Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system -
submitted
23/02/2025, 19:11
Behavioral task
behavioral1
Sample
2516-2-0x0000000010000000-0x000000001002D000-memory.dll
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2516-2-0x0000000010000000-0x000000001002D000-memory.dll
Resource
win10v2004-20250217-en
General
-
Target
2516-2-0x0000000010000000-0x000000001002D000-memory.dll
-
Size
180KB
-
MD5
d5cffe9bdd8a128f41d9275d145f9bc1
-
SHA1
e00fbc1cd07e065e5b60d3462bf025bf9914ca9c
-
SHA256
b91252e20b2f5631f221ed6049bd3c1f788f41b426f731c50199f4aea2048af2
-
SHA512
ee3f045b025f06b09bae3ef52c1e453fb094553479c4ca3b012195957a7f18d20662a08ba86d1000f904f83dbcc34aa11bf0928771b96a93a3aea3d7da83412a
-
SSDEEP
3072:Pmu50sK9wH9ze5n5E8cj3WVvbHN3FBbALmp+tTBflJwhpnwpfrQ5:Pmu50s4wH9y5n5EFWVvbN3FBM1tTBvwv
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1556 wrote to memory of 756 1556 rundll32.exe 84 PID 1556 wrote to memory of 756 1556 rundll32.exe 84 PID 1556 wrote to memory of 756 1556 rundll32.exe 84 PID 756 wrote to memory of 1524 756 rundll32.exe 85 PID 756 wrote to memory of 1524 756 rundll32.exe 85 PID 756 wrote to memory of 1524 756 rundll32.exe 85 PID 1524 wrote to memory of 4268 1524 rundll32.exe 86 PID 1524 wrote to memory of 4268 1524 rundll32.exe 86 PID 1524 wrote to memory of 4268 1524 rundll32.exe 86 PID 4268 wrote to memory of 2852 4268 rundll32.exe 87 PID 4268 wrote to memory of 2852 4268 rundll32.exe 87 PID 4268 wrote to memory of 2852 4268 rundll32.exe 87 PID 2852 wrote to memory of 4404 2852 rundll32.exe 88 PID 2852 wrote to memory of 4404 2852 rundll32.exe 88 PID 2852 wrote to memory of 4404 2852 rundll32.exe 88 PID 4404 wrote to memory of 4164 4404 rundll32.exe 89 PID 4404 wrote to memory of 4164 4404 rundll32.exe 89 PID 4404 wrote to memory of 4164 4404 rundll32.exe 89 PID 4164 wrote to memory of 972 4164 rundll32.exe 91 PID 4164 wrote to memory of 972 4164 rundll32.exe 91 PID 4164 wrote to memory of 972 4164 rundll32.exe 91 PID 972 wrote to memory of 3856 972 rundll32.exe 92 PID 972 wrote to memory of 3856 972 rundll32.exe 92 PID 972 wrote to memory of 3856 972 rundll32.exe 92 PID 3856 wrote to memory of 4804 3856 rundll32.exe 93 PID 3856 wrote to memory of 4804 3856 rundll32.exe 93 PID 3856 wrote to memory of 4804 3856 rundll32.exe 93 PID 4804 wrote to memory of 1564 4804 rundll32.exe 94 PID 4804 wrote to memory of 1564 4804 rundll32.exe 94 PID 4804 wrote to memory of 1564 4804 rundll32.exe 94 PID 1564 wrote to memory of 4028 1564 rundll32.exe 95 PID 1564 wrote to memory of 4028 1564 rundll32.exe 95 PID 1564 wrote to memory of 4028 1564 rundll32.exe 95 PID 4028 wrote to memory of 2960 4028 rundll32.exe 96 PID 4028 wrote to memory of 2960 4028 rundll32.exe 96 PID 4028 wrote to memory of 2960 4028 rundll32.exe 96 PID 2960 wrote to memory of 3708 2960 rundll32.exe 97 PID 2960 wrote to memory of 3708 2960 rundll32.exe 97 PID 2960 wrote to memory of 3708 2960 rundll32.exe 97 PID 3708 wrote to memory of 4568 3708 rundll32.exe 98 PID 3708 wrote to memory of 4568 3708 rundll32.exe 98 PID 3708 wrote to memory of 4568 3708 rundll32.exe 98 PID 4568 wrote to memory of 996 4568 rundll32.exe 99 PID 4568 wrote to memory of 996 4568 rundll32.exe 99 PID 4568 wrote to memory of 996 4568 rundll32.exe 99 PID 996 wrote to memory of 4984 996 rundll32.exe 100 PID 996 wrote to memory of 4984 996 rundll32.exe 100 PID 996 wrote to memory of 4984 996 rundll32.exe 100 PID 4984 wrote to memory of 2860 4984 rundll32.exe 101 PID 4984 wrote to memory of 2860 4984 rundll32.exe 101 PID 4984 wrote to memory of 2860 4984 rundll32.exe 101 PID 2860 wrote to memory of 4776 2860 rundll32.exe 103 PID 2860 wrote to memory of 4776 2860 rundll32.exe 103 PID 2860 wrote to memory of 4776 2860 rundll32.exe 103 PID 4776 wrote to memory of 1328 4776 rundll32.exe 104 PID 4776 wrote to memory of 1328 4776 rundll32.exe 104 PID 4776 wrote to memory of 1328 4776 rundll32.exe 104 PID 1328 wrote to memory of 4532 1328 rundll32.exe 105 PID 1328 wrote to memory of 4532 1328 rundll32.exe 105 PID 1328 wrote to memory of 4532 1328 rundll32.exe 105 PID 4532 wrote to memory of 4712 4532 rundll32.exe 106 PID 4532 wrote to memory of 4712 4532 rundll32.exe 106 PID 4532 wrote to memory of 4712 4532 rundll32.exe 106 PID 4712 wrote to memory of 624 4712 rundll32.exe 107
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1556 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:756 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#13⤵
- Suspicious use of WriteProcessMemory
PID:1524 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#14⤵
- Suspicious use of WriteProcessMemory
PID:4268 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#15⤵
- Suspicious use of WriteProcessMemory
PID:2852 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#16⤵
- Suspicious use of WriteProcessMemory
PID:4404 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#17⤵
- Suspicious use of WriteProcessMemory
PID:4164 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#18⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:972 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#19⤵
- Suspicious use of WriteProcessMemory
PID:3856 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#110⤵
- Suspicious use of WriteProcessMemory
PID:4804 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#111⤵
- Suspicious use of WriteProcessMemory
PID:1564 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#112⤵
- Suspicious use of WriteProcessMemory
PID:4028 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#113⤵
- Suspicious use of WriteProcessMemory
PID:2960 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#114⤵
- Suspicious use of WriteProcessMemory
PID:3708 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#115⤵
- Suspicious use of WriteProcessMemory
PID:4568 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#116⤵
- Suspicious use of WriteProcessMemory
PID:996 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#117⤵
- Suspicious use of WriteProcessMemory
PID:4984 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#118⤵
- Suspicious use of WriteProcessMemory
PID:2860 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#119⤵
- Suspicious use of WriteProcessMemory
PID:4776 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#120⤵
- Suspicious use of WriteProcessMemory
PID:1328 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#121⤵
- Suspicious use of WriteProcessMemory
PID:4532 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#122⤵
- Suspicious use of WriteProcessMemory
PID:4712 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#123⤵PID:624
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#124⤵PID:3104
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#125⤵PID:3312
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#126⤵
- System Location Discovery: System Language Discovery
PID:4864 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#127⤵PID:4260
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#128⤵
- System Location Discovery: System Language Discovery
PID:116 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#129⤵PID:4704
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#130⤵PID:2228
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#131⤵PID:2540
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#132⤵PID:2720
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#133⤵PID:3460
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#134⤵PID:2812
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#135⤵
- System Location Discovery: System Language Discovery
PID:2868 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#136⤵PID:4924
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#137⤵PID:5104
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#138⤵PID:4624
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#139⤵PID:2900
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#140⤵PID:2684
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#141⤵
- System Location Discovery: System Language Discovery
PID:1076 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#142⤵PID:3264
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#143⤵PID:1912
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#144⤵PID:3712
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#145⤵PID:4016
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#146⤵PID:4792
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#147⤵PID:560
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#148⤵PID:540
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#149⤵PID:3892
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#150⤵PID:4396
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#151⤵PID:724
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#152⤵PID:3636
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#153⤵PID:3344
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#154⤵PID:1084
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#155⤵PID:636
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#156⤵PID:3068
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#157⤵
- System Location Discovery: System Language Discovery
PID:2348 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#158⤵PID:1660
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#159⤵PID:2160
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#160⤵PID:1336
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#161⤵PID:1848
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#162⤵PID:372
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#163⤵PID:2576
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#164⤵PID:60
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#165⤵PID:4032
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#166⤵PID:3160
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#167⤵PID:4916
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#168⤵PID:784
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#169⤵PID:1968
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#170⤵PID:4536
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#171⤵PID:3296
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#172⤵PID:628
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#173⤵PID:3796
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#174⤵PID:2180
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#175⤵PID:3552
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#176⤵PID:1332
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#177⤵PID:1920
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#178⤵PID:4012
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#179⤵PID:3352
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#180⤵PID:680
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#181⤵PID:3984
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#182⤵PID:3792
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#183⤵PID:3108
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#184⤵
- System Location Discovery: System Language Discovery
PID:2528 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#185⤵PID:3884
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#186⤵PID:408
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#187⤵PID:1664
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#188⤵PID:5088
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#189⤵PID:3716
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#190⤵PID:3464
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#191⤵PID:2616
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#192⤵PID:3488
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#193⤵PID:3428
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#194⤵PID:1496
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#195⤵PID:3304
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#196⤵PID:2204
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#197⤵PID:4356
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#198⤵PID:4440
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#199⤵PID:936
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1100⤵PID:1860
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1101⤵PID:4988
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1102⤵
- System Location Discovery: System Language Discovery
PID:4564 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1103⤵PID:4480
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1104⤵PID:1516
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1105⤵PID:2976
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1106⤵PID:3800
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1107⤵PID:5020
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1108⤵PID:4856
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1109⤵PID:2696
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1110⤵PID:3520
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1111⤵PID:4048
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1112⤵PID:2108
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1113⤵PID:1292
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1114⤵PID:4784
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1115⤵PID:5128
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1116⤵PID:5140
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1117⤵PID:5156
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1118⤵PID:5172
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1119⤵PID:5184
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1120⤵PID:5196
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1121⤵PID:5208
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2516-2-0x0000000010000000-0x000000001002D000-memory.dll,#1122⤵PID:5224
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-