Analysis
-
max time kernel
91s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2022, 22:51
Behavioral task
behavioral1
Sample
2004-57-0x0000000000200000-0x0000000000222000-memory.dll
Resource
win7-20221111-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2004-57-0x0000000000200000-0x0000000000222000-memory.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
2004-57-0x0000000000200000-0x0000000000222000-memory.dll
-
Size
136KB
-
MD5
1fc83be14728d5cd9d3d72de51687431
-
SHA1
bf6a1c7adcbd248b019bc3acc2583f27c7641097
-
SHA256
b786fd14eef7652bfad84e94197262849178ca1d5671d4b27e378b536d047830
-
SHA512
7d6ba546edf4d6c75287c3e1528de960fccc1a2f4a315a1fb96dd6ddfb492fa1f3beb566bb98d811bebb993bf5f29677950d2fffb147e8882f2c694cf2af7d6e
-
SSDEEP
1536:YhO31RQaZMAC5CZ2qClG0gOhAARMBAzHwJleg6IiIODdnToIfJB0egrzkJ:IO2K2qSG0zhAekAEJkgzAhTBfJqeZJ
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1984 wrote to memory of 3516 1984 rundll32.exe 80 PID 1984 wrote to memory of 3516 1984 rundll32.exe 80 PID 1984 wrote to memory of 3516 1984 rundll32.exe 80 PID 3516 wrote to memory of 3300 3516 rundll32.exe 81 PID 3516 wrote to memory of 3300 3516 rundll32.exe 81 PID 3516 wrote to memory of 3300 3516 rundll32.exe 81 PID 3300 wrote to memory of 544 3300 rundll32.exe 82 PID 3300 wrote to memory of 544 3300 rundll32.exe 82 PID 3300 wrote to memory of 544 3300 rundll32.exe 82 PID 544 wrote to memory of 60 544 rundll32.exe 83 PID 544 wrote to memory of 60 544 rundll32.exe 83 PID 544 wrote to memory of 60 544 rundll32.exe 83 PID 60 wrote to memory of 2784 60 rundll32.exe 84 PID 60 wrote to memory of 2784 60 rundll32.exe 84 PID 60 wrote to memory of 2784 60 rundll32.exe 84 PID 2784 wrote to memory of 4832 2784 rundll32.exe 85 PID 2784 wrote to memory of 4832 2784 rundll32.exe 85 PID 2784 wrote to memory of 4832 2784 rundll32.exe 85 PID 4832 wrote to memory of 4872 4832 rundll32.exe 86 PID 4832 wrote to memory of 4872 4832 rundll32.exe 86 PID 4832 wrote to memory of 4872 4832 rundll32.exe 86 PID 4872 wrote to memory of 4912 4872 rundll32.exe 87 PID 4872 wrote to memory of 4912 4872 rundll32.exe 87 PID 4872 wrote to memory of 4912 4872 rundll32.exe 87 PID 4912 wrote to memory of 4808 4912 rundll32.exe 88 PID 4912 wrote to memory of 4808 4912 rundll32.exe 88 PID 4912 wrote to memory of 4808 4912 rundll32.exe 88 PID 4808 wrote to memory of 3504 4808 rundll32.exe 89 PID 4808 wrote to memory of 3504 4808 rundll32.exe 89 PID 4808 wrote to memory of 3504 4808 rundll32.exe 89 PID 3504 wrote to memory of 3048 3504 rundll32.exe 90 PID 3504 wrote to memory of 3048 3504 rundll32.exe 90 PID 3504 wrote to memory of 3048 3504 rundll32.exe 90 PID 3048 wrote to memory of 2216 3048 rundll32.exe 91 PID 3048 wrote to memory of 2216 3048 rundll32.exe 91 PID 3048 wrote to memory of 2216 3048 rundll32.exe 91 PID 2216 wrote to memory of 2244 2216 rundll32.exe 92 PID 2216 wrote to memory of 2244 2216 rundll32.exe 92 PID 2216 wrote to memory of 2244 2216 rundll32.exe 92 PID 2244 wrote to memory of 2256 2244 rundll32.exe 93 PID 2244 wrote to memory of 2256 2244 rundll32.exe 93 PID 2244 wrote to memory of 2256 2244 rundll32.exe 93 PID 2256 wrote to memory of 3884 2256 rundll32.exe 94 PID 2256 wrote to memory of 3884 2256 rundll32.exe 94 PID 2256 wrote to memory of 3884 2256 rundll32.exe 94 PID 3884 wrote to memory of 3508 3884 rundll32.exe 95 PID 3884 wrote to memory of 3508 3884 rundll32.exe 95 PID 3884 wrote to memory of 3508 3884 rundll32.exe 95 PID 3508 wrote to memory of 3208 3508 rundll32.exe 96 PID 3508 wrote to memory of 3208 3508 rundll32.exe 96 PID 3508 wrote to memory of 3208 3508 rundll32.exe 96 PID 3208 wrote to memory of 4432 3208 rundll32.exe 97 PID 3208 wrote to memory of 4432 3208 rundll32.exe 97 PID 3208 wrote to memory of 4432 3208 rundll32.exe 97 PID 4432 wrote to memory of 2988 4432 rundll32.exe 98 PID 4432 wrote to memory of 2988 4432 rundll32.exe 98 PID 4432 wrote to memory of 2988 4432 rundll32.exe 98 PID 2988 wrote to memory of 3688 2988 rundll32.exe 99 PID 2988 wrote to memory of 3688 2988 rundll32.exe 99 PID 2988 wrote to memory of 3688 2988 rundll32.exe 99 PID 3688 wrote to memory of 3856 3688 rundll32.exe 100 PID 3688 wrote to memory of 3856 3688 rundll32.exe 100 PID 3688 wrote to memory of 3856 3688 rundll32.exe 100 PID 3856 wrote to memory of 4744 3856 rundll32.exe 101
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1984 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:3516 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#13⤵
- Suspicious use of WriteProcessMemory
PID:3300 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#14⤵
- Suspicious use of WriteProcessMemory
PID:544 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#15⤵
- Suspicious use of WriteProcessMemory
PID:60 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#16⤵
- Suspicious use of WriteProcessMemory
PID:2784 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#17⤵
- Suspicious use of WriteProcessMemory
PID:4832 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#18⤵
- Suspicious use of WriteProcessMemory
PID:4872 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#19⤵
- Suspicious use of WriteProcessMemory
PID:4912 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#110⤵
- Suspicious use of WriteProcessMemory
PID:4808 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#111⤵
- Suspicious use of WriteProcessMemory
PID:3504 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#112⤵
- Suspicious use of WriteProcessMemory
PID:3048 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#113⤵
- Suspicious use of WriteProcessMemory
PID:2216 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#114⤵
- Suspicious use of WriteProcessMemory
PID:2244 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#115⤵
- Suspicious use of WriteProcessMemory
PID:2256 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#116⤵
- Suspicious use of WriteProcessMemory
PID:3884 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#117⤵
- Suspicious use of WriteProcessMemory
PID:3508 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#118⤵
- Suspicious use of WriteProcessMemory
PID:3208 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#119⤵
- Suspicious use of WriteProcessMemory
PID:4432 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#120⤵
- Suspicious use of WriteProcessMemory
PID:2988 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#121⤵
- Suspicious use of WriteProcessMemory
PID:3688 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#122⤵
- Suspicious use of WriteProcessMemory
PID:3856 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#123⤵PID:4744
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#124⤵PID:3412
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#125⤵PID:3520
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#126⤵PID:3940
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#127⤵PID:2688
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#128⤵PID:760
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#129⤵PID:2656
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#130⤵PID:4472
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#131⤵PID:324
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#132⤵PID:208
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#133⤵PID:116
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#134⤵PID:2684
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#135⤵PID:3644
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#136⤵PID:1324
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#137⤵PID:4124
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#138⤵PID:1080
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#139⤵PID:5104
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#140⤵PID:3360
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#141⤵PID:5112
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#142⤵PID:1104
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#143⤵PID:4036
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#144⤵PID:4840
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#145⤵PID:3484
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#146⤵PID:2588
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#147⤵PID:2324
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#148⤵PID:3464
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#149⤵PID:5032
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#150⤵PID:4600
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#151⤵PID:2176
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#152⤵PID:4564
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#153⤵PID:1640
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#154⤵PID:2208
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#155⤵PID:3116
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#156⤵PID:1888
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#157⤵PID:4584
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#158⤵PID:4680
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#159⤵PID:3308
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#160⤵PID:2628
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#161⤵PID:4352
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#162⤵PID:4552
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#163⤵PID:1424
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#164⤵PID:5020
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#165⤵PID:1488
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#166⤵PID:2264
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#167⤵PID:2640
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#168⤵PID:3640
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#169⤵PID:4580
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#170⤵PID:3396
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#171⤵PID:4412
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#172⤵PID:4160
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#173⤵PID:4152
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#174⤵PID:4108
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#175⤵PID:4488
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#176⤵PID:468
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#177⤵PID:1836
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#178⤵PID:2744
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#179⤵PID:1512
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#180⤵PID:4592
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#181⤵PID:2104
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#182⤵PID:3500
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#183⤵PID:4084
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#184⤵PID:3868
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#185⤵PID:1912
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#186⤵PID:2612
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#187⤵PID:3076
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#188⤵PID:4068
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#189⤵PID:1116
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#190⤵PID:4164
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#191⤵PID:3544
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#192⤵PID:1776
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#193⤵PID:652
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#194⤵PID:2964
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#195⤵PID:2652
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#196⤵PID:1748
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#197⤵PID:3600
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#198⤵PID:2004
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#199⤵PID:2464
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1100⤵PID:1724
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1101⤵PID:2972
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1102⤵PID:2088
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1103⤵PID:3460
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1104⤵PID:4076
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1105⤵PID:4360
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1106⤵PID:1432
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1107⤵PID:4344
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1108⤵PID:2932
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1109⤵PID:2792
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1110⤵PID:1196
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1111⤵PID:4784
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1112⤵PID:3924
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1113⤵PID:4004
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1114⤵PID:1964
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1115⤵PID:2740
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1116⤵PID:4836
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1117⤵PID:2148
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1118⤵PID:4964
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1119⤵PID:4996
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1120⤵PID:1716
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1121⤵PID:4496
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2004-57-0x0000000000200000-0x0000000000222000-memory.dll,#1122⤵PID:4848
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-