Analysis
-
max time kernel
52s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 18:29
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll
Resource
win7-20240220-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll
-
Size
2.3MB
-
MD5
a1be9192e891fba4c6b77a3aa2fee9f8
-
SHA1
f9ec2a5a13645fccaf980f90be0d9ddaebf62996
-
SHA256
85980a58e807de02fe0cd2e795c66b1c435408427bc0c5a30aa2d84447bdd10d
-
SHA512
624b005be5da8eb9c2c64e434320f542b6d1f6338a2ee8d083d202047650a8e82b5a6365b4f948f8d87d19964d44155a6ae077f9390b736c7949e8d7e318c8ff
-
SSDEEP
49152:zfo+nVDb0LLygXtKKGcDRQWFqG9v0R/k+hKhQwZHb:k8VDb0JXtKBWFqG9MR/dhKhQwZ7
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2156 wrote to memory of 4364 2156 rundll32.exe 81 PID 2156 wrote to memory of 4364 2156 rundll32.exe 81 PID 2156 wrote to memory of 4364 2156 rundll32.exe 81 PID 4364 wrote to memory of 4644 4364 rundll32.exe 82 PID 4364 wrote to memory of 4644 4364 rundll32.exe 82 PID 4364 wrote to memory of 4644 4364 rundll32.exe 82 PID 4644 wrote to memory of 4828 4644 rundll32.exe 83 PID 4644 wrote to memory of 4828 4644 rundll32.exe 83 PID 4644 wrote to memory of 4828 4644 rundll32.exe 83 PID 4828 wrote to memory of 6116 4828 rundll32.exe 84 PID 4828 wrote to memory of 6116 4828 rundll32.exe 84 PID 4828 wrote to memory of 6116 4828 rundll32.exe 84 PID 6116 wrote to memory of 3692 6116 rundll32.exe 85 PID 6116 wrote to memory of 3692 6116 rundll32.exe 85 PID 6116 wrote to memory of 3692 6116 rundll32.exe 85 PID 3692 wrote to memory of 5976 3692 rundll32.exe 86 PID 3692 wrote to memory of 5976 3692 rundll32.exe 86 PID 3692 wrote to memory of 5976 3692 rundll32.exe 86 PID 5976 wrote to memory of 4500 5976 rundll32.exe 87 PID 5976 wrote to memory of 4500 5976 rundll32.exe 87 PID 5976 wrote to memory of 4500 5976 rundll32.exe 87 PID 4500 wrote to memory of 4712 4500 rundll32.exe 88 PID 4500 wrote to memory of 4712 4500 rundll32.exe 88 PID 4500 wrote to memory of 4712 4500 rundll32.exe 88 PID 4712 wrote to memory of 5780 4712 rundll32.exe 89 PID 4712 wrote to memory of 5780 4712 rundll32.exe 89 PID 4712 wrote to memory of 5780 4712 rundll32.exe 89 PID 5780 wrote to memory of 3408 5780 rundll32.exe 90 PID 5780 wrote to memory of 3408 5780 rundll32.exe 90 PID 5780 wrote to memory of 3408 5780 rundll32.exe 90 PID 3408 wrote to memory of 6084 3408 rundll32.exe 91 PID 3408 wrote to memory of 6084 3408 rundll32.exe 91 PID 3408 wrote to memory of 6084 3408 rundll32.exe 91 PID 6084 wrote to memory of 4468 6084 rundll32.exe 92 PID 6084 wrote to memory of 4468 6084 rundll32.exe 92 PID 6084 wrote to memory of 4468 6084 rundll32.exe 92 PID 4468 wrote to memory of 6088 4468 rundll32.exe 93 PID 4468 wrote to memory of 6088 4468 rundll32.exe 93 PID 4468 wrote to memory of 6088 4468 rundll32.exe 93 PID 6088 wrote to memory of 3288 6088 rundll32.exe 94 PID 6088 wrote to memory of 3288 6088 rundll32.exe 94 PID 6088 wrote to memory of 3288 6088 rundll32.exe 94 PID 3288 wrote to memory of 4380 3288 rundll32.exe 95 PID 3288 wrote to memory of 4380 3288 rundll32.exe 95 PID 3288 wrote to memory of 4380 3288 rundll32.exe 95 PID 4380 wrote to memory of 1592 4380 rundll32.exe 96 PID 4380 wrote to memory of 1592 4380 rundll32.exe 96 PID 4380 wrote to memory of 1592 4380 rundll32.exe 96 PID 1592 wrote to memory of 1016 1592 rundll32.exe 97 PID 1592 wrote to memory of 1016 1592 rundll32.exe 97 PID 1592 wrote to memory of 1016 1592 rundll32.exe 97 PID 1016 wrote to memory of 4376 1016 rundll32.exe 98 PID 1016 wrote to memory of 4376 1016 rundll32.exe 98 PID 1016 wrote to memory of 4376 1016 rundll32.exe 98 PID 4376 wrote to memory of 2748 4376 rundll32.exe 99 PID 4376 wrote to memory of 2748 4376 rundll32.exe 99 PID 4376 wrote to memory of 2748 4376 rundll32.exe 99 PID 2748 wrote to memory of 1576 2748 rundll32.exe 100 PID 2748 wrote to memory of 1576 2748 rundll32.exe 100 PID 2748 wrote to memory of 1576 2748 rundll32.exe 100 PID 1576 wrote to memory of 3916 1576 rundll32.exe 101 PID 1576 wrote to memory of 3916 1576 rundll32.exe 101 PID 1576 wrote to memory of 3916 1576 rundll32.exe 101 PID 3916 wrote to memory of 1356 3916 rundll32.exe 102
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2156 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:4364 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#13⤵
- Suspicious use of WriteProcessMemory
PID:4644 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#14⤵
- Suspicious use of WriteProcessMemory
PID:4828 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#15⤵
- Suspicious use of WriteProcessMemory
PID:6116 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#16⤵
- Suspicious use of WriteProcessMemory
PID:3692 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#17⤵
- Suspicious use of WriteProcessMemory
PID:5976 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#18⤵
- Suspicious use of WriteProcessMemory
PID:4500 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#19⤵
- Suspicious use of WriteProcessMemory
PID:4712 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#110⤵
- Suspicious use of WriteProcessMemory
PID:5780 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#111⤵
- Suspicious use of WriteProcessMemory
PID:3408 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#112⤵
- Suspicious use of WriteProcessMemory
PID:6084 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#113⤵
- Suspicious use of WriteProcessMemory
PID:4468 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#114⤵
- Suspicious use of WriteProcessMemory
PID:6088 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#115⤵
- Suspicious use of WriteProcessMemory
PID:3288 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#116⤵
- Suspicious use of WriteProcessMemory
PID:4380 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#117⤵
- Suspicious use of WriteProcessMemory
PID:1592 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#118⤵
- Suspicious use of WriteProcessMemory
PID:1016 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#119⤵
- Suspicious use of WriteProcessMemory
PID:4376 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#120⤵
- Suspicious use of WriteProcessMemory
PID:2748 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#121⤵
- Suspicious use of WriteProcessMemory
PID:1576 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#122⤵
- Suspicious use of WriteProcessMemory
PID:3916 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#123⤵PID:1356
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#124⤵PID:2560
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#125⤵PID:3976
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#126⤵PID:940
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#127⤵PID:4932
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#128⤵PID:1140
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#129⤵PID:3528
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#130⤵PID:4336
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#131⤵PID:2384
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#132⤵PID:2416
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#133⤵PID:1272
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#134⤵PID:5340
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#135⤵PID:5612
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#136⤵PID:1216
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#137⤵PID:3104
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#138⤵PID:5712
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#139⤵PID:3464
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#140⤵PID:4976
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#141⤵PID:4404
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#142⤵PID:1828
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#143⤵PID:4604
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#144⤵PID:488
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#145⤵PID:1432
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#146⤵PID:4192
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#147⤵PID:1984
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#148⤵PID:4328
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#149⤵PID:5232
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#150⤵PID:5212
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#151⤵PID:1580
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#152⤵PID:4688
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#153⤵PID:5220
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#154⤵PID:5208
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#155⤵PID:5228
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#156⤵PID:5180
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#157⤵PID:5216
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#158⤵PID:484
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#159⤵PID:4568
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#160⤵PID:3112
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#161⤵PID:4424
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#162⤵PID:3624
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#163⤵PID:4092
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#164⤵PID:2376
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#165⤵PID:4260
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#166⤵PID:4504
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#167⤵PID:4996
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#168⤵PID:2596
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#169⤵PID:5680
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#170⤵PID:4484
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#171⤵PID:2472
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#172⤵PID:3116
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#173⤵PID:848
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#174⤵PID:3196
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#175⤵PID:2764
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#176⤵PID:3716
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#177⤵PID:3544
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#178⤵PID:3884
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#179⤵PID:2324
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#180⤵PID:4048
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#181⤵PID:5088
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#182⤵PID:5068
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#183⤵PID:1824
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#184⤵PID:2516
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#185⤵PID:5584
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#186⤵PID:5544
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#187⤵PID:5688
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#188⤵PID:1872
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#189⤵PID:4544
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#190⤵PID:1004
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#191⤵PID:4064
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#192⤵PID:1260
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#193⤵PID:756
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#194⤵PID:4848
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#195⤵PID:5368
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#196⤵PID:4592
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#197⤵PID:1924
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#198⤵PID:396
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#199⤵PID:3512
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1100⤵PID:4968
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1101⤵PID:1612
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1102⤵PID:660
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1103⤵PID:3040
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1104⤵PID:1584
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1105⤵PID:5904
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1106⤵PID:2600
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1107⤵PID:2592
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1108⤵PID:2684
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1109⤵PID:4352
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1110⤵PID:2420
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1111⤵PID:1844
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1112⤵PID:1776
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1113⤵PID:3480
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1114⤵PID:5536
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1115⤵PID:3212
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1116⤵PID:3616
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1117⤵PID:2300
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1118⤵PID:2872
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1119⤵PID:3700
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1120⤵PID:5900
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1121⤵PID:1488
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a1be9192e891fba4c6b77a3aa2fee9f8_JaffaCakes118.dll,#1122⤵PID:5540
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-