Analysis
-
max time kernel
92s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
07/02/2023, 17:15
Behavioral task
behavioral1
Sample
4564-155-0x0000000010000000-0x0000000010023000-memory.dll
Resource
win7-20220901-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
4564-155-0x0000000010000000-0x0000000010023000-memory.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
4564-155-0x0000000010000000-0x0000000010023000-memory.dll
-
Size
140KB
-
MD5
dcb3483a8843d5335233a571096f7b2f
-
SHA1
f3fdd51477f1134de2a68f79de077761f340837e
-
SHA256
57d6276da0abf835d82cbb6e661f3aae98511f4527a176f94c4882f0abc160d9
-
SHA512
07d2f71263dd2890c996c37f94bf92d7f0577daadb14fc13c96b6e2b83d0fc9afd1d4be7a2d2aed87d2862cf2e4122009c067eefcca3412f3c9761d9f8ea3165
-
SSDEEP
3072:fYsvVxGf6etSkipCRP2HSxGRA7JiGnwH8TBfPfYZzc:fPuf6ecDC1xGa7JfnwH8TBHAZzc
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4656 wrote to memory of 4860 4656 rundll32.exe 52 PID 4656 wrote to memory of 4860 4656 rundll32.exe 52 PID 4656 wrote to memory of 4860 4656 rundll32.exe 52 PID 4860 wrote to memory of 3440 4860 rundll32.exe 82 PID 4860 wrote to memory of 3440 4860 rundll32.exe 82 PID 4860 wrote to memory of 3440 4860 rundll32.exe 82 PID 3440 wrote to memory of 2200 3440 rundll32.exe 83 PID 3440 wrote to memory of 2200 3440 rundll32.exe 83 PID 3440 wrote to memory of 2200 3440 rundll32.exe 83 PID 2200 wrote to memory of 4260 2200 rundll32.exe 84 PID 2200 wrote to memory of 4260 2200 rundll32.exe 84 PID 2200 wrote to memory of 4260 2200 rundll32.exe 84 PID 4260 wrote to memory of 2280 4260 rundll32.exe 85 PID 4260 wrote to memory of 2280 4260 rundll32.exe 85 PID 4260 wrote to memory of 2280 4260 rundll32.exe 85 PID 2280 wrote to memory of 2556 2280 rundll32.exe 86 PID 2280 wrote to memory of 2556 2280 rundll32.exe 86 PID 2280 wrote to memory of 2556 2280 rundll32.exe 86 PID 2556 wrote to memory of 1468 2556 rundll32.exe 87 PID 2556 wrote to memory of 1468 2556 rundll32.exe 87 PID 2556 wrote to memory of 1468 2556 rundll32.exe 87 PID 1468 wrote to memory of 2604 1468 rundll32.exe 88 PID 1468 wrote to memory of 2604 1468 rundll32.exe 88 PID 1468 wrote to memory of 2604 1468 rundll32.exe 88 PID 2604 wrote to memory of 3264 2604 rundll32.exe 90 PID 2604 wrote to memory of 3264 2604 rundll32.exe 90 PID 2604 wrote to memory of 3264 2604 rundll32.exe 90 PID 3264 wrote to memory of 2132 3264 rundll32.exe 89 PID 3264 wrote to memory of 2132 3264 rundll32.exe 89 PID 3264 wrote to memory of 2132 3264 rundll32.exe 89 PID 2132 wrote to memory of 4764 2132 rundll32.exe 91 PID 2132 wrote to memory of 4764 2132 rundll32.exe 91 PID 2132 wrote to memory of 4764 2132 rundll32.exe 91 PID 4764 wrote to memory of 3576 4764 rundll32.exe 92 PID 4764 wrote to memory of 3576 4764 rundll32.exe 92 PID 4764 wrote to memory of 3576 4764 rundll32.exe 92 PID 3576 wrote to memory of 4932 3576 rundll32.exe 93 PID 3576 wrote to memory of 4932 3576 rundll32.exe 93 PID 3576 wrote to memory of 4932 3576 rundll32.exe 93 PID 4932 wrote to memory of 4848 4932 rundll32.exe 94 PID 4932 wrote to memory of 4848 4932 rundll32.exe 94 PID 4932 wrote to memory of 4848 4932 rundll32.exe 94 PID 4848 wrote to memory of 4872 4848 rundll32.exe 95 PID 4848 wrote to memory of 4872 4848 rundll32.exe 95 PID 4848 wrote to memory of 4872 4848 rundll32.exe 95 PID 4872 wrote to memory of 3380 4872 rundll32.exe 96 PID 4872 wrote to memory of 3380 4872 rundll32.exe 96 PID 4872 wrote to memory of 3380 4872 rundll32.exe 96 PID 3380 wrote to memory of 4792 3380 rundll32.exe 97 PID 3380 wrote to memory of 4792 3380 rundll32.exe 97 PID 3380 wrote to memory of 4792 3380 rundll32.exe 97 PID 4792 wrote to memory of 3208 4792 rundll32.exe 98 PID 4792 wrote to memory of 3208 4792 rundll32.exe 98 PID 4792 wrote to memory of 3208 4792 rundll32.exe 98 PID 3208 wrote to memory of 2372 3208 rundll32.exe 100 PID 3208 wrote to memory of 2372 3208 rundll32.exe 100 PID 3208 wrote to memory of 2372 3208 rundll32.exe 100 PID 2372 wrote to memory of 5060 2372 rundll32.exe 99 PID 2372 wrote to memory of 5060 2372 rundll32.exe 99 PID 2372 wrote to memory of 5060 2372 rundll32.exe 99 PID 5060 wrote to memory of 1304 5060 rundll32.exe 101 PID 5060 wrote to memory of 1304 5060 rundll32.exe 101 PID 5060 wrote to memory of 1304 5060 rundll32.exe 101 PID 1304 wrote to memory of 1088 1304 rundll32.exe 102
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4656 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:4860 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#13⤵
- Suspicious use of WriteProcessMemory
PID:3440 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#14⤵
- Suspicious use of WriteProcessMemory
PID:2200 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#15⤵
- Suspicious use of WriteProcessMemory
PID:4260 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#16⤵
- Suspicious use of WriteProcessMemory
PID:2280 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#17⤵
- Suspicious use of WriteProcessMemory
PID:2556 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#18⤵
- Suspicious use of WriteProcessMemory
PID:1468 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#19⤵
- Suspicious use of WriteProcessMemory
PID:2604 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#110⤵
- Suspicious use of WriteProcessMemory
PID:3264
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2132 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:4764 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#13⤵
- Suspicious use of WriteProcessMemory
PID:3576 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#14⤵
- Suspicious use of WriteProcessMemory
PID:4932 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#15⤵
- Suspicious use of WriteProcessMemory
PID:4848 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#16⤵
- Suspicious use of WriteProcessMemory
PID:4872 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#17⤵
- Suspicious use of WriteProcessMemory
PID:3380 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#18⤵
- Suspicious use of WriteProcessMemory
PID:4792 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#19⤵
- Suspicious use of WriteProcessMemory
PID:3208 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#110⤵
- Suspicious use of WriteProcessMemory
PID:2372
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5060 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:1304 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#13⤵PID:1088
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#14⤵PID:1288
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#15⤵PID:4268
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#16⤵PID:3376
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#17⤵PID:1724
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#18⤵PID:1020
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#19⤵PID:4168
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#110⤵PID:808
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#111⤵PID:1456
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#112⤵PID:3544
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#113⤵PID:4496
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#114⤵PID:5008
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#115⤵PID:212
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#116⤵PID:228
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#11⤵PID:3044
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#12⤵PID:1384
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#11⤵PID:4392
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#12⤵PID:2160
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#13⤵PID:1600
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#14⤵PID:3452
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#15⤵PID:3648
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#16⤵PID:3596
-
-
-
-
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#11⤵PID:4052
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#12⤵PID:3500
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#13⤵PID:1968
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#14⤵PID:3128
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#15⤵PID:3924
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#16⤵PID:5104
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#17⤵PID:2072
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#18⤵PID:4840
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#19⤵PID:4812
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#110⤵PID:4340
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#111⤵PID:1492
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#112⤵PID:5072
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#113⤵PID:3188
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#114⤵PID:2812
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#115⤵PID:1460
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#116⤵PID:3200
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#117⤵PID:2580
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#118⤵PID:376
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#119⤵PID:2276
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#120⤵PID:2780
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#121⤵PID:5096
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#122⤵PID:4584
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#123⤵PID:4436
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#124⤵PID:2912
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#125⤵PID:4232
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#126⤵PID:5080
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#127⤵PID:4092
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#128⤵PID:4504
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#129⤵PID:1016
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#130⤵PID:1308
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#131⤵PID:1528
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#132⤵PID:1236
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#133⤵PID:1392
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#134⤵PID:3932
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#135⤵PID:4576
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#136⤵PID:1900
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#137⤵PID:2828
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#138⤵PID:3592
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#139⤵PID:3236
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#140⤵PID:3364
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#11⤵PID:1688
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#12⤵PID:444
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#13⤵PID:1496
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#14⤵PID:1368
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#15⤵PID:3980
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#16⤵PID:4084
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#17⤵PID:2252
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#18⤵PID:4564
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#19⤵PID:1804
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#110⤵PID:4048
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#111⤵PID:2524
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#112⤵PID:3456
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#113⤵PID:4916
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#114⤵PID:4824
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#115⤵PID:4024
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#116⤵PID:4100
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#117⤵PID:2568
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#118⤵PID:4708
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#119⤵PID:216
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#120⤵PID:4308
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#121⤵PID:3632
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#122⤵PID:3604
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#123⤵PID:4512
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#124⤵PID:1588
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#125⤵PID:1780
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#126⤵PID:3820
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#127⤵PID:5124
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#128⤵PID:5136
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#129⤵PID:5152
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#130⤵PID:5164
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#131⤵PID:5180
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#132⤵PID:5200
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#133⤵PID:5216
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#134⤵PID:5236
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#135⤵PID:5252
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#136⤵PID:5272
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#137⤵PID:5288
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#138⤵PID:5304
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#139⤵PID:5320
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#140⤵PID:5340
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#141⤵PID:5360
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#142⤵PID:5380
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#143⤵PID:5400
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#144⤵PID:5416
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#145⤵PID:5432
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#146⤵PID:5448
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#147⤵PID:5464
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#148⤵PID:5480
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#149⤵PID:5496
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#150⤵PID:5512
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#151⤵PID:5528
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#152⤵PID:5544
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#153⤵PID:5560
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#154⤵PID:5576
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#155⤵PID:5592
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#156⤵PID:5608
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#157⤵PID:5624
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#158⤵PID:5640
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#159⤵PID:5656
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#160⤵PID:5668
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#161⤵PID:5680
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#162⤵PID:5692
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#163⤵PID:5720
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#164⤵PID:5736
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#165⤵PID:5752
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#166⤵PID:5768
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#167⤵PID:5784
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#168⤵PID:5796
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#169⤵PID:5812
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#170⤵PID:5828
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#171⤵PID:5844
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#172⤵PID:5860
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#173⤵PID:5876
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#174⤵PID:5892
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#175⤵PID:5908
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#176⤵PID:5920
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#177⤵PID:5936
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#178⤵PID:5952
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#179⤵PID:5964
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#180⤵PID:5980
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#181⤵PID:5996
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#182⤵PID:6012
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#183⤵PID:6024
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#184⤵PID:6040
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#185⤵PID:6056
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#186⤵PID:6072
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#187⤵PID:6084
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#188⤵PID:6100
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#189⤵PID:6116
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#190⤵PID:6132
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#191⤵PID:3120
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#192⤵PID:1940
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#193⤵PID:2540
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#194⤵PID:4952
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#195⤵PID:2888
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#196⤵PID:3180
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#197⤵PID:5024
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#198⤵PID:1808
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#199⤵PID:3152
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1100⤵PID:6160
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1101⤵PID:6176
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1102⤵PID:6192
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1103⤵PID:6208
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1104⤵PID:6224
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1105⤵PID:6240
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1106⤵PID:6256
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1107⤵PID:6272
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1108⤵PID:6288
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1109⤵PID:6304
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1110⤵PID:6320
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1111⤵PID:6336
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1112⤵PID:6352
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1113⤵PID:6364
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1114⤵PID:6384
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1115⤵PID:6400
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1116⤵PID:6416
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1117⤵PID:6432
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1118⤵PID:6444
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1119⤵PID:6464
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1120⤵PID:6476
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1121⤵PID:6492
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4564-155-0x0000000010000000-0x0000000010023000-memory.dll,#1122⤵PID:6508
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-