Analysis
-
max time kernel
145s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
19-07-2024 12:41
Behavioral task
behavioral1
Sample
5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll
Resource
win7-20240705-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll
-
Size
6.6MB
-
MD5
5bfcd9b06d57c79a788db9bbb9ab0f1b
-
SHA1
14de5ec565c625622d2b039898158f8b4b9980af
-
SHA256
1e102bdc029c12f0e597d8676b5453cd785bf389c281f777a257efd46f09c2d7
-
SHA512
1ba207e3a44dceca079941dba61af1d665f81b04b2ca8a3576fe49d772ae936b95136b3fbe9065c015d35f807ec540ef9d1c6a5549964b84f1d7319d1fc22355
-
SSDEEP
98304:1tTOy/2z7Y9FDxz3ETXwLpju5khqtSaJ8vixbB+pQryqUd:PP9Tpu5khY8vE+yrNs
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
rundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exedescription pid Process procid_target PID 856 wrote to memory of 3616 856 rundll32.exe 84 PID 856 wrote to memory of 3616 856 rundll32.exe 84 PID 856 wrote to memory of 3616 856 rundll32.exe 84 PID 3616 wrote to memory of 5084 3616 rundll32.exe 85 PID 3616 wrote to memory of 5084 3616 rundll32.exe 85 PID 3616 wrote to memory of 5084 3616 rundll32.exe 85 PID 5084 wrote to memory of 64 5084 rundll32.exe 86 PID 5084 wrote to memory of 64 5084 rundll32.exe 86 PID 5084 wrote to memory of 64 5084 rundll32.exe 86 PID 64 wrote to memory of 4396 64 rundll32.exe 87 PID 64 wrote to memory of 4396 64 rundll32.exe 87 PID 64 wrote to memory of 4396 64 rundll32.exe 87 PID 4396 wrote to memory of 4056 4396 rundll32.exe 88 PID 4396 wrote to memory of 4056 4396 rundll32.exe 88 PID 4396 wrote to memory of 4056 4396 rundll32.exe 88 PID 4056 wrote to memory of 3076 4056 rundll32.exe 89 PID 4056 wrote to memory of 3076 4056 rundll32.exe 89 PID 4056 wrote to memory of 3076 4056 rundll32.exe 89 PID 3076 wrote to memory of 3252 3076 rundll32.exe 90 PID 3076 wrote to memory of 3252 3076 rundll32.exe 90 PID 3076 wrote to memory of 3252 3076 rundll32.exe 90 PID 3252 wrote to memory of 884 3252 rundll32.exe 91 PID 3252 wrote to memory of 884 3252 rundll32.exe 91 PID 3252 wrote to memory of 884 3252 rundll32.exe 91 PID 884 wrote to memory of 620 884 rundll32.exe 92 PID 884 wrote to memory of 620 884 rundll32.exe 92 PID 884 wrote to memory of 620 884 rundll32.exe 92 PID 620 wrote to memory of 3228 620 rundll32.exe 93 PID 620 wrote to memory of 3228 620 rundll32.exe 93 PID 620 wrote to memory of 3228 620 rundll32.exe 93 PID 3228 wrote to memory of 2596 3228 rundll32.exe 94 PID 3228 wrote to memory of 2596 3228 rundll32.exe 94 PID 3228 wrote to memory of 2596 3228 rundll32.exe 94 PID 2596 wrote to memory of 4916 2596 rundll32.exe 95 PID 2596 wrote to memory of 4916 2596 rundll32.exe 95 PID 2596 wrote to memory of 4916 2596 rundll32.exe 95 PID 4916 wrote to memory of 2928 4916 rundll32.exe 97 PID 4916 wrote to memory of 2928 4916 rundll32.exe 97 PID 4916 wrote to memory of 2928 4916 rundll32.exe 97 PID 2928 wrote to memory of 3700 2928 rundll32.exe 98 PID 2928 wrote to memory of 3700 2928 rundll32.exe 98 PID 2928 wrote to memory of 3700 2928 rundll32.exe 98 PID 3700 wrote to memory of 3540 3700 rundll32.exe 99 PID 3700 wrote to memory of 3540 3700 rundll32.exe 99 PID 3700 wrote to memory of 3540 3700 rundll32.exe 99 PID 3540 wrote to memory of 2188 3540 rundll32.exe 100 PID 3540 wrote to memory of 2188 3540 rundll32.exe 100 PID 3540 wrote to memory of 2188 3540 rundll32.exe 100 PID 2188 wrote to memory of 208 2188 rundll32.exe 101 PID 2188 wrote to memory of 208 2188 rundll32.exe 101 PID 2188 wrote to memory of 208 2188 rundll32.exe 101 PID 208 wrote to memory of 4068 208 rundll32.exe 102 PID 208 wrote to memory of 4068 208 rundll32.exe 102 PID 208 wrote to memory of 4068 208 rundll32.exe 102 PID 4068 wrote to memory of 2668 4068 rundll32.exe 103 PID 4068 wrote to memory of 2668 4068 rundll32.exe 103 PID 4068 wrote to memory of 2668 4068 rundll32.exe 103 PID 2668 wrote to memory of 452 2668 rundll32.exe 104 PID 2668 wrote to memory of 452 2668 rundll32.exe 104 PID 2668 wrote to memory of 452 2668 rundll32.exe 104 PID 452 wrote to memory of 5072 452 rundll32.exe 105 PID 452 wrote to memory of 5072 452 rundll32.exe 105 PID 452 wrote to memory of 5072 452 rundll32.exe 105 PID 5072 wrote to memory of 2412 5072 rundll32.exe 107
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:856 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:3616 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#13⤵
- Suspicious use of WriteProcessMemory
PID:5084 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#14⤵
- Suspicious use of WriteProcessMemory
PID:64 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#15⤵
- Suspicious use of WriteProcessMemory
PID:4396 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#16⤵
- Suspicious use of WriteProcessMemory
PID:4056 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#17⤵
- Suspicious use of WriteProcessMemory
PID:3076 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#18⤵
- Suspicious use of WriteProcessMemory
PID:3252 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#19⤵
- Suspicious use of WriteProcessMemory
PID:884 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#110⤵
- Suspicious use of WriteProcessMemory
PID:620 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#111⤵
- Suspicious use of WriteProcessMemory
PID:3228 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#112⤵
- Suspicious use of WriteProcessMemory
PID:2596 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#113⤵
- Suspicious use of WriteProcessMemory
PID:4916 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#114⤵
- Suspicious use of WriteProcessMemory
PID:2928 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#115⤵
- Suspicious use of WriteProcessMemory
PID:3700 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#116⤵
- Suspicious use of WriteProcessMemory
PID:3540 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#117⤵
- Suspicious use of WriteProcessMemory
PID:2188 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#118⤵
- Suspicious use of WriteProcessMemory
PID:208 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#119⤵
- Suspicious use of WriteProcessMemory
PID:4068 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#120⤵
- Suspicious use of WriteProcessMemory
PID:2668 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#121⤵
- Suspicious use of WriteProcessMemory
PID:452 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#122⤵
- Suspicious use of WriteProcessMemory
PID:5072 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#123⤵PID:2412
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#124⤵PID:2452
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#125⤵PID:2624
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#126⤵PID:548
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#127⤵PID:4468
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#128⤵PID:1680
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#129⤵PID:3828
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#130⤵PID:2744
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#131⤵PID:1984
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#132⤵PID:2324
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#133⤵PID:3820
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#134⤵PID:4632
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#135⤵PID:2960
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#136⤵PID:4380
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#137⤵PID:1568
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#138⤵PID:1524
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#139⤵PID:392
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#140⤵PID:3404
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#141⤵PID:4792
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#142⤵PID:4992
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#143⤵PID:2484
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#144⤵PID:1268
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#145⤵PID:4408
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#146⤵PID:2780
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#147⤵PID:3220
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#148⤵PID:4852
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#149⤵PID:4736
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#150⤵PID:1120
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#151⤵PID:3956
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#152⤵PID:2592
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#153⤵PID:4400
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#154⤵PID:3692
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#155⤵PID:3428
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#156⤵PID:1536
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#157⤵PID:776
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#158⤵PID:1920
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#159⤵PID:2508
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#160⤵PID:372
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#161⤵PID:976
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#162⤵PID:2568
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#163⤵PID:1560
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#164⤵PID:1712
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#165⤵PID:3628
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#166⤵PID:2292
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#167⤵PID:4684
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#168⤵PID:2064
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#169⤵PID:4212
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#170⤵PID:2540
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#171⤵PID:4020
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#172⤵PID:3964
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#173⤵PID:1788
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#174⤵PID:4676
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#175⤵PID:1400
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#176⤵PID:3688
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#177⤵PID:1936
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#178⤵PID:4044
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#179⤵PID:4436
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#180⤵PID:3492
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#181⤵PID:3980
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#182⤵PID:224
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#183⤵PID:2600
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#184⤵PID:1148
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#185⤵PID:4404
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#186⤵PID:1420
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#187⤵PID:540
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#188⤵PID:2708
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#189⤵PID:640
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#190⤵PID:636
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#191⤵PID:2432
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#192⤵PID:4928
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#193⤵PID:4344
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#194⤵PID:4356
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#195⤵PID:2736
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#196⤵PID:4888
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#197⤵PID:4276
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#198⤵PID:928
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#199⤵PID:4360
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1100⤵PID:4420
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1101⤵PID:824
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1102⤵PID:5128
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1103⤵PID:5144
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1104⤵PID:5160
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1105⤵PID:5176
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1106⤵PID:5192
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1107⤵PID:5208
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1108⤵PID:5224
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1109⤵PID:5244
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1110⤵PID:5256
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1111⤵PID:5276
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1112⤵PID:5292
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1113⤵PID:5308
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1114⤵PID:5324
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1115⤵PID:5340
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1116⤵PID:5356
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1117⤵PID:5372
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1118⤵PID:5392
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1119⤵PID:5404
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1120⤵PID:5420
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1121⤵PID:5444
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfcd9b06d57c79a788db9bbb9ab0f1b_JaffaCakes118.dll,#1122⤵PID:5460
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-