Analysis
-
max time kernel
148s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
25-07-2024 03:11
Behavioral task
behavioral1
Sample
1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll
Resource
win10v2004-20240709-en
General
-
Target
1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll
-
Size
92KB
-
MD5
a609951e5afdd3b393faf3bb677eedab
-
SHA1
3767bd1d6e5ec1f6665602b6468a4f89be2bbe4a
-
SHA256
6eadefbc67e7b469fffa2e876a98d7e39564deb3014d45d34c0a562848afbfd7
-
SHA512
0a42a782b68bda97584783f43c6f982f01496f714cee82a8e402a1b8a4fc2491c2c2748cd412eed90a03722258dd05e57048f4477d9c9fdd760513a37277dfed
-
SSDEEP
1536:YRRRRRRRRRRRRBExjIx/XS7VFHrTm3UIMqqU+2bbbAV2/S2TrKyGBUx:pIxfQVFeZMqqDL2/TrK
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
rundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
dwm.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 dwm.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags dwm.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 dwm.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags dwm.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID dwm.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID dwm.exe -
Enumerates system info in registry 2 TTPs 2 IoCs
Processes:
dwm.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS dwm.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU dwm.exe -
Modifies data under HKEY_USERS 18 IoCs
Processes:
dwm.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA dwm.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
Processes:
dwm.exedescription pid process Token: SeCreateGlobalPrivilege 4672 dwm.exe Token: SeChangeNotifyPrivilege 4672 dwm.exe Token: 33 4672 dwm.exe Token: SeIncBasePriorityPrivilege 4672 dwm.exe Token: SeShutdownPrivilege 4672 dwm.exe Token: SeCreatePagefilePrivilege 4672 dwm.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
rundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exedescription pid process target process PID 1524 wrote to memory of 3616 1524 rundll32.exe rundll32.exe PID 1524 wrote to memory of 3616 1524 rundll32.exe rundll32.exe PID 1524 wrote to memory of 3616 1524 rundll32.exe rundll32.exe PID 3616 wrote to memory of 2784 3616 rundll32.exe rundll32.exe PID 3616 wrote to memory of 2784 3616 rundll32.exe rundll32.exe PID 3616 wrote to memory of 2784 3616 rundll32.exe rundll32.exe PID 2784 wrote to memory of 4004 2784 rundll32.exe rundll32.exe PID 2784 wrote to memory of 4004 2784 rundll32.exe rundll32.exe PID 2784 wrote to memory of 4004 2784 rundll32.exe rundll32.exe PID 4004 wrote to memory of 3132 4004 rundll32.exe rundll32.exe PID 4004 wrote to memory of 3132 4004 rundll32.exe rundll32.exe PID 4004 wrote to memory of 3132 4004 rundll32.exe rundll32.exe PID 3132 wrote to memory of 1484 3132 rundll32.exe rundll32.exe PID 3132 wrote to memory of 1484 3132 rundll32.exe rundll32.exe PID 3132 wrote to memory of 1484 3132 rundll32.exe rundll32.exe PID 1484 wrote to memory of 4364 1484 rundll32.exe rundll32.exe PID 1484 wrote to memory of 4364 1484 rundll32.exe rundll32.exe PID 1484 wrote to memory of 4364 1484 rundll32.exe rundll32.exe PID 4364 wrote to memory of 3152 4364 rundll32.exe rundll32.exe PID 4364 wrote to memory of 3152 4364 rundll32.exe rundll32.exe PID 4364 wrote to memory of 3152 4364 rundll32.exe rundll32.exe PID 3152 wrote to memory of 3648 3152 rundll32.exe rundll32.exe PID 3152 wrote to memory of 3648 3152 rundll32.exe rundll32.exe PID 3152 wrote to memory of 3648 3152 rundll32.exe rundll32.exe PID 3648 wrote to memory of 4472 3648 rundll32.exe rundll32.exe PID 3648 wrote to memory of 4472 3648 rundll32.exe rundll32.exe PID 3648 wrote to memory of 4472 3648 rundll32.exe rundll32.exe PID 4472 wrote to memory of 2640 4472 rundll32.exe rundll32.exe PID 4472 wrote to memory of 2640 4472 rundll32.exe rundll32.exe PID 4472 wrote to memory of 2640 4472 rundll32.exe rundll32.exe PID 2640 wrote to memory of 2804 2640 rundll32.exe rundll32.exe PID 2640 wrote to memory of 2804 2640 rundll32.exe rundll32.exe PID 2640 wrote to memory of 2804 2640 rundll32.exe rundll32.exe PID 2804 wrote to memory of 2692 2804 rundll32.exe rundll32.exe PID 2804 wrote to memory of 2692 2804 rundll32.exe rundll32.exe PID 2804 wrote to memory of 2692 2804 rundll32.exe rundll32.exe PID 2692 wrote to memory of 2868 2692 rundll32.exe rundll32.exe PID 2692 wrote to memory of 2868 2692 rundll32.exe rundll32.exe PID 2692 wrote to memory of 2868 2692 rundll32.exe rundll32.exe PID 2868 wrote to memory of 4100 2868 rundll32.exe rundll32.exe PID 2868 wrote to memory of 4100 2868 rundll32.exe rundll32.exe PID 2868 wrote to memory of 4100 2868 rundll32.exe rundll32.exe PID 4100 wrote to memory of 1860 4100 rundll32.exe rundll32.exe PID 4100 wrote to memory of 1860 4100 rundll32.exe rundll32.exe PID 4100 wrote to memory of 1860 4100 rundll32.exe rundll32.exe PID 1860 wrote to memory of 4588 1860 rundll32.exe rundll32.exe PID 1860 wrote to memory of 4588 1860 rundll32.exe rundll32.exe PID 1860 wrote to memory of 4588 1860 rundll32.exe rundll32.exe PID 4588 wrote to memory of 848 4588 rundll32.exe rundll32.exe PID 4588 wrote to memory of 848 4588 rundll32.exe rundll32.exe PID 4588 wrote to memory of 848 4588 rundll32.exe rundll32.exe PID 848 wrote to memory of 4684 848 rundll32.exe rundll32.exe PID 848 wrote to memory of 4684 848 rundll32.exe rundll32.exe PID 848 wrote to memory of 4684 848 rundll32.exe rundll32.exe PID 4684 wrote to memory of 1148 4684 rundll32.exe rundll32.exe PID 4684 wrote to memory of 1148 4684 rundll32.exe rundll32.exe PID 4684 wrote to memory of 1148 4684 rundll32.exe rundll32.exe PID 1148 wrote to memory of 948 1148 rundll32.exe rundll32.exe PID 1148 wrote to memory of 948 1148 rundll32.exe rundll32.exe PID 1148 wrote to memory of 948 1148 rundll32.exe rundll32.exe PID 948 wrote to memory of 1152 948 rundll32.exe rundll32.exe PID 948 wrote to memory of 1152 948 rundll32.exe rundll32.exe PID 948 wrote to memory of 1152 948 rundll32.exe rundll32.exe PID 1152 wrote to memory of 1888 1152 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1524 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:3616 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#13⤵
- Suspicious use of WriteProcessMemory
PID:2784 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#14⤵
- Suspicious use of WriteProcessMemory
PID:4004 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#15⤵
- Suspicious use of WriteProcessMemory
PID:3132 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#16⤵
- Suspicious use of WriteProcessMemory
PID:1484 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#17⤵
- Suspicious use of WriteProcessMemory
PID:4364 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#18⤵
- Suspicious use of WriteProcessMemory
PID:3152 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#19⤵
- Suspicious use of WriteProcessMemory
PID:3648 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#110⤵
- Suspicious use of WriteProcessMemory
PID:4472 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#111⤵
- Suspicious use of WriteProcessMemory
PID:2640 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#112⤵
- Suspicious use of WriteProcessMemory
PID:2804 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#113⤵
- Suspicious use of WriteProcessMemory
PID:2692 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#114⤵
- Suspicious use of WriteProcessMemory
PID:2868 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#115⤵
- Suspicious use of WriteProcessMemory
PID:4100 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#116⤵
- Suspicious use of WriteProcessMemory
PID:1860 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#117⤵
- Suspicious use of WriteProcessMemory
PID:4588 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#118⤵
- Suspicious use of WriteProcessMemory
PID:848 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#119⤵
- Suspicious use of WriteProcessMemory
PID:4684 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#120⤵
- Suspicious use of WriteProcessMemory
PID:1148 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#121⤵
- Suspicious use of WriteProcessMemory
PID:948 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#122⤵
- Suspicious use of WriteProcessMemory
PID:1152 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#123⤵PID:1888
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#124⤵PID:4840
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#125⤵PID:428
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#126⤵PID:1500
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#127⤵
- System Location Discovery: System Language Discovery
PID:3236 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#128⤵PID:3636
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#129⤵PID:3136
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#130⤵PID:2424
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#131⤵PID:1184
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#132⤵PID:1212
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#133⤵PID:4016
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#134⤵PID:3584
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#135⤵PID:5112
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#136⤵PID:4608
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#137⤵PID:4892
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#138⤵PID:3156
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#139⤵PID:4972
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#140⤵PID:408
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#141⤵PID:4084
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#142⤵PID:2660
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#143⤵PID:1892
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#144⤵PID:3204
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#145⤵PID:3200
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#146⤵PID:4944
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#147⤵PID:3112
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#148⤵PID:2032
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#149⤵PID:1248
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#150⤵PID:1552
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#151⤵PID:2616
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#152⤵PID:4736
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#153⤵PID:1140
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#154⤵PID:4036
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#155⤵
- System Location Discovery: System Language Discovery
PID:2924 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#156⤵PID:3844
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#157⤵PID:2080
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#158⤵PID:1808
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#159⤵PID:2092
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#160⤵PID:2984
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#161⤵PID:1592
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#162⤵PID:3704
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#163⤵PID:1608
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#164⤵PID:3504
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#165⤵PID:3760
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#166⤵PID:432
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#167⤵PID:932
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#168⤵PID:4176
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#169⤵PID:660
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#170⤵PID:3664
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#171⤵PID:388
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#172⤵PID:696
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#173⤵
- System Location Discovery: System Language Discovery
PID:2628 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#174⤵PID:1504
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#175⤵PID:3880
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#176⤵PID:4304
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#177⤵
- System Location Discovery: System Language Discovery
PID:4740 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#178⤵PID:3612
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#179⤵PID:4104
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#180⤵PID:3972
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#181⤵PID:4336
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#182⤵PID:3708
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#183⤵PID:4600
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#184⤵PID:1600
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#185⤵PID:2768
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#186⤵PID:4800
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#187⤵PID:4508
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#188⤵PID:2124
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#189⤵PID:5020
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#190⤵PID:1076
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#191⤵PID:5080
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#192⤵PID:3892
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#193⤵PID:404
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#194⤵PID:4932
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#195⤵PID:4580
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#196⤵PID:2432
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#197⤵PID:2428
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#198⤵PID:4432
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#199⤵PID:4856
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1100⤵PID:760
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1101⤵PID:2216
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1102⤵PID:4288
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1103⤵PID:3820
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1104⤵PID:5128
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1105⤵PID:5144
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1106⤵PID:5164
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1107⤵
- System Location Discovery: System Language Discovery
PID:5176 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1108⤵PID:5192
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1109⤵PID:5208
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1110⤵PID:5220
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1111⤵PID:5240
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1112⤵PID:5256
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1113⤵PID:5272
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1114⤵PID:5288
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1115⤵PID:5304
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1116⤵PID:5316
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1117⤵PID:5332
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1118⤵PID:5368
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1119⤵PID:5388
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1120⤵PID:5404
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1121⤵PID:5416
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1122⤵
- System Location Discovery: System Language Discovery
PID:5432 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1123⤵PID:5452
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1124⤵PID:5468
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1125⤵PID:5484
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1126⤵PID:5500
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1127⤵PID:5520
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1128⤵PID:5532
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1129⤵PID:5548
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1130⤵PID:5564
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1131⤵PID:5580
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1132⤵PID:5596
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1133⤵PID:5616
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1134⤵PID:5628
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1135⤵PID:5644
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1136⤵PID:5660
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1137⤵PID:5676
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1138⤵PID:5688
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1139⤵PID:5708
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1140⤵PID:5724
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1141⤵PID:5740
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1142⤵PID:5756
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1143⤵PID:5772
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1144⤵PID:5784
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1145⤵PID:5800
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1146⤵PID:5816
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1147⤵PID:5828
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1148⤵PID:5844
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1149⤵PID:5860
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1150⤵PID:5876
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1151⤵PID:5888
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1152⤵PID:5904
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1153⤵PID:5920
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1154⤵PID:5936
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1155⤵PID:5952
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1156⤵PID:5968
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1157⤵
- System Location Discovery: System Language Discovery
PID:5988 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1158⤵PID:6004
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1159⤵PID:6016
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1160⤵PID:6032
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1161⤵PID:6044
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1162⤵PID:6060
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1163⤵PID:6076
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1164⤵PID:6092
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1165⤵PID:6108
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1166⤵PID:6124
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1167⤵PID:6140
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1168⤵PID:5464
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1169⤵PID:6148
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1170⤵PID:6164
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1171⤵PID:6180
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1172⤵PID:6196
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1173⤵PID:6212
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1174⤵PID:6228
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1175⤵
- System Location Discovery: System Language Discovery
PID:6244 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1176⤵PID:6260
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1177⤵PID:6276
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1178⤵PID:6292
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1179⤵PID:6308
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1180⤵PID:6324
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1181⤵PID:6340
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1182⤵PID:6352
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1183⤵PID:6364
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1184⤵
- System Location Discovery: System Language Discovery
PID:6380 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1185⤵PID:6396
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1186⤵PID:6408
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1187⤵
- System Location Discovery: System Language Discovery
PID:6428 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1188⤵PID:6440
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1189⤵PID:6456
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1190⤵PID:6476
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1191⤵PID:6488
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1192⤵PID:6504
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1193⤵PID:6520
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1194⤵
- System Location Discovery: System Language Discovery
PID:6540 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1195⤵PID:6552
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1196⤵
- System Location Discovery: System Language Discovery
PID:6568 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1197⤵PID:6612
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1198⤵PID:6640
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1199⤵PID:6656
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1200⤵PID:6668
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1201⤵PID:6684
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1202⤵PID:6700
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1203⤵PID:6716
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1204⤵PID:6732
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1205⤵
- System Location Discovery: System Language Discovery
PID:6748 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1206⤵PID:6764
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1207⤵PID:6776
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1208⤵PID:6792
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1209⤵PID:6808
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1210⤵PID:6824
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1211⤵PID:6840
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1212⤵PID:6852
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1213⤵PID:6872
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1214⤵PID:6884
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1215⤵PID:6900
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1216⤵PID:6912
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1217⤵PID:6928
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1218⤵PID:6944
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1219⤵PID:6960
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1220⤵PID:6976
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1221⤵PID:6992
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1222⤵PID:7004
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1223⤵PID:7024
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1224⤵
- System Location Discovery: System Language Discovery
PID:7040 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1225⤵PID:7060
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1226⤵
- System Location Discovery: System Language Discovery
PID:7076 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1227⤵PID:7088
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1228⤵
- System Location Discovery: System Language Discovery
PID:7104 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1229⤵PID:7120
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1230⤵PID:7136
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1231⤵PID:5608
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1232⤵PID:4904
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1233⤵PID:2052
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1234⤵PID:4216
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1235⤵PID:2480
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1236⤵PID:7196
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1237⤵PID:7220
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1238⤵PID:7240
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1239⤵PID:7296
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1240⤵PID:7316
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1241⤵PID:7360
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1068-4-0x00000000001D0000-0x00000000001E7000-memory.dll,#1242⤵PID:7384