Overview
overview
6Static
static
34fa776169a...18.exe
windows7-x64
34fa776169a...18.exe
windows10-2004-x64
3$PLUGINSDI...AC.dll
windows7-x64
3$PLUGINSDI...AC.dll
windows10-2004-x64
3$PLUGINSDI...VC.dll
windows7-x64
3$PLUGINSDI...VC.dll
windows10-2004-x64
3$PLUGINSDI...np.dll
windows7-x64
3$PLUGINSDI...np.dll
windows10-2004-x64
3$PLUGINSDI...el.dll
windows7-x64
3$PLUGINSDI...el.dll
windows10-2004-x64
3$PLUGINSDIR/Live.dll
windows7-x64
3$PLUGINSDIR/Live.dll
windows10-2004-x64
3$PLUGINSDI...le.dll
windows7-x64
3$PLUGINSDI...le.dll
windows10-2004-x64
3$PLUGINSDIR/PPAP.exe
windows7-x64
3$PLUGINSDIR/PPAP.exe
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3$PLUGINSDI...og.dll
windows7-x64
3$PLUGINSDI...og.dll
windows10-2004-x64
3$PLUGINSDI...le.dll
windows7-x64
3$PLUGINSDI...le.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...nt.dll
windows7-x64
6$PLUGINSDI...nt.dll
windows10-2004-x64
3$PLUGINSDI...yD.dll
windows7-x64
3$PLUGINSDI...yD.dll
windows10-2004-x64
3$PLUGINSDI...le.dll
windows7-x64
3$PLUGINSDI...le.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
16/10/2024, 23:40
Static task
static1
Behavioral task
behavioral1
Sample
4fa776169a7d101e5da18227822d183e_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4fa776169a7d101e5da18227822d183e_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/CoreAAC.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/CoreAAC.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/CoreAVC.dll
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/CoreAVC.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/FWUpnp.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/FWUpnp.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/Hookkernel.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/Hookkernel.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/Live.dll
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/Live.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/MngModule.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/MngModule.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/PPAP.exe
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/PPAP.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/PPHookShell.dll
Resource
win7-20241010-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/PPHookShell.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/PPInstallLog.dll
Resource
win7-20240729-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/PPInstallLog.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/Send_Log_Kernel_Module.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/Send_Log_Kernel_Module.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/TipsClient.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/TipsClient.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/VAProxyD.dll
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/VAProxyD.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/admodule.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/admodule.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/audioswitcher.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/audioswitcher.dll
Resource
win10v2004-20241007-en
General
-
Target
$PLUGINSDIR/CoreAVC.dll
-
Size
26KB
-
MD5
4b6451e30fd1835c0af3db68c6cfabd7
-
SHA1
264405ee0ae0f74b833ae8642645ceb2ce0ec1c7
-
SHA256
df307f34858014411fa15a99f59a2bdd80860f6fa491a966075da8bca4bc8f32
-
SHA512
7015f33299594545fdc4e0aa45bc5f9fd4fa451d1a6268c71831b4fda753387d5cc9bdd1edfebcc2c94c2cfd97d1e534e93c18f3a83886d709691d2d7908a7dd
-
SSDEEP
768:e9uWjQQOSRQgT0cukBYS2VXdTsrfZvm03cTX1Lt9gn27:e9TMSlT0cuCcdIjZvyTX1LtN7
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5108 wrote to memory of 2968 5108 rundll32.exe 84 PID 5108 wrote to memory of 2968 5108 rundll32.exe 84 PID 5108 wrote to memory of 2968 5108 rundll32.exe 84 PID 2968 wrote to memory of 2584 2968 rundll32.exe 87 PID 2968 wrote to memory of 2584 2968 rundll32.exe 87 PID 2968 wrote to memory of 2584 2968 rundll32.exe 87 PID 2584 wrote to memory of 4468 2584 rundll32.exe 88 PID 2584 wrote to memory of 4468 2584 rundll32.exe 88 PID 2584 wrote to memory of 4468 2584 rundll32.exe 88 PID 4468 wrote to memory of 4692 4468 rundll32.exe 89 PID 4468 wrote to memory of 4692 4468 rundll32.exe 89 PID 4468 wrote to memory of 4692 4468 rundll32.exe 89 PID 4692 wrote to memory of 2296 4692 rundll32.exe 90 PID 4692 wrote to memory of 2296 4692 rundll32.exe 90 PID 4692 wrote to memory of 2296 4692 rundll32.exe 90 PID 2296 wrote to memory of 5052 2296 rundll32.exe 91 PID 2296 wrote to memory of 5052 2296 rundll32.exe 91 PID 2296 wrote to memory of 5052 2296 rundll32.exe 91 PID 5052 wrote to memory of 2328 5052 rundll32.exe 92 PID 5052 wrote to memory of 2328 5052 rundll32.exe 92 PID 5052 wrote to memory of 2328 5052 rundll32.exe 92 PID 2328 wrote to memory of 1092 2328 rundll32.exe 93 PID 2328 wrote to memory of 1092 2328 rundll32.exe 93 PID 2328 wrote to memory of 1092 2328 rundll32.exe 93 PID 1092 wrote to memory of 1184 1092 rundll32.exe 94 PID 1092 wrote to memory of 1184 1092 rundll32.exe 94 PID 1092 wrote to memory of 1184 1092 rundll32.exe 94 PID 1184 wrote to memory of 4300 1184 rundll32.exe 95 PID 1184 wrote to memory of 4300 1184 rundll32.exe 95 PID 1184 wrote to memory of 4300 1184 rundll32.exe 95 PID 4300 wrote to memory of 2408 4300 rundll32.exe 96 PID 4300 wrote to memory of 2408 4300 rundll32.exe 96 PID 4300 wrote to memory of 2408 4300 rundll32.exe 96 PID 2408 wrote to memory of 972 2408 rundll32.exe 97 PID 2408 wrote to memory of 972 2408 rundll32.exe 97 PID 2408 wrote to memory of 972 2408 rundll32.exe 97 PID 972 wrote to memory of 1472 972 rundll32.exe 98 PID 972 wrote to memory of 1472 972 rundll32.exe 98 PID 972 wrote to memory of 1472 972 rundll32.exe 98 PID 1472 wrote to memory of 3568 1472 rundll32.exe 99 PID 1472 wrote to memory of 3568 1472 rundll32.exe 99 PID 1472 wrote to memory of 3568 1472 rundll32.exe 99 PID 3568 wrote to memory of 3844 3568 rundll32.exe 100 PID 3568 wrote to memory of 3844 3568 rundll32.exe 100 PID 3568 wrote to memory of 3844 3568 rundll32.exe 100 PID 3844 wrote to memory of 3704 3844 rundll32.exe 101 PID 3844 wrote to memory of 3704 3844 rundll32.exe 101 PID 3844 wrote to memory of 3704 3844 rundll32.exe 101 PID 3704 wrote to memory of 868 3704 rundll32.exe 102 PID 3704 wrote to memory of 868 3704 rundll32.exe 102 PID 3704 wrote to memory of 868 3704 rundll32.exe 102 PID 868 wrote to memory of 3812 868 rundll32.exe 103 PID 868 wrote to memory of 3812 868 rundll32.exe 103 PID 868 wrote to memory of 3812 868 rundll32.exe 103 PID 3812 wrote to memory of 968 3812 rundll32.exe 104 PID 3812 wrote to memory of 968 3812 rundll32.exe 104 PID 3812 wrote to memory of 968 3812 rundll32.exe 104 PID 968 wrote to memory of 4836 968 rundll32.exe 105 PID 968 wrote to memory of 4836 968 rundll32.exe 105 PID 968 wrote to memory of 4836 968 rundll32.exe 105 PID 4836 wrote to memory of 996 4836 rundll32.exe 106 PID 4836 wrote to memory of 996 4836 rundll32.exe 106 PID 4836 wrote to memory of 996 4836 rundll32.exe 106 PID 996 wrote to memory of 1612 996 rundll32.exe 107
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5108 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2968 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#13⤵
- Suspicious use of WriteProcessMemory
PID:2584 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#14⤵
- Suspicious use of WriteProcessMemory
PID:4468 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#15⤵
- Suspicious use of WriteProcessMemory
PID:4692 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#16⤵
- Suspicious use of WriteProcessMemory
PID:2296 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#17⤵
- Suspicious use of WriteProcessMemory
PID:5052 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#18⤵
- Suspicious use of WriteProcessMemory
PID:2328 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#19⤵
- Suspicious use of WriteProcessMemory
PID:1092 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#110⤵
- Suspicious use of WriteProcessMemory
PID:1184 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#111⤵
- Suspicious use of WriteProcessMemory
PID:4300 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#112⤵
- Suspicious use of WriteProcessMemory
PID:2408 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#113⤵
- Suspicious use of WriteProcessMemory
PID:972 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#114⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1472 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#115⤵
- Suspicious use of WriteProcessMemory
PID:3568 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#116⤵
- Suspicious use of WriteProcessMemory
PID:3844 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#117⤵
- Suspicious use of WriteProcessMemory
PID:3704 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#118⤵
- Suspicious use of WriteProcessMemory
PID:868 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#119⤵
- Suspicious use of WriteProcessMemory
PID:3812 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#120⤵
- Suspicious use of WriteProcessMemory
PID:968 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#121⤵
- Suspicious use of WriteProcessMemory
PID:4836 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#122⤵
- Suspicious use of WriteProcessMemory
PID:996 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#123⤵PID:1612
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#124⤵PID:5020
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#125⤵PID:2772
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#126⤵PID:4848
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#127⤵PID:4988
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#128⤵PID:2804
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#129⤵PID:4384
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#130⤵PID:680
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#131⤵PID:228
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#132⤵PID:1940
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#133⤵PID:2320
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#134⤵PID:336
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#135⤵PID:1596
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#136⤵PID:3220
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#137⤵PID:4040
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#138⤵PID:2348
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#139⤵
- System Location Discovery: System Language Discovery
PID:3668 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#140⤵PID:456
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#141⤵PID:4716
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#142⤵PID:3772
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#143⤵PID:4840
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#144⤵PID:3304
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#145⤵PID:4008
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#146⤵PID:3408
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#147⤵PID:1780
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#148⤵PID:3984
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#149⤵PID:4772
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#150⤵PID:908
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#151⤵PID:2148
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#152⤵PID:2128
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#153⤵PID:184
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#154⤵PID:3288
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#155⤵PID:4920
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#156⤵PID:4196
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#157⤵PID:4176
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#158⤵PID:3644
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#159⤵PID:4012
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#160⤵PID:4540
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#161⤵PID:4788
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#162⤵PID:4124
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#163⤵PID:2004
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#164⤵PID:2824
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#165⤵PID:3836
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#166⤵
- System Location Discovery: System Language Discovery
PID:5072 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#167⤵PID:4860
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#168⤵PID:4760
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#169⤵PID:4580
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#170⤵PID:3920
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#171⤵PID:4456
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#172⤵
- System Location Discovery: System Language Discovery
PID:4932 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#173⤵PID:2992
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#174⤵PID:3064
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#175⤵PID:4044
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#176⤵PID:3632
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#177⤵PID:3180
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#178⤵PID:324
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#179⤵PID:3112
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#180⤵PID:4060
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#181⤵PID:840
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#182⤵PID:3592
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#183⤵PID:2340
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#184⤵PID:2516
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#185⤵PID:4396
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#186⤵PID:4392
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#187⤵PID:3520
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#188⤵PID:704
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#189⤵
- System Location Discovery: System Language Discovery
PID:4020 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#190⤵PID:1088
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#191⤵PID:4928
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#192⤵
- System Location Discovery: System Language Discovery
PID:3448 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#193⤵PID:5140
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#194⤵PID:5156
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#195⤵PID:5176
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#196⤵PID:5192
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#197⤵PID:5212
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#198⤵
- System Location Discovery: System Language Discovery
PID:5232 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#199⤵PID:5248
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1100⤵PID:5264
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1101⤵PID:5280
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1102⤵PID:5296
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1103⤵PID:5312
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1104⤵
- System Location Discovery: System Language Discovery
PID:5332 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1105⤵PID:5348
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1106⤵
- System Location Discovery: System Language Discovery
PID:5364 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1107⤵PID:5380
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1108⤵PID:5392
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1109⤵PID:5408
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1110⤵PID:5424
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1111⤵PID:5440
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1112⤵
- System Location Discovery: System Language Discovery
PID:5452 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1113⤵PID:5472
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1114⤵PID:5488
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1115⤵PID:5504
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1116⤵PID:5520
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1117⤵PID:5532
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1118⤵
- System Location Discovery: System Language Discovery
PID:5552 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1119⤵PID:5568
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1120⤵PID:5584
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1121⤵PID:5600
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CoreAVC.dll,#1122⤵PID:5620
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-