8dddd81ab951446e4a4b471461d420e12ab9c29edff1f2a757084882587069a8

General

Target

960-57-0x0000000000340000-0x0000000000362000-memory.dll
Size

136KB
MD5

2cc04b6fb9cf01114abba4ceaaf1b85f
SHA1

3cecaa902a1e13c5cf58c269c1495f0a44d540fe
SHA256

8dddd81ab951446e4a4b471461d420e12ab9c29edff1f2a757084882587069a8
SHA512

f3373fb01591daab42b9866b306a69f6d6526c38c76f6a082ef0b33f35b9c5423fa9b130ca9b7e20079fd576d464d3e32e309018b1d04e751a8fcb7ad13bd014

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

dwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

dwm.exe

description	pid	process
Token: SeCreateGlobalPrivilege	15944	dwm.exe
Token: SeChangeNotifyPrivilege	15944	dwm.exe
Token: 33	15944	dwm.exe
Token: SeIncBasePriorityPrivilege	15944	dwm.exe
Token: SeShutdownPrivilege	15944	dwm.exe
Token: SeCreatePagefilePrivilege	15944	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

rundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exe

description	pid	process	target process
PID 4660 wrote to memory of 3092	4660	rundll32.exe	rundll32.exe
PID 4660 wrote to memory of 3092	4660	rundll32.exe	rundll32.exe
PID 4660 wrote to memory of 3092	4660	rundll32.exe	rundll32.exe
PID 3092 wrote to memory of 2736	3092	rundll32.exe	rundll32.exe
PID 3092 wrote to memory of 2736	3092	rundll32.exe	rundll32.exe
PID 3092 wrote to memory of 2736	3092	rundll32.exe	rundll32.exe
PID 2736 wrote to memory of 4168	2736	rundll32.exe	rundll32.exe
PID 2736 wrote to memory of 4168	2736	rundll32.exe	rundll32.exe
PID 2736 wrote to memory of 4168	2736	rundll32.exe	rundll32.exe
PID 4168 wrote to memory of 5096	4168	rundll32.exe	rundll32.exe
PID 4168 wrote to memory of 5096	4168	rundll32.exe	rundll32.exe
PID 4168 wrote to memory of 5096	4168	rundll32.exe	rundll32.exe
PID 5096 wrote to memory of 4512	5096	rundll32.exe	rundll32.exe
PID 5096 wrote to memory of 4512	5096	rundll32.exe	rundll32.exe
PID 5096 wrote to memory of 4512	5096	rundll32.exe	rundll32.exe
PID 4512 wrote to memory of 4848	4512	rundll32.exe	rundll32.exe
PID 4512 wrote to memory of 4848	4512	rundll32.exe	rundll32.exe
PID 4512 wrote to memory of 4848	4512	rundll32.exe	rundll32.exe
PID 4848 wrote to memory of 4868	4848	rundll32.exe	rundll32.exe
PID 4848 wrote to memory of 4868	4848	rundll32.exe	rundll32.exe
PID 4848 wrote to memory of 4868	4848	rundll32.exe	rundll32.exe
PID 4868 wrote to memory of 1188	4868	rundll32.exe	rundll32.exe
PID 4868 wrote to memory of 1188	4868	rundll32.exe	rundll32.exe
PID 4868 wrote to memory of 1188	4868	rundll32.exe	rundll32.exe
PID 1188 wrote to memory of 1468	1188	rundll32.exe	rundll32.exe
PID 1188 wrote to memory of 1468	1188	rundll32.exe	rundll32.exe
PID 1188 wrote to memory of 1468	1188	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1720	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1720	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1720	1468	rundll32.exe	rundll32.exe
PID 1720 wrote to memory of 2384	1720	rundll32.exe	rundll32.exe
PID 1720 wrote to memory of 2384	1720	rundll32.exe	rundll32.exe
PID 1720 wrote to memory of 2384	1720	rundll32.exe	rundll32.exe
PID 2384 wrote to memory of 2932	2384	rundll32.exe	rundll32.exe
PID 2384 wrote to memory of 2932	2384	rundll32.exe	rundll32.exe
PID 2384 wrote to memory of 2932	2384	rundll32.exe	rundll32.exe
PID 2932 wrote to memory of 4720	2932	rundll32.exe	rundll32.exe
PID 2932 wrote to memory of 4720	2932	rundll32.exe	rundll32.exe
PID 2932 wrote to memory of 4720	2932	rundll32.exe	rundll32.exe
PID 4720 wrote to memory of 4716	4720	rundll32.exe	rundll32.exe
PID 4720 wrote to memory of 4716	4720	rundll32.exe	rundll32.exe
PID 4720 wrote to memory of 4716	4720	rundll32.exe	rundll32.exe
PID 4716 wrote to memory of 3408	4716	rundll32.exe	rundll32.exe
PID 4716 wrote to memory of 3408	4716	rundll32.exe	rundll32.exe
PID 4716 wrote to memory of 3408	4716	rundll32.exe	rundll32.exe
PID 3408 wrote to memory of 4060	3408	rundll32.exe	rundll32.exe
PID 3408 wrote to memory of 4060	3408	rundll32.exe	rundll32.exe
PID 3408 wrote to memory of 4060	3408	rundll32.exe	rundll32.exe
PID 4060 wrote to memory of 1716	4060	rundll32.exe	rundll32.exe
PID 4060 wrote to memory of 1716	4060	rundll32.exe	rundll32.exe
PID 4060 wrote to memory of 1716	4060	rundll32.exe	rundll32.exe
PID 1716 wrote to memory of 4088	1716	rundll32.exe	rundll32.exe
PID 1716 wrote to memory of 4088	1716	rundll32.exe	rundll32.exe
PID 1716 wrote to memory of 4088	1716	rundll32.exe	rundll32.exe
PID 4088 wrote to memory of 4740	4088	rundll32.exe	rundll32.exe
PID 4088 wrote to memory of 4740	4088	rundll32.exe	rundll32.exe
PID 4088 wrote to memory of 4740	4088	rundll32.exe	rundll32.exe
PID 4740 wrote to memory of 1456	4740	rundll32.exe	rundll32.exe
PID 4740 wrote to memory of 1456	4740	rundll32.exe	rundll32.exe
PID 4740 wrote to memory of 1456	4740	rundll32.exe	rundll32.exe
PID 1456 wrote to memory of 1436	1456	rundll32.exe	rundll32.exe
PID 1456 wrote to memory of 1436	1456	rundll32.exe	rundll32.exe
PID 1456 wrote to memory of 1436	1456	rundll32.exe	rundll32.exe
PID 1436 wrote to memory of 4704	1436	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4660

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:3092

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
3⤵
- Suspicious use of WriteProcessMemory
PID:2736

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
4⤵
- Suspicious use of WriteProcessMemory
PID:4168

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
5⤵
- Suspicious use of WriteProcessMemory
PID:5096

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
6⤵
- Suspicious use of WriteProcessMemory
PID:4512

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
7⤵
- Suspicious use of WriteProcessMemory
PID:4848

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
8⤵
- Suspicious use of WriteProcessMemory
PID:4868

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
9⤵
- Suspicious use of WriteProcessMemory
PID:1188

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
10⤵
- Suspicious use of WriteProcessMemory
PID:1468

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
11⤵
- Suspicious use of WriteProcessMemory
PID:1720

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
12⤵
- Suspicious use of WriteProcessMemory
PID:2384

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
13⤵
- Suspicious use of WriteProcessMemory
PID:2932

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
14⤵
- Suspicious use of WriteProcessMemory
PID:4720

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
15⤵
- Suspicious use of WriteProcessMemory
PID:4716

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
16⤵
- Suspicious use of WriteProcessMemory
PID:3408

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
17⤵
- Suspicious use of WriteProcessMemory
PID:4060

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
18⤵
- Suspicious use of WriteProcessMemory
PID:1716

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
19⤵
- Suspicious use of WriteProcessMemory
PID:4088

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
20⤵
- Suspicious use of WriteProcessMemory
PID:4740

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
21⤵
- Suspicious use of WriteProcessMemory
PID:1456

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
22⤵
- Suspicious use of WriteProcessMemory
PID:1436

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
23⤵
PID:4704

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
24⤵
PID:4948

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
25⤵
PID:4892

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
26⤵
PID:4448

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
27⤵
PID:4808

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
28⤵
PID:4584

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
29⤵
PID:2316

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
30⤵
PID:2448

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
31⤵
PID:2820

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
32⤵
PID:1176

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
33⤵
PID:376

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
34⤵
PID:1768

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
35⤵
PID:4004

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
36⤵
PID:32

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
37⤵
PID:1324

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
38⤵
PID:4468

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
39⤵
PID:744

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
40⤵
PID:4840

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
41⤵
PID:1364

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
42⤵
PID:4632

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
43⤵
PID:3800

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
44⤵
PID:1460

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
45⤵
PID:4428

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
46⤵
PID:2544

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
47⤵
PID:4024

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
48⤵
PID:3604

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
49⤵
PID:4348

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
50⤵
PID:4556

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
51⤵
PID:2064

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
52⤵
PID:1132

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
53⤵
PID:2300

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
54⤵
PID:1284

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
55⤵
PID:404

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
56⤵
PID:2500

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
57⤵
PID:3240

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
58⤵
PID:2404

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
59⤵
PID:372

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
60⤵
PID:2992

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
61⤵
PID:3668

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
62⤵
PID:2680

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
63⤵
PID:4492

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
64⤵
PID:3608

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
65⤵
PID:4140

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
66⤵
PID:3192

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
67⤵
PID:4852

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
68⤵
PID:804

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
69⤵
PID:4344

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
70⤵
PID:3896

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
71⤵
PID:2408

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
72⤵
PID:2188

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
73⤵
PID:1952

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
74⤵
PID:3212

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
75⤵
PID:4432

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
76⤵
PID:4528

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
77⤵
PID:4388

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
78⤵
PID:4920

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
79⤵
PID:2136

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
80⤵
PID:888

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
81⤵
PID:3628

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
82⤵
PID:1192

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
83⤵
PID:3876

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
84⤵
PID:1316

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
85⤵
PID:1700

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
86⤵
PID:384

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
87⤵
PID:1972

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
88⤵
PID:1764

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
89⤵
PID:1120

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
90⤵
PID:5000

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
91⤵
PID:4052

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
92⤵
PID:3108

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
93⤵
PID:2288

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
94⤵
PID:4672

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
95⤵
PID:2596

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
96⤵
PID:4668

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
97⤵
PID:1916

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
98⤵
PID:1312

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
99⤵
PID:4968

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
100⤵
PID:2436

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
101⤵
PID:2396

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
102⤵
PID:1932

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
103⤵
PID:1668

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
104⤵
PID:4236

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
105⤵
PID:3556

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
106⤵
PID:4176

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
107⤵
PID:4156

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
108⤵
PID:4220

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
109⤵
PID:4120

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
110⤵
PID:2388

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
111⤵
PID:2224

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
112⤵
PID:3328

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
113⤵
PID:2840

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
114⤵
PID:4364

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
115⤵
PID:4020

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
116⤵
PID:1476

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
117⤵
PID:3284

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
118⤵
PID:4984

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
119⤵
PID:4440

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
120⤵
PID:1580

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
121⤵
PID:4148

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
122⤵
PID:3852

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
123⤵
PID:3352

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
124⤵
PID:5112

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
125⤵
PID:2328

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
126⤵
PID:2352

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
127⤵
PID:4464

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
128⤵
PID:3228

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
129⤵
PID:3684

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
130⤵
PID:1592

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
131⤵
PID:3448

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
132⤵
PID:4124

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
133⤵
PID:1832

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
134⤵
PID:2644

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
135⤵
PID:2164

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
136⤵
PID:3696

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
137⤵
PID:3976

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
138⤵
PID:5128

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
139⤵
PID:5144

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
140⤵
PID:5160

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
141⤵
PID:5176

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
142⤵
PID:5188

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
143⤵
PID:5204

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
144⤵
PID:5216

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
145⤵
PID:5232

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
146⤵
PID:5256

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
147⤵
PID:5272

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
148⤵
PID:5284

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
149⤵
PID:5296

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
150⤵
PID:5312

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
151⤵
PID:5324

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
152⤵
PID:5336

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
153⤵
PID:5348

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
154⤵
PID:5360

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
155⤵
PID:5376

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
156⤵
PID:5388

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
157⤵
PID:5404

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
158⤵
PID:5416

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
159⤵
PID:5432

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
160⤵
PID:5444

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
161⤵
PID:5460

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
162⤵
PID:5476

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
163⤵
PID:5492

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
164⤵
PID:5508

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
165⤵
PID:5520

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
166⤵
PID:5536

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
167⤵
PID:5548

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
168⤵
PID:5560

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
169⤵
PID:5576

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
170⤵
PID:5588

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
171⤵
PID:5604

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
172⤵
PID:5616

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
173⤵
PID:5632

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
174⤵
PID:5644

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
175⤵
PID:5656

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
176⤵
PID:5668

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
177⤵
PID:5684

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
178⤵
PID:5696

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
179⤵
PID:5712

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
180⤵
PID:5724

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
181⤵
PID:5736

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
182⤵
PID:5748

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
183⤵
PID:5764

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
184⤵
PID:5776

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
185⤵
PID:5792

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
186⤵
PID:5804

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
187⤵
PID:5816

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
188⤵
PID:5832

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
189⤵
PID:5848

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
190⤵
PID:5864

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
191⤵
PID:5880

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
192⤵
PID:5896

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
193⤵
PID:5908

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
194⤵
PID:5920

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
195⤵
PID:5932

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
196⤵
PID:5948

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
197⤵
PID:5960

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
198⤵
PID:5972

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
199⤵
PID:5984

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
200⤵
PID:6000

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
201⤵
PID:6012

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
202⤵
PID:6024

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
203⤵
PID:6036

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
204⤵
PID:6048

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
205⤵
PID:6060

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
206⤵
PID:6076

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
207⤵
PID:6096

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
208⤵
PID:6112

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
209⤵
PID:6124

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
210⤵
PID:6136

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
211⤵
PID:5244

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
212⤵
PID:6156

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
213⤵
PID:6168

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
214⤵
PID:6184

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
215⤵
PID:6200

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
216⤵
PID:6212

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
217⤵
PID:6224

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
218⤵
PID:6240

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
219⤵
PID:6252

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
220⤵
PID:6268

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
221⤵
PID:6284

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
222⤵
PID:6316

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
223⤵
PID:6356

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
224⤵
PID:6372

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
225⤵
PID:6384

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
226⤵
PID:6396

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
227⤵
PID:6408

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
228⤵
PID:6424

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
229⤵
PID:6436

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
230⤵
PID:6452

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
231⤵
PID:6468

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
232⤵
PID:6484

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
233⤵
PID:6504

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
234⤵
PID:6516

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
235⤵
PID:6528

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
236⤵
PID:6544

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
237⤵
PID:6556

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
238⤵
PID:6572

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
239⤵
PID:6584

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
240⤵
PID:6596

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
241⤵
PID:6612

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
242⤵
PID:6628

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
243⤵
PID:6640

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
244⤵
PID:6656

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
245⤵
PID:6668

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
246⤵
PID:6680

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
247⤵
PID:6692

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
248⤵
PID:6704

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
249⤵
PID:6716

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
250⤵
PID:6728

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
251⤵
PID:6744

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
252⤵
PID:6772

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
253⤵
PID:6788

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
254⤵
PID:6804

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
255⤵
PID:6820

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
256⤵
PID:6836

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
257⤵
PID:6848

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
258⤵
PID:6860

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
259⤵
PID:6880

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
260⤵
PID:6904

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
261⤵
PID:6924

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
262⤵
PID:6940

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
263⤵
PID:6952

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
264⤵
PID:6968

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
265⤵
PID:6980

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
266⤵
PID:6996

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
267⤵
PID:7008

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
268⤵
PID:7020

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
269⤵
PID:7040

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
270⤵
PID:7068

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
271⤵
PID:7092

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
272⤵
PID:7124

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
273⤵
PID:7140

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
274⤵
PID:7152

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
275⤵
PID:7164

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
276⤵
PID:7184

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
277⤵
PID:7200

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
278⤵
PID:7236

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
279⤵
PID:7256

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
280⤵
PID:7272

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
281⤵
PID:7284

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
282⤵
PID:7304

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
283⤵
PID:7316

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
284⤵
PID:7332

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
285⤵
PID:7348

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
286⤵
PID:7372

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
287⤵
PID:7384

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
288⤵
PID:7400

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
289⤵
PID:7416

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
290⤵
PID:7432

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
291⤵
PID:7448

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
292⤵
PID:7476

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
293⤵
PID:7492

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
294⤵
PID:7504

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
295⤵
PID:7520

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
296⤵
PID:7532

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
297⤵
PID:7548

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
298⤵
PID:7568

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
299⤵
PID:7580

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
300⤵
PID:7596

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
301⤵
PID:7612

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
302⤵
PID:7624

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
303⤵
PID:7640

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
304⤵
PID:7652

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
305⤵
PID:7672

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
306⤵
PID:7700

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
307⤵
PID:7716

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
308⤵
PID:7728

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
309⤵
PID:7748

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
310⤵
PID:7760

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
311⤵
PID:7772

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
312⤵
PID:7784

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
313⤵
PID:7796

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
314⤵
PID:7808

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
315⤵
PID:7820

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
316⤵
PID:7836

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
317⤵
PID:7848

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
318⤵
PID:7864

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
319⤵
PID:7876

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
320⤵
PID:7892

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
321⤵
PID:7904

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
322⤵
PID:7916

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
323⤵
PID:7928

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
324⤵
PID:7940

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
325⤵
PID:7952

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
326⤵
PID:7968

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
327⤵
PID:7984

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
328⤵
PID:7996

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
329⤵
PID:8008

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
330⤵
PID:8024

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
331⤵
PID:8040

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
332⤵
PID:8056

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
333⤵
PID:8068

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
334⤵
PID:8080

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
335⤵
PID:8096

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
336⤵
PID:8108

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
337⤵
PID:8120

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
338⤵
PID:8132

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
339⤵
PID:8144

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
340⤵
PID:8156

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
341⤵
PID:8168

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
342⤵
PID:8180

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
343⤵
PID:1648

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
344⤵
PID:1332

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
345⤵
PID:8204

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
346⤵
PID:8220

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
347⤵
PID:8232

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
348⤵
PID:8248

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
349⤵
PID:8260

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
350⤵
PID:8272

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
351⤵
PID:8284

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
352⤵
PID:8296

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
353⤵
PID:8312

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
354⤵
PID:8328

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
355⤵
PID:8340

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
356⤵
PID:8356

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
357⤵
PID:8368

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
358⤵
PID:8384

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
359⤵
PID:8400

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
360⤵
PID:8424

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
361⤵
PID:8444

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
362⤵
PID:8456

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
363⤵
PID:8468

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
364⤵
PID:8488

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
365⤵
PID:8500

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
366⤵
PID:8512

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
367⤵
PID:8524

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
368⤵
PID:8536

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
369⤵
PID:8548

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
370⤵
PID:8560

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
371⤵
PID:8576

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
372⤵
PID:8592

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
373⤵
PID:8604

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
374⤵
PID:8620

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
375⤵
PID:8632

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
376⤵
PID:8644

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
377⤵
PID:8656

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
378⤵
PID:8672

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
379⤵
PID:8684

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
380⤵
PID:8700

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
381⤵
PID:8716

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
382⤵
PID:8728

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
383⤵
PID:8740

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
384⤵
PID:8752

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
385⤵
PID:8784

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
386⤵
PID:8800

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
387⤵
PID:8816

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
388⤵
PID:8828

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
389⤵
PID:8840

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
390⤵
PID:8852

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
391⤵
PID:8864

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
392⤵
PID:8876

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
393⤵
PID:8888

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
394⤵
PID:8900

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
395⤵
PID:8912

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
396⤵
PID:8924

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
397⤵
PID:8940

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
398⤵
PID:8952

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
399⤵
PID:8968

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
400⤵
PID:8980

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
401⤵
PID:8992

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
402⤵
PID:9004

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
403⤵
PID:9016

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
404⤵
PID:9032

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
405⤵
PID:9044

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
406⤵
PID:9056

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
407⤵
PID:9068

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
408⤵
PID:9080

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
409⤵
PID:9096

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
410⤵
PID:9108

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
411⤵
PID:9124

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
412⤵
PID:9136

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
413⤵
PID:9148

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
414⤵
PID:9160

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
415⤵
PID:9176

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
416⤵
PID:9192

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
417⤵
PID:9208

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
418⤵
PID:9224

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
419⤵
PID:9240

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
420⤵
PID:9256

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
421⤵
PID:9268

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
422⤵
PID:9284

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
423⤵
PID:9296

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
424⤵
PID:9308

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
425⤵
PID:9324

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
426⤵
PID:9340

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
427⤵
PID:9352

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
428⤵
PID:9368

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
429⤵
PID:9380

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
430⤵
PID:9396

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
431⤵
PID:9408

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
432⤵
PID:9420

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
433⤵
PID:9436

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
434⤵
PID:9448

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
435⤵
PID:9464

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
436⤵
PID:9476

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
437⤵
PID:9488

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
438⤵
PID:9500

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
439⤵
PID:9512

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
440⤵
PID:9524

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
441⤵
PID:9536

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
442⤵
PID:9552

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
443⤵
PID:9564

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
444⤵
PID:9580

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
445⤵
PID:9592

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
446⤵
PID:9604

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
447⤵
PID:9616

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
448⤵
PID:9632

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
449⤵
PID:9644

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
450⤵
PID:9656

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
451⤵
PID:9668

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
452⤵
PID:9684

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
453⤵
PID:9696

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
454⤵
PID:9712

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
455⤵
PID:9724

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
456⤵
PID:9736

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
457⤵
PID:9752

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
458⤵
PID:9776

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
459⤵
PID:9804

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
460⤵
PID:9820

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
461⤵
PID:9840

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
462⤵
PID:9856

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
463⤵
PID:9884

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
464⤵
PID:9904

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
465⤵
PID:9928

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
466⤵
PID:9952

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
467⤵
PID:9972

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
468⤵
PID:9996

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
469⤵
PID:10012

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
470⤵
PID:10028

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
471⤵
PID:10044

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
472⤵
PID:10084

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
473⤵
PID:10100

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
474⤵
PID:10116

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
475⤵
PID:10132

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
476⤵
PID:10148

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
477⤵
PID:10172

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
478⤵
PID:10184

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
479⤵
PID:10200

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
480⤵
PID:10228

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
481⤵
PID:3908

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
482⤵
PID:10256

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
483⤵
PID:10272

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
484⤵
PID:10288

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
485⤵
PID:10308

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
486⤵
PID:10336

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
487⤵
PID:10348

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
488⤵
PID:10364

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
489⤵
PID:10380

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
490⤵
PID:10392

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
491⤵
PID:10404

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
492⤵
PID:10416

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
493⤵
PID:10432

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
494⤵
PID:10444

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
495⤵
PID:10456

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
496⤵
PID:10468

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
497⤵
PID:10480

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
498⤵
PID:10492

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
499⤵
PID:10512

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
500⤵
PID:10524

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
501⤵
PID:10536

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
502⤵
PID:10552

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
503⤵
PID:10564

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
504⤵
PID:10580

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
505⤵
PID:10592

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
506⤵
PID:10612

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
507⤵
PID:10624

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
508⤵
PID:10636

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
509⤵
PID:10652

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
510⤵
PID:10664

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
511⤵
PID:10680

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
512⤵
PID:10692

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
513⤵
PID:10708

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
514⤵
PID:10720

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
515⤵
PID:10732

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
516⤵
PID:10744

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
517⤵
PID:10756

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
518⤵
PID:10772

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
519⤵
PID:10788

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
520⤵
PID:10800

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
521⤵
PID:10812

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
522⤵
PID:10824

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
523⤵
PID:10836

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
524⤵
PID:10848

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
525⤵
PID:10864

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
526⤵
PID:10876

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
527⤵
PID:10888

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
528⤵
PID:10904

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
529⤵
PID:10920

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
530⤵
PID:10932

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
531⤵
PID:10944

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
532⤵
PID:10960

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
533⤵
PID:10972

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
534⤵
PID:10984

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
535⤵
PID:11008

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
536⤵
PID:11024

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
537⤵
PID:11040

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
538⤵
PID:11056

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
539⤵
PID:11068

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
540⤵
PID:11084

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
541⤵
PID:11100

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
542⤵
PID:11116

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
543⤵
PID:11128

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
544⤵
PID:11144

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
545⤵
PID:11160

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
546⤵
PID:11176

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
547⤵
PID:11192

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
548⤵
PID:11204

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
549⤵
PID:11224

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
550⤵
PID:11236

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
551⤵
PID:11252

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
552⤵
PID:11268

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
553⤵
PID:11288

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
554⤵
PID:11304

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
555⤵
PID:11320

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
556⤵
PID:11332

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
557⤵
PID:11344

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
558⤵
PID:11360

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
559⤵
PID:11372

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
560⤵
PID:11384

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
561⤵
PID:11396

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
562⤵
PID:11408

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
563⤵
PID:11420

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
564⤵
PID:11432

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
565⤵
PID:11448

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
566⤵
PID:11464

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
567⤵
PID:11484

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
568⤵
PID:11500

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
569⤵
PID:11516

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
570⤵
PID:11528

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
571⤵
PID:11548

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
572⤵
PID:11560

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
573⤵
PID:11572

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
574⤵
PID:11588

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
575⤵
PID:11600

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
576⤵
PID:11612

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
577⤵
PID:11624

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
578⤵
PID:11640

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
579⤵
PID:11656

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
580⤵
PID:11672

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
581⤵
PID:11696

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
582⤵
PID:11708

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
583⤵
PID:11720

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
584⤵
PID:11732

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
585⤵
PID:11744

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
586⤵
PID:11760

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
587⤵
PID:11772

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
588⤵
PID:11788

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
589⤵
PID:11800

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
590⤵
PID:11812

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
591⤵
PID:11824

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
592⤵
PID:11836

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
593⤵
PID:11848

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
594⤵
PID:11860

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
595⤵
PID:11876

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
596⤵
PID:11892

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
597⤵
PID:11908

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
598⤵
PID:11924

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
599⤵
PID:11940

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
600⤵
PID:11956

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
601⤵
PID:11972

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
602⤵
PID:11984

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
603⤵
PID:12008

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
604⤵
PID:12020

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
605⤵
PID:12048

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
606⤵
PID:12060

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
607⤵
PID:12072

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
608⤵
PID:12084

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
609⤵
PID:12096

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
610⤵
PID:12108

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
611⤵
PID:12120

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
612⤵
PID:12132

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
613⤵
PID:12144

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
614⤵
PID:12156

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
615⤵
PID:12168

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
616⤵
PID:12180

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
617⤵
PID:12192

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
618⤵
PID:12208

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
619⤵
PID:12220

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
620⤵
PID:12232

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
621⤵
PID:12244

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
622⤵
PID:12260

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
623⤵
PID:12272

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
624⤵
PID:12284

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
625⤵
PID:6332

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
626⤵
PID:6752

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
627⤵
PID:6756

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
628⤵
PID:6328

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
629⤵
PID:6304

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
630⤵
PID:1936

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
631⤵
PID:12296

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
632⤵
PID:12312

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
633⤵
PID:12324

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
634⤵
PID:12340

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
635⤵
PID:12352

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
636⤵
PID:12368

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
637⤵
PID:12380

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
638⤵
PID:12396

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
639⤵
PID:12408

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
640⤵
PID:12424

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
641⤵
PID:12436

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
642⤵
PID:12448

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
643⤵
PID:12460

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
644⤵
PID:12476

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
645⤵
PID:12488

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
646⤵
PID:12504

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
647⤵
PID:12516

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
648⤵
PID:12528

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
649⤵
PID:12544

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
650⤵
PID:12556

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
651⤵
PID:12572

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
652⤵
PID:12584

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
653⤵
PID:12600

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
654⤵
PID:12612

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
655⤵
PID:12624

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
656⤵
PID:12636

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
657⤵
PID:12648

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
658⤵
PID:12660

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
659⤵
PID:12676

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
660⤵
PID:12692

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
661⤵
PID:12708

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
662⤵
PID:12724

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
663⤵
PID:12740

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
664⤵
PID:12752

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
665⤵
PID:12764

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
666⤵
PID:12776

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
667⤵
PID:12788

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
668⤵
PID:12800

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
669⤵
PID:12812

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
670⤵
PID:12824

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
671⤵
PID:12840

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
672⤵
PID:12852

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
673⤵
PID:12864

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
674⤵
PID:12876

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
675⤵
PID:12888

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
676⤵
PID:12900

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
677⤵
PID:12912

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
678⤵
PID:12924

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
679⤵
PID:12936

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
680⤵
PID:12952

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
681⤵
PID:12964

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
682⤵
PID:12976

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
683⤵
PID:12992

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
684⤵
PID:13004

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
685⤵
PID:13020

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
686⤵
PID:13032

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
687⤵
PID:13044

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
688⤵
PID:13060

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
689⤵
PID:13076

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
690⤵
PID:13088

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
691⤵
PID:13100

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
692⤵
PID:13116

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
693⤵
PID:13128

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
694⤵
PID:13144

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
695⤵
PID:13160

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
696⤵
PID:13172

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
697⤵
PID:13184

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
698⤵
PID:13196

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
699⤵
PID:13212

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
700⤵
PID:13224

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
701⤵
PID:13236

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
702⤵
PID:13248

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
703⤵
PID:13260

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
704⤵
PID:13276

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
705⤵
PID:13288

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
706⤵
PID:13300

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
707⤵
PID:7224

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
708⤵
PID:13320

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
709⤵
PID:13332

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
710⤵
PID:13348

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
711⤵
PID:13372

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
712⤵
PID:13388

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
713⤵
PID:13404

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
714⤵
PID:13416

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
715⤵
PID:13432

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
716⤵
PID:13444

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
717⤵
PID:13456

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
718⤵
PID:13468

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
719⤵
PID:13484

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
720⤵
PID:13496

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
721⤵
PID:13512

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
722⤵
PID:13524

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
723⤵
PID:13536

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
724⤵
PID:13548

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
725⤵
PID:13560

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
726⤵
PID:13576

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
727⤵
PID:13588

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
728⤵
PID:13600

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
729⤵
PID:13612

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
730⤵
PID:13624

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
731⤵
PID:13636

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
732⤵
PID:13652

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
733⤵
PID:13664

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
734⤵
PID:13680

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
735⤵
PID:13692

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
736⤵
PID:13708

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
737⤵
PID:13724

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
738⤵
PID:13736

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
739⤵
PID:13748

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
740⤵
PID:13760

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
741⤵
PID:13772

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
742⤵
PID:13784

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
743⤵
PID:13796

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
744⤵
PID:13808

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
745⤵
PID:13820

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
746⤵
PID:13832

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
747⤵
PID:13844

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
748⤵
PID:13856

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
749⤵
PID:13872

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
750⤵
PID:13888

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
751⤵
PID:13904

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
752⤵
PID:13916

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
753⤵
PID:13928

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
754⤵
PID:13940

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
755⤵
PID:13956

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
756⤵
PID:13968

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
757⤵
PID:13984

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
758⤵
PID:13996

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
759⤵
PID:14012

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
760⤵
PID:14024

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
761⤵
PID:14040

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
762⤵
PID:14052

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
763⤵
PID:14068

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
764⤵
PID:14080

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
765⤵
PID:14092

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
766⤵
PID:14108

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
767⤵
PID:14120

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
768⤵
PID:14132

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
769⤵
PID:14144

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
770⤵
PID:14156

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
771⤵
PID:14168

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
772⤵
PID:14180

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
773⤵
PID:14192

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
774⤵
PID:14204

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
775⤵
PID:14216

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
776⤵
PID:14228

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
777⤵
PID:14240

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
778⤵
PID:14252

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
779⤵
PID:14264

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
780⤵
PID:14276

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
781⤵
PID:14292

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
782⤵
PID:14304

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
783⤵
PID:14316

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
784⤵
PID:14332

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
785⤵
PID:14360

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
786⤵
PID:14392

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
787⤵
PID:14408

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
788⤵
PID:14424

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
789⤵
PID:14436

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
790⤵
PID:14456

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
791⤵
PID:14488

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
792⤵
PID:14504

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
793⤵
PID:14520

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
794⤵
PID:14536

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
795⤵
PID:14548

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
796⤵
PID:14560

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
797⤵
PID:14572

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
798⤵
PID:14584

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
799⤵
PID:14596

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
800⤵
PID:14608

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
801⤵
PID:14620

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
802⤵
PID:14632

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
803⤵
PID:14644

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
804⤵
PID:14656

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
805⤵
PID:14668

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
806⤵
PID:14680

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
807⤵
PID:14692

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
808⤵
PID:14712

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
809⤵
PID:14724

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
810⤵
PID:14740

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
811⤵
PID:14752

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
812⤵
PID:14764

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
813⤵
PID:14776

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
814⤵
PID:14792

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
815⤵
PID:14808

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
816⤵
PID:14820

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
817⤵
PID:14832

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
818⤵
PID:14844

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
819⤵
PID:14856

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
820⤵
PID:14868

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
821⤵
PID:14880

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
822⤵
PID:14892

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
823⤵
PID:14904

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
824⤵
PID:14916

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
825⤵
PID:14928

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
826⤵
PID:14940

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
827⤵
PID:14952

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
828⤵
PID:14964

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
829⤵
PID:14980

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
830⤵
PID:14996

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
831⤵
PID:15008

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
832⤵
PID:15024

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
833⤵
PID:15036

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
834⤵
PID:15048

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
835⤵
PID:15060

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
836⤵
PID:15076

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
837⤵
PID:15088

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
838⤵
PID:15100

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
839⤵
PID:15112

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
840⤵
PID:15124

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
841⤵
PID:15140

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
842⤵
PID:15152

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
843⤵
PID:15164

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
844⤵
PID:15176

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
845⤵
PID:15188

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
846⤵
PID:15204

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
847⤵
PID:15216

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
848⤵
PID:15228

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
849⤵
PID:15240

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
850⤵
PID:15256

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
851⤵
PID:15272

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
852⤵
PID:15284

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
853⤵
PID:15300

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
854⤵
PID:15312

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
855⤵
PID:15324

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
856⤵
PID:15336

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
857⤵
PID:15348

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
858⤵
PID:1996

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
859⤵
PID:3532

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
860⤵
PID:3172

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
861⤵
PID:15368

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
862⤵
PID:15380

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
863⤵
PID:15392

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
864⤵
PID:15404

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
865⤵
PID:15416

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
866⤵
PID:15432

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
867⤵
PID:15444

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
868⤵
PID:15460

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
869⤵
PID:15472

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
870⤵
PID:15488

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
871⤵
PID:15500

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
872⤵
PID:15520

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
873⤵
PID:15536

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
874⤵
PID:15552

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
875⤵
PID:15564

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
876⤵
PID:15576

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
877⤵
PID:15588

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
878⤵
PID:15604

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
879⤵
PID:15616

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
880⤵
PID:15628

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
881⤵
PID:15640

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
882⤵
PID:15652

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
883⤵
PID:15668

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
884⤵
PID:15680

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
885⤵
PID:15696

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
886⤵
PID:15708

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
887⤵
PID:15720

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
888⤵
PID:15732

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
889⤵
PID:15744

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
890⤵
PID:15756

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
891⤵
PID:15768

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
892⤵
PID:15784

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
893⤵
PID:15796

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
894⤵
PID:15812

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
895⤵
PID:15824

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
896⤵
PID:15836

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 452 -p 1020 -ip 1020
1⤵
PID:15892

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15944

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/32-164-0x0000000000000000-mapping.dmp

Download
memory/372-187-0x0000000000000000-mapping.dmp

Download
memory/376-161-0x0000000000000000-mapping.dmp

Download
memory/404-183-0x0000000000000000-mapping.dmp

Download
memory/744-167-0x0000000000000000-mapping.dmp

Download
memory/1132-180-0x0000000000000000-mapping.dmp

Download
memory/1176-160-0x0000000000000000-mapping.dmp

Download
memory/1188-137-0x0000000000000000-mapping.dmp

Download
memory/1284-182-0x0000000000000000-mapping.dmp

Download
memory/1324-165-0x0000000000000000-mapping.dmp

Download
memory/1364-169-0x0000000000000000-mapping.dmp

Download
memory/1436-150-0x0000000000000000-mapping.dmp

Download
memory/1456-149-0x0000000000000000-mapping.dmp

Download
memory/1460-172-0x0000000000000000-mapping.dmp

Download
memory/1468-138-0x0000000000000000-mapping.dmp

Download
memory/1716-146-0x0000000000000000-mapping.dmp

Download
memory/1720-139-0x0000000000000000-mapping.dmp

Download
memory/1768-162-0x0000000000000000-mapping.dmp

Download
memory/2064-179-0x0000000000000000-mapping.dmp

Download
memory/2300-181-0x0000000000000000-mapping.dmp

Download
memory/2316-157-0x0000000000000000-mapping.dmp

Download
memory/2384-140-0x0000000000000000-mapping.dmp

Download
memory/2404-186-0x0000000000000000-mapping.dmp

Download
memory/2448-158-0x0000000000000000-mapping.dmp

Download
memory/2500-184-0x0000000000000000-mapping.dmp

Download
memory/2544-174-0x0000000000000000-mapping.dmp

Download
memory/2680-190-0x0000000000000000-mapping.dmp

Download
memory/2736-131-0x0000000000000000-mapping.dmp

Download
memory/2820-159-0x0000000000000000-mapping.dmp

Download
memory/2932-141-0x0000000000000000-mapping.dmp

Download
memory/2992-188-0x0000000000000000-mapping.dmp

Download
memory/3092-130-0x0000000000000000-mapping.dmp

Download
memory/3240-185-0x0000000000000000-mapping.dmp

Download
memory/3408-144-0x0000000000000000-mapping.dmp

Download
memory/3604-176-0x0000000000000000-mapping.dmp

Download
memory/3608-192-0x0000000000000000-mapping.dmp

Download
memory/3668-189-0x0000000000000000-mapping.dmp

Download
memory/3800-171-0x0000000000000000-mapping.dmp

Download
memory/4004-163-0x0000000000000000-mapping.dmp

Download
memory/4024-175-0x0000000000000000-mapping.dmp

Download
memory/4060-145-0x0000000000000000-mapping.dmp

Download
memory/4088-147-0x0000000000000000-mapping.dmp

Download
memory/4140-193-0x0000000000000000-mapping.dmp

Download
memory/4168-132-0x0000000000000000-mapping.dmp

Download
memory/4348-177-0x0000000000000000-mapping.dmp

Download
memory/4428-173-0x0000000000000000-mapping.dmp

Download
memory/4448-154-0x0000000000000000-mapping.dmp

Download
memory/4468-166-0x0000000000000000-mapping.dmp

Download
memory/4492-191-0x0000000000000000-mapping.dmp

Download
memory/4512-134-0x0000000000000000-mapping.dmp

Download
memory/4556-178-0x0000000000000000-mapping.dmp

Download
memory/4584-156-0x0000000000000000-mapping.dmp

Download
memory/4632-170-0x0000000000000000-mapping.dmp

Download
memory/4704-151-0x0000000000000000-mapping.dmp

Download
memory/4716-143-0x0000000000000000-mapping.dmp

Download
memory/4720-142-0x0000000000000000-mapping.dmp

Download
memory/4740-148-0x0000000000000000-mapping.dmp

Download
memory/4808-155-0x0000000000000000-mapping.dmp

Download
memory/4840-168-0x0000000000000000-mapping.dmp

Download
memory/4848-135-0x0000000000000000-mapping.dmp

Download
memory/4868-136-0x0000000000000000-mapping.dmp

Download
memory/4892-153-0x0000000000000000-mapping.dmp

Download
memory/4948-152-0x0000000000000000-mapping.dmp

Download
memory/5096-133-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads