-
-
C:\Windows\System\ydaBJTH.exeC:\Windows\System\ydaBJTH.exe2⤵PID:408
-
-
C:\Windows\System\JPLvmuH.exeC:\Windows\System\JPLvmuH.exe2⤵PID:2940
-
-
C:\Windows\System\otRoXaH.exeC:\Windows\System\otRoXaH.exe2⤵PID:1620
-
-
C:\Windows\System\PeclUCD.exeC:\Windows\System\PeclUCD.exe2⤵PID:2712
-
-
C:\Windows\System\quqMLKy.exeC:\Windows\System\quqMLKy.exe2⤵PID:776
-
-
C:\Windows\System\voLTivb.exeC:\Windows\System\voLTivb.exe2⤵PID:1380
-
-
C:\Windows\System\ExPuuPO.exeC:\Windows\System\ExPuuPO.exe2⤵PID:2368
-
-
C:\Windows\System\ooifHwD.exeC:\Windows\System\ooifHwD.exe2⤵PID:1940
-
-
C:\Windows\System\eVlmaST.exeC:\Windows\System\eVlmaST.exe2⤵PID:308
-
-
C:\Windows\System\wRVGcUA.exeC:\Windows\System\wRVGcUA.exe2⤵PID:2824
-
-
C:\Windows\System\fijpkcF.exeC:\Windows\System\fijpkcF.exe2⤵PID:1792
-
-
C:\Windows\System\pgFXMIF.exeC:\Windows\System\pgFXMIF.exe2⤵PID:2904
-
-
C:\Windows\System\fxzhgcz.exeC:\Windows\System\fxzhgcz.exe2⤵PID:1108
-
-
C:\Windows\System\druHIjZ.exeC:\Windows\System\druHIjZ.exe2⤵PID:2612
-
-
C:\Windows\System\ZVogVmW.exeC:\Windows\System\ZVogVmW.exe2⤵PID:2820
-
-
C:\Windows\System\kjShdlc.exeC:\Windows\System\kjShdlc.exe2⤵PID:2556
-
-
C:\Windows\System\nmVVHNc.exeC:\Windows\System\nmVVHNc.exe2⤵PID:2688
-
-
C:\Windows\System\wdrHGXQ.exeC:\Windows\System\wdrHGXQ.exe2⤵PID:2996
-
-
C:\Windows\System\tJCfwsp.exeC:\Windows\System\tJCfwsp.exe2⤵PID:552
-
-
C:\Windows\System\uIrFWPh.exeC:\Windows\System\uIrFWPh.exe2⤵PID:1408
-
-
C:\Windows\System\jFUCgzv.exeC:\Windows\System\jFUCgzv.exe2⤵PID:2028
-
-
C:\Windows\System\RnTDXgI.exeC:\Windows\System\RnTDXgI.exe2⤵PID:1760
-
-
C:\Windows\System\XVwgkLu.exeC:\Windows\System\XVwgkLu.exe2⤵PID:2808
-
-
C:\Windows\System\DXKkiqW.exeC:\Windows\System\DXKkiqW.exe2⤵PID:2304
-
-
C:\Windows\System\ecqOxDK.exeC:\Windows\System\ecqOxDK.exe2⤵PID:2212
-
-
C:\Windows\System\GeJhHYe.exeC:\Windows\System\GeJhHYe.exe2⤵PID:2728
-
-
C:\Windows\System\Dnwqmfc.exeC:\Windows\System\Dnwqmfc.exe2⤵PID:2828
-
-
C:\Windows\System\aNgwuXf.exeC:\Windows\System\aNgwuXf.exe2⤵PID:1664
-
-
C:\Windows\System\RlZNgoP.exeC:\Windows\System\RlZNgoP.exe2⤵PID:2984
-
-
C:\Windows\System\RiZWHhh.exeC:\Windows\System\RiZWHhh.exe2⤵PID:1536
-
-
C:\Windows\System\ahwTinj.exeC:\Windows\System\ahwTinj.exe2⤵PID:1488
-
-
C:\Windows\System\mPJoLze.exeC:\Windows\System\mPJoLze.exe2⤵PID:3076
-
-
C:\Windows\System\MARSoCX.exeC:\Windows\System\MARSoCX.exe2⤵PID:3096
-
-
C:\Windows\System\ggLnNul.exeC:\Windows\System\ggLnNul.exe2⤵PID:3112
-
-
C:\Windows\System\orbxfKC.exeC:\Windows\System\orbxfKC.exe2⤵PID:3136
-
-
C:\Windows\System\tnhMzaj.exeC:\Windows\System\tnhMzaj.exe2⤵PID:3156
-
-
C:\Windows\System\Adpemvv.exeC:\Windows\System\Adpemvv.exe2⤵PID:3176
-
-
C:\Windows\System\VBJPVfa.exeC:\Windows\System\VBJPVfa.exe2⤵PID:3192
-
-
C:\Windows\System\PrfLvKx.exeC:\Windows\System\PrfLvKx.exe2⤵PID:3212
-
-
C:\Windows\System\iICPXuo.exeC:\Windows\System\iICPXuo.exe2⤵PID:3232
-
-
C:\Windows\System\IvmgkWN.exeC:\Windows\System\IvmgkWN.exe2⤵PID:3256
-
-
C:\Windows\System\sWxSVME.exeC:\Windows\System\sWxSVME.exe2⤵PID:3272
-
-
C:\Windows\System\AExGRnd.exeC:\Windows\System\AExGRnd.exe2⤵PID:3296
-
-
C:\Windows\System\fxIPdtj.exeC:\Windows\System\fxIPdtj.exe2⤵PID:3312
-
-
C:\Windows\System\vmoqmOg.exeC:\Windows\System\vmoqmOg.exe2⤵PID:3336
-
-
C:\Windows\System\QyZXkaL.exeC:\Windows\System\QyZXkaL.exe2⤵PID:3352
-
-
C:\Windows\System\PqncXZA.exeC:\Windows\System\PqncXZA.exe2⤵PID:3372
-
-
C:\Windows\System\VbnrACo.exeC:\Windows\System\VbnrACo.exe2⤵PID:3392
-
-
C:\Windows\System\mHmKfIJ.exeC:\Windows\System\mHmKfIJ.exe2⤵PID:3412
-
-
C:\Windows\System\SVukkyb.exeC:\Windows\System\SVukkyb.exe2⤵PID:3436
-
-
C:\Windows\System\SedkoFy.exeC:\Windows\System\SedkoFy.exe2⤵PID:3456
-
-
C:\Windows\System\PvMpLck.exeC:\Windows\System\PvMpLck.exe2⤵PID:3476
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
MD5b25babc829760aded65be1e7b05bfabe
SHA1d150892d459930c30edc3b76281e38ab89f245e4
SHA256c8aaed2318bb1d9b8df15869caca3e6f8a70d31e1798e1b6d6c7f6aa527c2816
SHA5121a24a2f77e07e79d4df180eaf14b722f8baa42342d96dcb7114efcc5a630a6d624dba234076384ae5db1a403d4eb45b950abebb1ec7ee3c6cc112e8ce917b171
-
Filesize
2.9MB
MD5e402156416b562dc72638fa2796b8afc
SHA176904a067a9b2189fe293c8e138ff8c69fe3765a
SHA256cd395e6ca1b4900fd4c7437b7c5cdf5c9a11e3048daa95e53574458760fdf543
SHA5124b7d60e8da91f7c469af3aa11189b80bf68708f836afcb6d2dddc907c40c5efed619b1b5d462b9f521247b7c4bb9b2f07c6d362dc01f560362a60b88f022c489
-
Filesize
2.9MB
MD5cbbf7671d5e5f69950b4075ca223f30e
SHA1b5de8209c03f0d985a7b5b774d9ebbc64fad9d07
SHA2568b90d6c52d64441cd4cc252fcb9b3633e0b343e9754d901d04ce892369b9019b
SHA512583dc908a21dbe010ac1119b2d020426f4f6a8fa7ffc53d9afebd9cc02266845e7666afdb3ae0f280fa653d51671696cd0a853ec9d50588e5a9341bdb7f7da86
-
Filesize
2.9MB
MD57ff2cc44b07be68244ddd69e7367b895
SHA10cb6e72574c0d414fba76c18f7a78fa68fab2f21
SHA256bb1c3b9911565df87ecd87728d9314596806a80cffd372eaeb0e2ba747177e90
SHA51243b7c8def884c733c33068b77588508a32968ff8e154870ac9f25cdde7538f13114e35400c3ed9c1b8fac912db512b07bc677ca403f464cbb2528caaa0d51afd
-
Filesize
2.9MB
MD5480f606827c37def9541d89bc701f46d
SHA13961d280fa2d2e981ea2ae72017f32ed74dfb345
SHA256ef7328e48dcc3268182805bd7f7fe665fb7b01684e0eaca9108208372bb643fd
SHA5122b00dc84bff79ec643e81fb8dc088486cd7914f19d516112f7650993ced7d89f9f190078c2c8a2910d9c86b17ae8731d14135f6b2741b014dd99317460f23338
-
Filesize
2.9MB
MD592432d01381b4d73dca58337cfcfbed5
SHA15de078ee2285f820abb311e1c885286e074355cc
SHA256d81339e509cc69d4b0d9153452c558b69d7807112b78417c70b343c71ebac7d1
SHA5123c191f4aefc1551c8a6d7466cecf147e77c946b6ab897db593789f1b4e311a96d0abdf59d255e4e1cec87674105f18245676832b0e6d49a513e5098d8a3f8bfb
-
Filesize
2.9MB
MD5e55b03198279a54ce232b32b61d610f5
SHA13ab6eeb4e4856867d47270b6f029fdf8364c6542
SHA2562d874ffecc6e979502cde02c2ce581c84a6d77a21a41af75acfddef12bcd528a
SHA5121fad1e2b65ebf82d9357658ec007925cd516beeca86d8820a85bae00d1f27009f38315ff9777d4205b7c1de7ffa0ae99105d8f542612192f7eb59bc083a5f09a
-
Filesize
2.9MB
MD55bb9eee846bb850332c732e74d4edd8d
SHA1dc41af63d5da749bf9114dc32e635632300ecea2
SHA2564900847b33a9f3160005efbec572617dcbd3ca1a35d87d84539727e292562bd5
SHA5127abbd4d145d5ef69725d521023d90dff61a07a050eebdcb7e7609132ae00a0f5364df52ca76bdbd8baffcf1e0efdd446131fc6d31da72587423230137b93c6cf
-
Filesize
2.9MB
MD55596120d2fb12fada5a7503a2824b382
SHA15280c3135892a2cabbb822e299883f86a6b06a3d
SHA2564ab15399e0f73c2e8b541515ac5522e356649c8c005952522fcec1fe496f9e9e
SHA512d955fb1a5a4a20db44845a9465a0a07a78037581a93a6156a6589c6a97a15315df12fc20b7f714889c535316c800d29bd45deb1a5a9dc1f3f8ac290d1f63fe8d
-
Filesize
2.9MB
MD5ff2d5fd2bdf2a5d8ef30b36ade0435df
SHA1e52d18b9a7438cbe0ffed1d9f208b7608520203d
SHA2562b189f5898268dbbfa0920aaba58ff6b87b78d4408b06f10a867beadbecec5f9
SHA512c74e76781d2f2e426339fe6e3e2a9ee3f0e56787d58da9f52065472d1f76171db893e1cae6afb4c836affbf978187b232a6aaaa3b6cab83fbba730024d8fcc6c
-
Filesize
2.9MB
MD51d2c77ad17f2f185dd27c4131e121f1e
SHA12b465592171cce26970657a6d5465551ae085af6
SHA2561a426b51e5db1650502d77fcc67d53e64d2313869c57ad42be290729c2dbc2d5
SHA512060a04447545b0c116e4dd6a017dcbb3b79e7618998f299339524be25920758101a5bf62db63218678805688f5adb6892e21df4d9963f952b744ef815d56a84c
-
Filesize
2.9MB
MD556e0cb860956622536eb4366fed34dc0
SHA1de505cbe57624f6ae3b639d0813185a63d50ceeb
SHA25680c98ef91e4f1cc1f20f56bf9194eb06aacc8893837e6d36981b5b31e4875acf
SHA512fff7c9a8692f45681538c91e5b2c27aba55692ad9762c906fe4b064900560a24a4632991830f51df7df0d692b671abc5d157cb7e729998398b1d795dd4ced366
-
Filesize
2.9MB
MD519f2edf8c437f85d21aacaa94380a774
SHA121a39dada676683dd2a36ef666258e5c517c9267
SHA256f178d3cca446cdbec9b2e7dc6dd3d42328df6c27cbd72b93811dbec6cf373ee8
SHA5126e8ac135488000e638106b6d39a781f058e5029767b0b1f230c122185922eb2f24122955343e9a4039dcc74212283c3ea0ceed5790789ba413728534b588432e
-
Filesize
2.9MB
MD50e8e2f413019c65c62aef9e50826aad2
SHA1c94b2afc4aa9e150814b847e201d14dd1afd658b
SHA256927446fb38a5a67468e7f996fdcf65c627a94d8e832408e0677a2c399e089a5d
SHA512731a75ae911570caecbacb2995ed3b19529ef900cb949dcb081ee4ab3a8e3d400e0ad279600a3312730eefa0a6163211fb1e0d1335a10d6d6a129d2d6eddd3d6
-
Filesize
2.9MB
MD5a7efd58b29bbcb5fd4260ca56e5c3e72
SHA1d9cc1f08726cc060ef73e24d1c07f4508759c319
SHA2561a3fb03c02d2d7e2b6dcb1e2a510d25cfa4091d1865ae73f456ccf29517ae2f4
SHA512b00a9a3f390e0dea7c57a17a93986ce23e2ea76144e807ff32f8f5feff75981f134e85e09e34367d2afacc54387482f51344ecaeddd47a6082c4f12217443264
-
Filesize
2.9MB
MD5c12c0fdb894bb2f447759fe219448f5a
SHA1a7d228eb6a6a8c29b313800c0be706838d576e7b
SHA256ba00cab23d3c707a28b7c1870cf46276923db4b13e6aa81ee706b11ef15d0cf3
SHA5126f43e4fe7431ceee5bfc0f6f644c0c5974dfdf53a9f05473d3c21a0bc4ac1c286a89effb5f7134ecf09bb0b53258f9466f8b87f4ab22c8b575b57c6446a20336
-
Filesize
2.9MB
MD593b116b6ba9d38d402c96793ecfc020c
SHA1219f1e777e23a92ed123beacab560202c3b8223e
SHA2565a3c84c053f28613e78a891e8ea6e71dc94ecf76552ac5e4b0c518ddee006f55
SHA512d318b8cefb383005c7f8081779be76d4af233d6daa0f18c8937d1e3e7ed83861f5fc2f91bd315e38be5d9aa6d2148fd2d8809e3746a1154c66d6a76b16be2006
-
Filesize
2.9MB
MD542c2c7f0e437f0fda43172d26f00cb9f
SHA148e6af020fe1dccdbf0370fad33a3824025ae242
SHA256e697b1043f86b115dd82671a5bdedcc77d3adac307f113c9c89a82baf717c6b2
SHA512a99a4c65077f6e6069698b1f7f7decc537c107b5524260d27731ba885f387e7fa334047bbda0a54ccfb146899e7c323d100f0ee39ab1040c8c31258b32669074
-
Filesize
2.9MB
MD55e22348573d11276f24cec76a5375af2
SHA1b906f71fb6992908e8536a943bafa803fd844413
SHA2566dbc63fbfea4d73a513fa2dcefb92df23059c31c7965408e95100791ac7d1302
SHA5120df4958f4caaf53bc059b97c36dedd2e00b9a5d4375c896e6227cfa14ce4cc132cf6672ee9c8b1c89b62d90e1bd267bb2332fc33f7866fe62969931bce81d154
-
Filesize
2.9MB
MD5a0feb3f77cbfec46257c0620e163a9ee
SHA11d42c15af5f565f080aa3d8d2c27436f1c53887f
SHA25672c701818a7664f5be905820700699699d7f9dc73bbb8ced8e317de9f5b206f2
SHA512f2bc5ae10678769b9be22cf3937bf7b4f0dac852097a004a85f12c80dc60e86d9f2fb3d7e6e802ba4ff1da02212aee0d04fb2c390f00d79fac984b94c8ccb1d6
-
Filesize
2.9MB
MD5032f3380ad0b5cb7d38936f81840047e
SHA135b4ab923ed0dc75fb9a15ee582ad2f2ad539892
SHA2566a2911b081e63604a5ad56437428889d00e2f41e8995e10c79772be3f95bab52
SHA512eace03010309cf6feb99a5d3d444742c335f11aaaf0e37322e7e12ffe6043dd6ada40f029b85846acf63fbb38929f5fb4b06763a8c9aee3e5c319a1bbcf19fa4
-
Filesize
2.9MB
MD588889a791526c998918e51375eb26ffc
SHA1acd7e5c3f03c42766a5586a0ef79a83dfc0e4821
SHA2567924328837cbf428609722a77306e0e99d67f80d5371d7839d13b9c09196047d
SHA5125f4b4d25e6cc9fa61a827a358cf2ab0c57092737f05686299294f2b865b65e147eab2d1ebf21d252ca5af6f20bfd71cf4adb3fdf878a3d83c729764b401a67ec
-
Filesize
2.9MB
MD5b0ad290758b13f62492244709efdf058
SHA118755f6122c7553f91825aac4ed354c80501b3d0
SHA256e39c5d10c2fdcdcfaa57d685ec501b9b234f519f0e859fc1a6ebb30a7dc8688a
SHA512f52a717c2e0b047e52efda92790d0e6a2d39b106ba7fb8cdfaea3c3c1821bb4b5e9f4b7aa78e4cb365ac508dfda8a5d2f3473f12804afb98788d9295bbb677cd
-
Filesize
2.9MB
MD5e31787e17ba8bf765dddc426a9fddc73
SHA1ed6e448e94ad742252bf0e818f9a2860259120a8
SHA256749b377134062505807e1cf781d9b3a4a9482ecd3a921aef4a8a952816b8f2b0
SHA512fe10d6ebe203de5fb13775d487bc7d95b85c31cb8cb588fad911654d6fdf2a1fe9207b57db474b77b5955d11a7d86764bf843f6a5018625f16d3c9835f7e5aa1
-
Filesize
2.9MB
MD567130b3ac7eb525259ee792b838734e9
SHA100bed623a6a74e16b4d35130c49d78a39690ed06
SHA2569102606dd2ecce6616dc5643869a79771c170372dd2cd367e3e4b4199284b5f4
SHA5121a0780aa9ed9a8fc897c799e800e26af8496efc7b3247e062c1419109b48551b0587ec42932f2894b350f4ef02fe0df893876d589c48d5c940b73c3ede9da325
-
Filesize
2.9MB
MD5042432492c44f4ffd4b9c6a63e5e6504
SHA1c12d80b573851e286614799299689ef022b48957
SHA256e205d840f6a3cbcad1bb05c14ce65a707dc3d2fb5c9a5633a38be86565f4067d
SHA5121534d73c2780c8b70afc5e8d7ec3df58ea06ef5c864c826a2911b6ac8edc105ecb802d5f478ae240a8fe087f3809b4e865f5782aa2d98d40d5d26469125075b9
-
Filesize
2.9MB
MD5bd097105ca03d837e6426984327291f7
SHA131012ae998f9ce4979e103d70ecab3528889ee41
SHA2562d5c69678618313bc9595913a4eb0ff122c231785ce241c90e20af00c3d7b8b3
SHA5123b3a299861c3d0873a6028926611898606c09e715e2837be56b0500072eb20b443c37b6160ab0028cd9439fb131462412622068dd9804af97b28e7964858ce7b
-
Filesize
2.9MB
MD503ed3a17682dcd34fb0a07bd1ec3d307
SHA1b8dc2813a8c0f66c3ffd62eea60c307677163ccd
SHA256ebbc321eada4e00737c210071538ac262548ee75ded35d21f0525aca26c945aa
SHA512e6f784767a801463bcfed8f6ddf9c6d5d6ec71952f6fbf34c644e6dc59c077633b65b92bb45b74c7a20bed4d99384d788652ec79c840f44b777ea83c3114dfba
-
Filesize
2.9MB
MD523c3c7dd843d831e183d7d03200828f4
SHA1fc24e18a0f0455bf3b193c0efc44c52af4685eb0
SHA2563cbf563a56a15b3de3dd11b31f5e1c2d22d236f76adc08da2b8b8d71bbf6ac1d
SHA512575e130a1e8ca41a926e0ec5fb5142e1a9c0a313dd36216a30a14e033e11a6a54761c4344311987b54b0959e0a1193d566864b6773d264fde02c6fe4c37522cc
-
Filesize
2.9MB
MD5521fc62f2c8a00fd3d83b2a1aee25568
SHA19be208c396d4156fba13b8d864aa3b288abc35fd
SHA2561b06d95fdb42ba379ca5b89fee791494286188ae876a842a744fcefb7d6dbe3f
SHA512a9331571976450980514581814fa30108b711e8280495bfb16ee016065d86a865466c3ae6051dd8da219bceadf4f65f401b918c7e5230f3c621a1aada608045a
-
Filesize
2.9MB
MD5c521092c36964cdf282347473b0f7911
SHA1b5c57f42636b54c1e2fe6f3281d7a61f93ab0c02
SHA256c41607aacf6c693610a2ebca6c1e65178dc70f033e44463fec724641321c3dd1
SHA512b77f222189808c07ec0d4e082eac84437e159cdec2dea4677289799ef474b38810b5c7aff32ada307134a45c3dacc18bd564eed4b9446f467b94783fa52435b2
-
Filesize
2.9MB
MD56ebd7f3d429d9c5002b3fa417ffb096f
SHA1ca5625b3cfe644785c46868f513f77a2aad4585e
SHA256eb4b064df9954c9a63d89268becff3de113a9864faeb76c04516b1f90076ab0e
SHA5122f3d564483668b350af76a5388b49a3359ca819a9486904dbd9ccd18b1dd3d927fa36b73fb0926fdd92720f820287da19303551d4945dadb349621e0db4bca71