Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
20/11/2024, 20:23
Behavioral task
behavioral1
Sample
140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll
Resource
win10v2004-20241007-en
General
-
Target
140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll
-
Size
56KB
-
MD5
72ba0d34cac5dedd987c8f89ccca1e00
-
SHA1
4967b252b030e19cc1accb2cdf9d87a57b390f53
-
SHA256
140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259
-
SHA512
652a2dcf2da01083ee96a66ad42ab6cf920cbf5c7d2ecc99fb8250984af57230c1127a91573885736907bc1f0d28cfa631af6f54f11df012f09239df880e7950
-
SSDEEP
768:A2iWCU0YgGAvZyC5PLHBjderMpEvpZi7/kMPWq9aky77XTm9:sWF0Yhwd5zHzeApsnI/eZDLI
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 748 wrote to memory of 3484 748 rundll32.exe 83 PID 748 wrote to memory of 3484 748 rundll32.exe 83 PID 748 wrote to memory of 3484 748 rundll32.exe 83 PID 3484 wrote to memory of 1800 3484 rundll32.exe 84 PID 3484 wrote to memory of 1800 3484 rundll32.exe 84 PID 3484 wrote to memory of 1800 3484 rundll32.exe 84 PID 1800 wrote to memory of 2232 1800 rundll32.exe 85 PID 1800 wrote to memory of 2232 1800 rundll32.exe 85 PID 1800 wrote to memory of 2232 1800 rundll32.exe 85 PID 2232 wrote to memory of 2408 2232 rundll32.exe 86 PID 2232 wrote to memory of 2408 2232 rundll32.exe 86 PID 2232 wrote to memory of 2408 2232 rundll32.exe 86 PID 2408 wrote to memory of 4456 2408 rundll32.exe 87 PID 2408 wrote to memory of 4456 2408 rundll32.exe 87 PID 2408 wrote to memory of 4456 2408 rundll32.exe 87 PID 4456 wrote to memory of 2368 4456 rundll32.exe 88 PID 4456 wrote to memory of 2368 4456 rundll32.exe 88 PID 4456 wrote to memory of 2368 4456 rundll32.exe 88 PID 2368 wrote to memory of 4292 2368 rundll32.exe 89 PID 2368 wrote to memory of 4292 2368 rundll32.exe 89 PID 2368 wrote to memory of 4292 2368 rundll32.exe 89 PID 4292 wrote to memory of 2380 4292 rundll32.exe 90 PID 4292 wrote to memory of 2380 4292 rundll32.exe 90 PID 4292 wrote to memory of 2380 4292 rundll32.exe 90 PID 2380 wrote to memory of 1980 2380 rundll32.exe 91 PID 2380 wrote to memory of 1980 2380 rundll32.exe 91 PID 2380 wrote to memory of 1980 2380 rundll32.exe 91 PID 1980 wrote to memory of 880 1980 rundll32.exe 92 PID 1980 wrote to memory of 880 1980 rundll32.exe 92 PID 1980 wrote to memory of 880 1980 rundll32.exe 92 PID 880 wrote to memory of 3888 880 rundll32.exe 93 PID 880 wrote to memory of 3888 880 rundll32.exe 93 PID 880 wrote to memory of 3888 880 rundll32.exe 93 PID 3888 wrote to memory of 3092 3888 rundll32.exe 94 PID 3888 wrote to memory of 3092 3888 rundll32.exe 94 PID 3888 wrote to memory of 3092 3888 rundll32.exe 94 PID 3092 wrote to memory of 1820 3092 rundll32.exe 95 PID 3092 wrote to memory of 1820 3092 rundll32.exe 95 PID 3092 wrote to memory of 1820 3092 rundll32.exe 95 PID 1820 wrote to memory of 4736 1820 rundll32.exe 96 PID 1820 wrote to memory of 4736 1820 rundll32.exe 96 PID 1820 wrote to memory of 4736 1820 rundll32.exe 96 PID 4736 wrote to memory of 4320 4736 rundll32.exe 97 PID 4736 wrote to memory of 4320 4736 rundll32.exe 97 PID 4736 wrote to memory of 4320 4736 rundll32.exe 97 PID 4320 wrote to memory of 1524 4320 rundll32.exe 98 PID 4320 wrote to memory of 1524 4320 rundll32.exe 98 PID 4320 wrote to memory of 1524 4320 rundll32.exe 98 PID 1524 wrote to memory of 3528 1524 rundll32.exe 99 PID 1524 wrote to memory of 3528 1524 rundll32.exe 99 PID 1524 wrote to memory of 3528 1524 rundll32.exe 99 PID 3528 wrote to memory of 2952 3528 rundll32.exe 100 PID 3528 wrote to memory of 2952 3528 rundll32.exe 100 PID 3528 wrote to memory of 2952 3528 rundll32.exe 100 PID 2952 wrote to memory of 5004 2952 rundll32.exe 101 PID 2952 wrote to memory of 5004 2952 rundll32.exe 101 PID 2952 wrote to memory of 5004 2952 rundll32.exe 101 PID 5004 wrote to memory of 1220 5004 rundll32.exe 102 PID 5004 wrote to memory of 1220 5004 rundll32.exe 102 PID 5004 wrote to memory of 1220 5004 rundll32.exe 102 PID 1220 wrote to memory of 1104 1220 rundll32.exe 103 PID 1220 wrote to memory of 1104 1220 rundll32.exe 103 PID 1220 wrote to memory of 1104 1220 rundll32.exe 103 PID 1104 wrote to memory of 4352 1104 rundll32.exe 104
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:748 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:3484 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#13⤵
- Suspicious use of WriteProcessMemory
PID:1800 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#14⤵
- Suspicious use of WriteProcessMemory
PID:2232 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#15⤵
- Suspicious use of WriteProcessMemory
PID:2408 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#16⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4456 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#17⤵
- Suspicious use of WriteProcessMemory
PID:2368 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#18⤵
- Suspicious use of WriteProcessMemory
PID:4292 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#19⤵
- Suspicious use of WriteProcessMemory
PID:2380 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#110⤵
- Suspicious use of WriteProcessMemory
PID:1980 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#111⤵
- Suspicious use of WriteProcessMemory
PID:880 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#112⤵
- Suspicious use of WriteProcessMemory
PID:3888 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#113⤵
- Suspicious use of WriteProcessMemory
PID:3092 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#114⤵
- Suspicious use of WriteProcessMemory
PID:1820 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#115⤵
- Suspicious use of WriteProcessMemory
PID:4736 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#116⤵
- Suspicious use of WriteProcessMemory
PID:4320 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#117⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1524 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#118⤵
- Suspicious use of WriteProcessMemory
PID:3528 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#119⤵
- Suspicious use of WriteProcessMemory
PID:2952 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#120⤵
- Suspicious use of WriteProcessMemory
PID:5004 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#121⤵
- Suspicious use of WriteProcessMemory
PID:1220 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#122⤵
- Suspicious use of WriteProcessMemory
PID:1104 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#123⤵PID:4352
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#124⤵PID:2104
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#125⤵PID:3360
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#126⤵PID:1688
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#127⤵PID:4488
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#128⤵PID:4452
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#129⤵PID:2688
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#130⤵PID:4160
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#131⤵PID:1056
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#132⤵PID:2588
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#133⤵PID:1748
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#134⤵PID:4924
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#135⤵PID:1228
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#136⤵PID:2168
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#137⤵PID:3416
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#138⤵PID:3136
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#139⤵PID:632
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#140⤵PID:5000
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#141⤵PID:3224
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#142⤵
- System Location Discovery: System Language Discovery
PID:1208 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#143⤵PID:4372
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#144⤵PID:1700
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#145⤵PID:4860
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#146⤵
- System Location Discovery: System Language Discovery
PID:4776 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#147⤵PID:4164
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#148⤵PID:4112
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#149⤵PID:1596
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#150⤵PID:1420
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#151⤵PID:3436
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#152⤵PID:2052
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#153⤵PID:1624
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#154⤵
- System Location Discovery: System Language Discovery
PID:5076 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#155⤵PID:3960
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#156⤵PID:1664
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#157⤵PID:1468
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#158⤵PID:1940
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#159⤵PID:3984
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#160⤵PID:1452
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#161⤵PID:2088
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#162⤵PID:712
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#163⤵PID:3232
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#164⤵PID:2348
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#165⤵PID:3596
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#166⤵PID:4984
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#167⤵PID:2940
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#168⤵PID:3796
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#169⤵PID:2988
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#170⤵
- System Location Discovery: System Language Discovery
PID:3444 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#171⤵PID:4724
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#172⤵PID:3100
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#173⤵PID:4360
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#174⤵
- System Location Discovery: System Language Discovery
PID:5116 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#175⤵PID:4528
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#176⤵PID:4616
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#177⤵PID:4392
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#178⤵
- System Location Discovery: System Language Discovery
PID:2236 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#179⤵PID:2628
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#180⤵PID:3508
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#181⤵PID:4680
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#182⤵PID:1100
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#183⤵PID:4844
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#184⤵PID:2932
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#185⤵
- System Location Discovery: System Language Discovery
PID:1780 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#186⤵PID:3132
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#187⤵PID:2028
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#188⤵PID:2656
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#189⤵PID:3280
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#190⤵
- System Location Discovery: System Language Discovery
PID:1640 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#191⤵PID:2724
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#192⤵PID:2584
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#193⤵PID:780
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#194⤵PID:3920
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#195⤵PID:2140
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#196⤵PID:920
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#197⤵PID:1928
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#198⤵PID:1952
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#199⤵PID:4836
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1100⤵PID:1892
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1101⤵PID:396
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1102⤵PID:1080
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1103⤵PID:4432
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1104⤵PID:5056
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1105⤵PID:3244
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1106⤵PID:5060
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1107⤵PID:1532
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1108⤵PID:1660
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1109⤵PID:1332
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1110⤵PID:3332
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1111⤵PID:2228
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1112⤵PID:4908
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1113⤵PID:4404
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1114⤵PID:4260
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1115⤵PID:2044
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1116⤵PID:5132
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1117⤵PID:5148
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1118⤵PID:5164
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1119⤵PID:5180
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1120⤵PID:5196
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1121⤵PID:5212
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\140b144166d00a52bb7fc5affa59be089088929f755c560817ba445470bd6259.dll,#1122⤵PID:5228
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-