Analysis
-
max time kernel
92s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
22-11-2024 20:00
Behavioral task
behavioral1
Sample
efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll
Resource
win10v2004-20241007-en
General
-
Target
efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll
-
Size
212KB
-
MD5
76b04ed06eedf8c7eb110df271f75960
-
SHA1
0c1748b1390eb1715cd41182564430217ebcaa5a
-
SHA256
efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463
-
SHA512
3eb285d800ab7eab49c85703c0f0a9885b2b9f201448bdb29e121968d51bdfa2805482a6d3259c20239550400df8f36a68d270e44928c3fd99554ac87f4f347b
-
SSDEEP
3072:qBirQnsv9Ouix+SLGAACKFZs/jysSl3kC00oxorhG43ViPrtW:Ai7FOujSLBGZsEUporI4liP5W
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4760 wrote to memory of 2872 4760 rundll32.exe 83 PID 4760 wrote to memory of 2872 4760 rundll32.exe 83 PID 4760 wrote to memory of 2872 4760 rundll32.exe 83 PID 2872 wrote to memory of 2836 2872 rundll32.exe 84 PID 2872 wrote to memory of 2836 2872 rundll32.exe 84 PID 2872 wrote to memory of 2836 2872 rundll32.exe 84 PID 2836 wrote to memory of 2708 2836 rundll32.exe 85 PID 2836 wrote to memory of 2708 2836 rundll32.exe 85 PID 2836 wrote to memory of 2708 2836 rundll32.exe 85 PID 2708 wrote to memory of 224 2708 rundll32.exe 86 PID 2708 wrote to memory of 224 2708 rundll32.exe 86 PID 2708 wrote to memory of 224 2708 rundll32.exe 86 PID 224 wrote to memory of 2524 224 rundll32.exe 87 PID 224 wrote to memory of 2524 224 rundll32.exe 87 PID 224 wrote to memory of 2524 224 rundll32.exe 87 PID 2524 wrote to memory of 1360 2524 rundll32.exe 88 PID 2524 wrote to memory of 1360 2524 rundll32.exe 88 PID 2524 wrote to memory of 1360 2524 rundll32.exe 88 PID 1360 wrote to memory of 1920 1360 rundll32.exe 89 PID 1360 wrote to memory of 1920 1360 rundll32.exe 89 PID 1360 wrote to memory of 1920 1360 rundll32.exe 89 PID 1920 wrote to memory of 4516 1920 rundll32.exe 90 PID 1920 wrote to memory of 4516 1920 rundll32.exe 90 PID 1920 wrote to memory of 4516 1920 rundll32.exe 90 PID 4516 wrote to memory of 4416 4516 rundll32.exe 91 PID 4516 wrote to memory of 4416 4516 rundll32.exe 91 PID 4516 wrote to memory of 4416 4516 rundll32.exe 91 PID 4416 wrote to memory of 2852 4416 rundll32.exe 92 PID 4416 wrote to memory of 2852 4416 rundll32.exe 92 PID 4416 wrote to memory of 2852 4416 rundll32.exe 92 PID 2852 wrote to memory of 3924 2852 rundll32.exe 93 PID 2852 wrote to memory of 3924 2852 rundll32.exe 93 PID 2852 wrote to memory of 3924 2852 rundll32.exe 93 PID 3924 wrote to memory of 1068 3924 rundll32.exe 94 PID 3924 wrote to memory of 1068 3924 rundll32.exe 94 PID 3924 wrote to memory of 1068 3924 rundll32.exe 94 PID 1068 wrote to memory of 2684 1068 rundll32.exe 95 PID 1068 wrote to memory of 2684 1068 rundll32.exe 95 PID 1068 wrote to memory of 2684 1068 rundll32.exe 95 PID 2684 wrote to memory of 3940 2684 rundll32.exe 96 PID 2684 wrote to memory of 3940 2684 rundll32.exe 96 PID 2684 wrote to memory of 3940 2684 rundll32.exe 96 PID 3940 wrote to memory of 2496 3940 rundll32.exe 97 PID 3940 wrote to memory of 2496 3940 rundll32.exe 97 PID 3940 wrote to memory of 2496 3940 rundll32.exe 97 PID 2496 wrote to memory of 4120 2496 rundll32.exe 98 PID 2496 wrote to memory of 4120 2496 rundll32.exe 98 PID 2496 wrote to memory of 4120 2496 rundll32.exe 98 PID 4120 wrote to memory of 1784 4120 rundll32.exe 99 PID 4120 wrote to memory of 1784 4120 rundll32.exe 99 PID 4120 wrote to memory of 1784 4120 rundll32.exe 99 PID 1784 wrote to memory of 1988 1784 rundll32.exe 100 PID 1784 wrote to memory of 1988 1784 rundll32.exe 100 PID 1784 wrote to memory of 1988 1784 rundll32.exe 100 PID 1988 wrote to memory of 4380 1988 rundll32.exe 101 PID 1988 wrote to memory of 4380 1988 rundll32.exe 101 PID 1988 wrote to memory of 4380 1988 rundll32.exe 101 PID 4380 wrote to memory of 1808 4380 rundll32.exe 102 PID 4380 wrote to memory of 1808 4380 rundll32.exe 102 PID 4380 wrote to memory of 1808 4380 rundll32.exe 102 PID 1808 wrote to memory of 4240 1808 rundll32.exe 103 PID 1808 wrote to memory of 4240 1808 rundll32.exe 103 PID 1808 wrote to memory of 4240 1808 rundll32.exe 103 PID 4240 wrote to memory of 1968 4240 rundll32.exe 104
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4760 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2872 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#13⤵
- Suspicious use of WriteProcessMemory
PID:2836 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#14⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2708 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#15⤵
- Suspicious use of WriteProcessMemory
PID:224 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#16⤵
- Suspicious use of WriteProcessMemory
PID:2524 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#17⤵
- Suspicious use of WriteProcessMemory
PID:1360 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#18⤵
- Suspicious use of WriteProcessMemory
PID:1920 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#19⤵
- Suspicious use of WriteProcessMemory
PID:4516 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#110⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4416 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#111⤵
- Suspicious use of WriteProcessMemory
PID:2852 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#112⤵
- Suspicious use of WriteProcessMemory
PID:3924 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#113⤵
- Suspicious use of WriteProcessMemory
PID:1068 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#114⤵
- Suspicious use of WriteProcessMemory
PID:2684 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#115⤵
- Suspicious use of WriteProcessMemory
PID:3940 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#116⤵
- Suspicious use of WriteProcessMemory
PID:2496 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#117⤵
- Suspicious use of WriteProcessMemory
PID:4120 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#118⤵
- Suspicious use of WriteProcessMemory
PID:1784 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#119⤵
- Suspicious use of WriteProcessMemory
PID:1988 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#120⤵
- Suspicious use of WriteProcessMemory
PID:4380 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#121⤵
- Suspicious use of WriteProcessMemory
PID:1808 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#122⤵
- Suspicious use of WriteProcessMemory
PID:4240 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#123⤵PID:1968
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#124⤵PID:4876
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#125⤵PID:1912
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#126⤵PID:4716
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#127⤵PID:2320
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#128⤵PID:1408
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#129⤵PID:3860
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#130⤵PID:4360
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#131⤵PID:3456
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#132⤵PID:5068
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#133⤵PID:3148
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#134⤵PID:4484
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#135⤵PID:860
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#136⤵PID:3612
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#137⤵PID:1328
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#138⤵PID:3748
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#139⤵PID:3228
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#140⤵PID:2704
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#141⤵PID:3160
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#142⤵PID:4016
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#143⤵PID:1828
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#144⤵PID:3432
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#145⤵PID:1092
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#146⤵PID:3960
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#147⤵PID:3684
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#148⤵PID:644
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#149⤵PID:440
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#150⤵PID:4044
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#151⤵PID:5100
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#152⤵PID:1164
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#153⤵PID:4800
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#154⤵PID:3660
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#155⤵
- System Location Discovery: System Language Discovery
PID:3248 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#156⤵PID:2336
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#157⤵PID:4776
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#158⤵PID:2240
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#159⤵PID:4736
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#160⤵PID:1796
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#161⤵PID:2952
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#162⤵PID:2792
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#163⤵PID:4256
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#164⤵PID:1916
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#165⤵PID:412
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#166⤵PID:5024
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#167⤵PID:4432
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#168⤵PID:4384
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#169⤵PID:5044
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#170⤵PID:5004
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#171⤵PID:2324
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#172⤵PID:2380
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#173⤵PID:3968
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#174⤵PID:1844
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#175⤵PID:4436
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#176⤵PID:3868
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#177⤵PID:832
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#178⤵PID:540
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#179⤵
- System Location Discovery: System Language Discovery
PID:3468 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#180⤵
- System Location Discovery: System Language Discovery
PID:1888 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#181⤵PID:396
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#182⤵PID:1688
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#183⤵PID:1464
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#184⤵PID:3572
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#185⤵PID:8
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#186⤵PID:1256
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#187⤵PID:5032
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#188⤵PID:920
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#189⤵PID:4532
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#190⤵PID:3916
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#191⤵PID:1872
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#192⤵
- System Location Discovery: System Language Discovery
PID:2664 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#193⤵PID:952
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#194⤵PID:2460
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#195⤵
- System Location Discovery: System Language Discovery
PID:4024 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#196⤵PID:2996
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#197⤵PID:3652
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#198⤵PID:3812
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#199⤵PID:1660
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1100⤵PID:1896
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1101⤵PID:4332
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1102⤵PID:4328
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1103⤵PID:3656
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1104⤵PID:4720
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1105⤵PID:3584
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1106⤵PID:4884
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1107⤵PID:1344
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1108⤵PID:2204
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1109⤵PID:220
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1110⤵PID:4068
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1111⤵PID:5128
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1112⤵PID:5144
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1113⤵PID:5156
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1114⤵PID:5168
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1115⤵
- System Location Discovery: System Language Discovery
PID:5184 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1116⤵PID:5200
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1117⤵PID:5212
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1118⤵PID:5228
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1119⤵PID:5244
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1120⤵PID:5260
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1121⤵PID:5276
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efebbcefba5eec94758d277c8e4905bfa9244051b79af49e8d8c4f97e7d63463N.dll,#1122⤵PID:5292
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-