Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
25-07-2024 03:09
Behavioral task
behavioral1
Sample
1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll
Resource
win10v2004-20240709-en
General
-
Target
1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll
-
Size
92KB
-
MD5
7eca8377802660834b3269d1f5ac04d8
-
SHA1
e1dd89aa6caafcb028d34f8c8700ab586e10de65
-
SHA256
3c9da3bbec9e84babce33825fdc7c04cacc077d6c427f7be9b116a728a0a0159
-
SHA512
135c760730dde7a09fa5cf19aed73bc3640c7ed29621ff720838472d4561d8412e3f83cba29a09862fcdcc16ccda3f9f1d6e7d9ee55a2646e39eb082cf5f70e6
-
SSDEEP
1536:IxxxxxxxxxxxxhEhD44SnSLF13hvOUYCCQq0UCchR0aNMqqU+2bbbAV2/S2TrKy5:p44sgF1+HBMqqDL2/TrK
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
rundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
rundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exedescription pid process target process PID 5924 wrote to memory of 3216 5924 rundll32.exe rundll32.exe PID 5924 wrote to memory of 3216 5924 rundll32.exe rundll32.exe PID 5924 wrote to memory of 3216 5924 rundll32.exe rundll32.exe PID 3216 wrote to memory of 4020 3216 rundll32.exe rundll32.exe PID 3216 wrote to memory of 4020 3216 rundll32.exe rundll32.exe PID 3216 wrote to memory of 4020 3216 rundll32.exe rundll32.exe PID 4020 wrote to memory of 448 4020 rundll32.exe rundll32.exe PID 4020 wrote to memory of 448 4020 rundll32.exe rundll32.exe PID 4020 wrote to memory of 448 4020 rundll32.exe rundll32.exe PID 448 wrote to memory of 4900 448 rundll32.exe rundll32.exe PID 448 wrote to memory of 4900 448 rundll32.exe rundll32.exe PID 448 wrote to memory of 4900 448 rundll32.exe rundll32.exe PID 4900 wrote to memory of 532 4900 rundll32.exe rundll32.exe PID 4900 wrote to memory of 532 4900 rundll32.exe rundll32.exe PID 4900 wrote to memory of 532 4900 rundll32.exe rundll32.exe PID 532 wrote to memory of 3012 532 rundll32.exe rundll32.exe PID 532 wrote to memory of 3012 532 rundll32.exe rundll32.exe PID 532 wrote to memory of 3012 532 rundll32.exe rundll32.exe PID 3012 wrote to memory of 4212 3012 rundll32.exe rundll32.exe PID 3012 wrote to memory of 4212 3012 rundll32.exe rundll32.exe PID 3012 wrote to memory of 4212 3012 rundll32.exe rundll32.exe PID 4212 wrote to memory of 3016 4212 rundll32.exe rundll32.exe PID 4212 wrote to memory of 3016 4212 rundll32.exe rundll32.exe PID 4212 wrote to memory of 3016 4212 rundll32.exe rundll32.exe PID 3016 wrote to memory of 3048 3016 rundll32.exe rundll32.exe PID 3016 wrote to memory of 3048 3016 rundll32.exe rundll32.exe PID 3016 wrote to memory of 3048 3016 rundll32.exe rundll32.exe PID 3048 wrote to memory of 1528 3048 rundll32.exe rundll32.exe PID 3048 wrote to memory of 1528 3048 rundll32.exe rundll32.exe PID 3048 wrote to memory of 1528 3048 rundll32.exe rundll32.exe PID 1528 wrote to memory of 732 1528 rundll32.exe rundll32.exe PID 1528 wrote to memory of 732 1528 rundll32.exe rundll32.exe PID 1528 wrote to memory of 732 1528 rundll32.exe rundll32.exe PID 732 wrote to memory of 2912 732 rundll32.exe rundll32.exe PID 732 wrote to memory of 2912 732 rundll32.exe rundll32.exe PID 732 wrote to memory of 2912 732 rundll32.exe rundll32.exe PID 2912 wrote to memory of 2120 2912 rundll32.exe rundll32.exe PID 2912 wrote to memory of 2120 2912 rundll32.exe rundll32.exe PID 2912 wrote to memory of 2120 2912 rundll32.exe rundll32.exe PID 2120 wrote to memory of 2128 2120 rundll32.exe rundll32.exe PID 2120 wrote to memory of 2128 2120 rundll32.exe rundll32.exe PID 2120 wrote to memory of 2128 2120 rundll32.exe rundll32.exe PID 2128 wrote to memory of 3208 2128 rundll32.exe rundll32.exe PID 2128 wrote to memory of 3208 2128 rundll32.exe rundll32.exe PID 2128 wrote to memory of 3208 2128 rundll32.exe rundll32.exe PID 3208 wrote to memory of 4332 3208 rundll32.exe rundll32.exe PID 3208 wrote to memory of 4332 3208 rundll32.exe rundll32.exe PID 3208 wrote to memory of 4332 3208 rundll32.exe rundll32.exe PID 4332 wrote to memory of 4488 4332 rundll32.exe rundll32.exe PID 4332 wrote to memory of 4488 4332 rundll32.exe rundll32.exe PID 4332 wrote to memory of 4488 4332 rundll32.exe rundll32.exe PID 4488 wrote to memory of 6120 4488 rundll32.exe rundll32.exe PID 4488 wrote to memory of 6120 4488 rundll32.exe rundll32.exe PID 4488 wrote to memory of 6120 4488 rundll32.exe rundll32.exe PID 6120 wrote to memory of 628 6120 rundll32.exe rundll32.exe PID 6120 wrote to memory of 628 6120 rundll32.exe rundll32.exe PID 6120 wrote to memory of 628 6120 rundll32.exe rundll32.exe PID 628 wrote to memory of 1940 628 rundll32.exe rundll32.exe PID 628 wrote to memory of 1940 628 rundll32.exe rundll32.exe PID 628 wrote to memory of 1940 628 rundll32.exe rundll32.exe PID 1940 wrote to memory of 2308 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 2308 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 2308 1940 rundll32.exe rundll32.exe PID 2308 wrote to memory of 2160 2308 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5924 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#12⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3216 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#13⤵
- Suspicious use of WriteProcessMemory
PID:4020 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#14⤵
- Suspicious use of WriteProcessMemory
PID:448 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#15⤵
- Suspicious use of WriteProcessMemory
PID:4900 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#16⤵
- Suspicious use of WriteProcessMemory
PID:532 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#17⤵
- Suspicious use of WriteProcessMemory
PID:3012 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#18⤵
- Suspicious use of WriteProcessMemory
PID:4212 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#19⤵
- Suspicious use of WriteProcessMemory
PID:3016 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#110⤵
- Suspicious use of WriteProcessMemory
PID:3048 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#111⤵
- Suspicious use of WriteProcessMemory
PID:1528 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#112⤵
- Suspicious use of WriteProcessMemory
PID:732 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#113⤵
- Suspicious use of WriteProcessMemory
PID:2912 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#114⤵
- Suspicious use of WriteProcessMemory
PID:2120 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#115⤵
- Suspicious use of WriteProcessMemory
PID:2128 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#116⤵
- Suspicious use of WriteProcessMemory
PID:3208 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#117⤵
- Suspicious use of WriteProcessMemory
PID:4332 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#118⤵
- Suspicious use of WriteProcessMemory
PID:4488 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#119⤵
- Suspicious use of WriteProcessMemory
PID:6120 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#120⤵
- Suspicious use of WriteProcessMemory
PID:628 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#121⤵
- Suspicious use of WriteProcessMemory
PID:1940 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#122⤵
- Suspicious use of WriteProcessMemory
PID:2308 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#123⤵PID:2160
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#124⤵PID:2504
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#125⤵PID:1988
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#126⤵PID:2080
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#127⤵PID:3512
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#128⤵PID:2764
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#129⤵PID:2424
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#130⤵PID:5932
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#131⤵PID:5800
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#132⤵
- System Location Discovery: System Language Discovery
PID:3148 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#133⤵PID:3112
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#134⤵PID:3240
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#135⤵PID:2988
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#136⤵PID:4388
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#137⤵PID:1064
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#138⤵PID:4036
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#139⤵
- System Location Discovery: System Language Discovery
PID:4496 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#140⤵PID:3964
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#141⤵PID:4676
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#142⤵PID:2248
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#143⤵PID:2252
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#144⤵PID:2232
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#145⤵PID:5624
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#146⤵PID:1692
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#147⤵PID:5700
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#148⤵PID:3684
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#149⤵PID:5720
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#150⤵PID:4560
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#151⤵PID:2648
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#152⤵PID:6108
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#153⤵PID:5964
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#154⤵PID:6076
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#155⤵PID:5984
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#156⤵PID:1444
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#157⤵PID:5400
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#158⤵PID:6068
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#159⤵PID:5836
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#160⤵PID:5088
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#161⤵PID:3368
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#162⤵PID:2412
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#163⤵PID:4716
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#164⤵PID:5548
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#165⤵PID:5764
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#166⤵PID:4464
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#167⤵PID:5228
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#168⤵PID:5268
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#169⤵PID:6052
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#170⤵PID:5728
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#171⤵
- System Location Discovery: System Language Discovery
PID:5248 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#172⤵PID:4652
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#173⤵PID:760
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#174⤵PID:2712
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#175⤵PID:5760
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#176⤵PID:4056
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#177⤵
- System Location Discovery: System Language Discovery
PID:5320 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#178⤵PID:892
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#179⤵
- System Location Discovery: System Language Discovery
PID:1764 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#180⤵PID:1992
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#181⤵PID:1348
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#182⤵PID:2280
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#183⤵PID:2024
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#184⤵PID:5556
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#185⤵PID:640
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#186⤵PID:1404
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#187⤵
- System Location Discovery: System Language Discovery
PID:996 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#188⤵PID:5060
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#189⤵PID:2716
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#190⤵PID:4860
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#191⤵PID:2564
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#192⤵PID:1844
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#193⤵PID:2196
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#194⤵PID:4204
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#195⤵PID:5232
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#196⤵PID:3476
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#197⤵PID:3764
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#198⤵PID:452
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#199⤵PID:3936
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1100⤵PID:1332
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1101⤵PID:908
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1102⤵PID:5160
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1103⤵PID:4568
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1104⤵PID:4552
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1105⤵PID:960
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1106⤵PID:6044
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1107⤵PID:5068
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1108⤵PID:4300
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1109⤵PID:5712
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1110⤵PID:5656
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1111⤵PID:2108
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1112⤵PID:3004
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1113⤵PID:1196
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1114⤵PID:2692
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1115⤵PID:5480
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1116⤵PID:3404
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1117⤵PID:1524
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1118⤵PID:680
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1119⤵PID:404
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1120⤵PID:5596
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1121⤵PID:3748
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1122⤵PID:5288
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1123⤵PID:932
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1124⤵
- System Location Discovery: System Language Discovery
PID:1100 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1125⤵PID:1396
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1126⤵PID:1544
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1127⤵PID:5716
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1128⤵PID:1852
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1129⤵
- System Location Discovery: System Language Discovery
PID:1980 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1130⤵PID:2836
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1131⤵
- System Location Discovery: System Language Discovery
PID:4276 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1132⤵PID:5112
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1133⤵PID:364
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1134⤵PID:3924
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1135⤵PID:5780
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1136⤵PID:4784
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1137⤵PID:5256
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1138⤵PID:5988
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1139⤵PID:2400
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1140⤵PID:5148
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1141⤵PID:1620
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1142⤵PID:2324
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1143⤵PID:4264
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1144⤵PID:4312
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1145⤵
- System Location Discovery: System Language Discovery
PID:4868 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1146⤵PID:6004
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1147⤵PID:624
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1148⤵PID:2312
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1149⤵PID:2368
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1150⤵PID:3420
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1151⤵
- System Location Discovery: System Language Discovery
PID:4920 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1152⤵PID:4684
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1153⤵PID:3408
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1154⤵PID:4968
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1155⤵PID:3692
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1156⤵PID:3536
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1157⤵
- System Location Discovery: System Language Discovery
PID:3564 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1158⤵PID:4468
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1159⤵PID:432
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1160⤵PID:4008
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1161⤵PID:3572
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1162⤵PID:3864
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1163⤵PID:456
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1164⤵PID:3984
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1165⤵PID:6148
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1166⤵PID:6164
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1167⤵PID:6180
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1168⤵PID:6196
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1169⤵PID:6212
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1170⤵PID:6228
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1171⤵PID:6244
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1172⤵
- System Location Discovery: System Language Discovery
PID:6256 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1173⤵PID:6276
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1174⤵PID:6292
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1175⤵PID:6304
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1176⤵PID:6324
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1177⤵PID:6340
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1178⤵PID:6356
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1179⤵PID:6372
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1180⤵PID:6388
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1181⤵PID:6404
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1182⤵PID:6416
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1183⤵PID:6432
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1184⤵PID:6448
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1185⤵
- System Location Discovery: System Language Discovery
PID:6460 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1186⤵PID:6476
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1187⤵PID:6488
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1188⤵PID:6508
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1189⤵PID:6520
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1190⤵PID:6540
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1191⤵
- System Location Discovery: System Language Discovery
PID:6556 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1192⤵PID:6572
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1193⤵PID:6584
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1194⤵PID:6596
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1195⤵PID:6612
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1196⤵PID:6628
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1197⤵PID:6644
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1198⤵PID:6660
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1199⤵PID:6672
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1200⤵PID:6684
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1201⤵PID:6696
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1202⤵PID:6712
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1203⤵PID:6724
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1204⤵PID:6740
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1205⤵PID:6756
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1206⤵PID:6776
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1207⤵
- System Location Discovery: System Language Discovery
PID:6792 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1208⤵PID:6804
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1209⤵PID:6820
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1210⤵PID:6832
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1211⤵PID:6848
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1212⤵PID:6864
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1213⤵PID:6880
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1214⤵PID:6896
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1215⤵PID:6912
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1216⤵PID:6928
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1217⤵PID:6944
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1218⤵PID:6960
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1219⤵PID:6972
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1220⤵PID:6988
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1221⤵PID:7004
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1222⤵PID:7016
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1223⤵PID:7032
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1224⤵PID:7048
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1225⤵PID:7060
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1226⤵PID:7076
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1227⤵PID:7092
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1228⤵PID:7108
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1229⤵PID:7124
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1230⤵PID:7140
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1231⤵PID:7152
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1232⤵PID:7164
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1233⤵PID:7180
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1234⤵PID:7196
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1235⤵
- System Location Discovery: System Language Discovery
PID:7212 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1236⤵PID:7228
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1237⤵PID:7244
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1238⤵PID:7256
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1239⤵PID:7272
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1240⤵PID:7288
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1241⤵PID:7304
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-4-0x00000000002D0000-0x00000000002E7000-memory.dll,#1242⤵PID:7320