Analysis
-
max time kernel
91s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2022, 22:39
Behavioral task
behavioral1
Sample
1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll
Resource
win10v2004-20221111-en
1 signatures
150 seconds
General
-
Target
1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll
-
Size
136KB
-
MD5
f25831342c0c6315ca6c3783d335e534
-
SHA1
45808e3bcd461a892a27969ced21222ddc7a91f7
-
SHA256
4a8942c9c84db3d1fb654fd15a34876297e616df272c093aa3c1f896825f95a4
-
SHA512
59eeba8b8c567bdaf3cdc855391773ec9be00fb7ab97c5b183f962507e9d07a02cfbeaa94a61e2c5d9f327a9f95e23259ce9e20642c17af36bc652de80881f5c
-
SSDEEP
3072:HfryJRYSh3e3msZAmJZt1olTBfZ3euAw:DyJBh3e3tymJn1olTBxOuA
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4336 wrote to memory of 4316 4336 rundll32.exe 80 PID 4336 wrote to memory of 4316 4336 rundll32.exe 80 PID 4336 wrote to memory of 4316 4336 rundll32.exe 80 PID 4316 wrote to memory of 3592 4316 rundll32.exe 81 PID 4316 wrote to memory of 3592 4316 rundll32.exe 81 PID 4316 wrote to memory of 3592 4316 rundll32.exe 81 PID 3592 wrote to memory of 4588 3592 rundll32.exe 82 PID 3592 wrote to memory of 4588 3592 rundll32.exe 82 PID 3592 wrote to memory of 4588 3592 rundll32.exe 82 PID 4588 wrote to memory of 4300 4588 rundll32.exe 83 PID 4588 wrote to memory of 4300 4588 rundll32.exe 83 PID 4588 wrote to memory of 4300 4588 rundll32.exe 83 PID 4300 wrote to memory of 2700 4300 rundll32.exe 84 PID 4300 wrote to memory of 2700 4300 rundll32.exe 84 PID 4300 wrote to memory of 2700 4300 rundll32.exe 84 PID 2700 wrote to memory of 5024 2700 rundll32.exe 85 PID 2700 wrote to memory of 5024 2700 rundll32.exe 85 PID 2700 wrote to memory of 5024 2700 rundll32.exe 85 PID 5024 wrote to memory of 2008 5024 rundll32.exe 86 PID 5024 wrote to memory of 2008 5024 rundll32.exe 86 PID 5024 wrote to memory of 2008 5024 rundll32.exe 86 PID 2008 wrote to memory of 4420 2008 rundll32.exe 87 PID 2008 wrote to memory of 4420 2008 rundll32.exe 87 PID 2008 wrote to memory of 4420 2008 rundll32.exe 87 PID 4420 wrote to memory of 5036 4420 rundll32.exe 88 PID 4420 wrote to memory of 5036 4420 rundll32.exe 88 PID 4420 wrote to memory of 5036 4420 rundll32.exe 88 PID 5036 wrote to memory of 4872 5036 rundll32.exe 89 PID 5036 wrote to memory of 4872 5036 rundll32.exe 89 PID 5036 wrote to memory of 4872 5036 rundll32.exe 89 PID 4872 wrote to memory of 980 4872 rundll32.exe 91 PID 4872 wrote to memory of 980 4872 rundll32.exe 91 PID 4872 wrote to memory of 980 4872 rundll32.exe 91 PID 980 wrote to memory of 2076 980 rundll32.exe 90 PID 980 wrote to memory of 2076 980 rundll32.exe 90 PID 980 wrote to memory of 2076 980 rundll32.exe 90 PID 2076 wrote to memory of 3328 2076 rundll32.exe 92 PID 2076 wrote to memory of 3328 2076 rundll32.exe 92 PID 2076 wrote to memory of 3328 2076 rundll32.exe 92 PID 3328 wrote to memory of 2528 3328 rundll32.exe 93 PID 3328 wrote to memory of 2528 3328 rundll32.exe 93 PID 3328 wrote to memory of 2528 3328 rundll32.exe 93 PID 2528 wrote to memory of 1360 2528 rundll32.exe 94 PID 2528 wrote to memory of 1360 2528 rundll32.exe 94 PID 2528 wrote to memory of 1360 2528 rundll32.exe 94 PID 1360 wrote to memory of 3004 1360 rundll32.exe 95 PID 1360 wrote to memory of 3004 1360 rundll32.exe 95 PID 1360 wrote to memory of 3004 1360 rundll32.exe 95 PID 3004 wrote to memory of 952 3004 rundll32.exe 96 PID 3004 wrote to memory of 952 3004 rundll32.exe 96 PID 3004 wrote to memory of 952 3004 rundll32.exe 96 PID 952 wrote to memory of 1512 952 rundll32.exe 97 PID 952 wrote to memory of 1512 952 rundll32.exe 97 PID 952 wrote to memory of 1512 952 rundll32.exe 97 PID 1512 wrote to memory of 4112 1512 rundll32.exe 98 PID 1512 wrote to memory of 4112 1512 rundll32.exe 98 PID 1512 wrote to memory of 4112 1512 rundll32.exe 98 PID 4112 wrote to memory of 1644 4112 rundll32.exe 99 PID 4112 wrote to memory of 1644 4112 rundll32.exe 99 PID 4112 wrote to memory of 1644 4112 rundll32.exe 99 PID 1644 wrote to memory of 1332 1644 rundll32.exe 100 PID 1644 wrote to memory of 1332 1644 rundll32.exe 100 PID 1644 wrote to memory of 1332 1644 rundll32.exe 100 PID 1332 wrote to memory of 3552 1332 rundll32.exe 101
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4336 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:4316 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#13⤵
- Suspicious use of WriteProcessMemory
PID:3592 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#14⤵
- Suspicious use of WriteProcessMemory
PID:4588 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#15⤵
- Suspicious use of WriteProcessMemory
PID:4300 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#16⤵
- Suspicious use of WriteProcessMemory
PID:2700 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#17⤵
- Suspicious use of WriteProcessMemory
PID:5024 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#18⤵
- Suspicious use of WriteProcessMemory
PID:2008 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#19⤵
- Suspicious use of WriteProcessMemory
PID:4420 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#110⤵
- Suspicious use of WriteProcessMemory
PID:5036 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#111⤵
- Suspicious use of WriteProcessMemory
PID:4872 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#112⤵
- Suspicious use of WriteProcessMemory
PID:980
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2076 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:3328 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#13⤵
- Suspicious use of WriteProcessMemory
PID:2528 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#14⤵
- Suspicious use of WriteProcessMemory
PID:1360 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#15⤵
- Suspicious use of WriteProcessMemory
PID:3004 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#16⤵
- Suspicious use of WriteProcessMemory
PID:952 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#17⤵
- Suspicious use of WriteProcessMemory
PID:1512 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#18⤵
- Suspicious use of WriteProcessMemory
PID:4112 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#19⤵
- Suspicious use of WriteProcessMemory
PID:1644 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#110⤵
- Suspicious use of WriteProcessMemory
PID:1332 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#111⤵PID:3552
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#112⤵PID:1972
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#113⤵PID:3276
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#114⤵PID:1792
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#115⤵PID:260
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#116⤵PID:216
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#117⤵PID:2140
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#118⤵PID:3852
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#119⤵PID:3716
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#120⤵PID:3636
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#121⤵PID:3656
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#122⤵PID:4732
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#123⤵PID:1852
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#124⤵PID:2604
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#125⤵PID:744
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#126⤵PID:3728
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#127⤵PID:2288
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#128⤵PID:1988
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#129⤵PID:3824
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#130⤵PID:3572
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#131⤵PID:4152
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#132⤵PID:3308
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#133⤵PID:4280
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#134⤵PID:3020
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#135⤵PID:1408
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#136⤵PID:4936
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#137⤵PID:832
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#138⤵PID:1348
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#139⤵PID:3100
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#140⤵PID:4836
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#141⤵PID:3632
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#142⤵PID:3148
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#143⤵PID:4968
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#144⤵PID:3912
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#145⤵PID:4108
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#146⤵PID:4356
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#147⤵PID:2780
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#148⤵PID:2748
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#149⤵PID:4848
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#150⤵PID:3932
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#151⤵PID:3332
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#152⤵PID:4368
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#153⤵PID:2328
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#154⤵PID:764
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#155⤵PID:4864
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#156⤵PID:1840
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#157⤵PID:2772
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#158⤵PID:2056
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#159⤵PID:4988
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#160⤵PID:3864
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#161⤵PID:2792
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#162⤵PID:4512
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#163⤵PID:3468
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#164⤵PID:3132
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#165⤵PID:1516
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#166⤵PID:2860
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#167⤵PID:1848
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#168⤵PID:5032
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#169⤵PID:4584
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#170⤵PID:3240
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#171⤵PID:4708
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#172⤵PID:4580
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#173⤵PID:1380
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#174⤵PID:1760
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#175⤵PID:2184
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#176⤵PID:512
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#177⤵PID:4064
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#178⤵PID:2504
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#179⤵PID:1900
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#180⤵PID:4592
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#181⤵PID:4676
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#182⤵PID:3488
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#183⤵PID:3344
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#184⤵PID:668
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#185⤵PID:1472
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#186⤵PID:3736
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#187⤵PID:4752
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#188⤵PID:1656
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#189⤵PID:2564
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#190⤵PID:3724
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#191⤵PID:3756
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#192⤵PID:2672
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#193⤵PID:3248
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#194⤵PID:4328
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#195⤵PID:2652
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#196⤵PID:932
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#197⤵PID:4888
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#198⤵PID:4292
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#199⤵PID:4604
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1100⤵PID:640
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1101⤵PID:5124
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1102⤵PID:5156
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1103⤵PID:5168
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1104⤵PID:5192
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1105⤵PID:5228
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1106⤵PID:5244
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1107⤵PID:5284
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1108⤵PID:5304
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1109⤵PID:5316
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1110⤵PID:5340
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1111⤵PID:5356
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1112⤵PID:5392
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1113⤵PID:5416
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1114⤵PID:5436
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1115⤵PID:5460
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1116⤵PID:5476
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1117⤵PID:5492
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1118⤵PID:5512
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1119⤵PID:5528
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1120⤵PID:5556
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1121⤵PID:5576
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#1122⤵PID:5592
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-