Analysis
-
max time kernel
35s -
max time network
35s -
platform
windows10-2004_x64 -
resource
win10v2004-20250610-en -
resource tags
arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system -
submitted
03/07/2025, 05:54
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
funny.dll
Resource
win10v2004-20250610-en
2 signatures
150 seconds
General
-
Target
funny.dll
-
Size
136KB
-
MD5
a35486afd6f6f84600f0e629a3d6ba8d
-
SHA1
a9ce4598dd8cf9b69b66fb3cdc26d733ae39b188
-
SHA256
dca3ea2ead09196caa448daef6a052f3833797176d3fb4c9f30650cd0714cded
-
SHA512
1acf4e4117feb1f1bda8388ca81019eb50374f45bd2d7631132c1afb470a156a1caffb05ace1a252d580c6d32665924ea300ab1bcc7f2ce5fefda390345ae7d4
-
SSDEEP
1536:y80xz3hmi6O6OZo7im0c0mkFa+xOZof6jQ5qnXu9kIcbVyUtvUqn4SGpYr66lHhU:Z0xz3hn60Zo7iMpxqPs4kazI4d4e9
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 224 wrote to memory of 4988 224 rundll32.exe 84 PID 224 wrote to memory of 4988 224 rundll32.exe 84 PID 224 wrote to memory of 4988 224 rundll32.exe 84 PID 4988 wrote to memory of 4444 4988 rundll32.exe 85 PID 4988 wrote to memory of 4444 4988 rundll32.exe 85 PID 4988 wrote to memory of 4444 4988 rundll32.exe 85 PID 4444 wrote to memory of 4612 4444 rundll32.exe 86 PID 4444 wrote to memory of 4612 4444 rundll32.exe 86 PID 4444 wrote to memory of 4612 4444 rundll32.exe 86 PID 4612 wrote to memory of 2432 4612 rundll32.exe 87 PID 4612 wrote to memory of 2432 4612 rundll32.exe 87 PID 4612 wrote to memory of 2432 4612 rundll32.exe 87 PID 2432 wrote to memory of 1252 2432 rundll32.exe 88 PID 2432 wrote to memory of 1252 2432 rundll32.exe 88 PID 2432 wrote to memory of 1252 2432 rundll32.exe 88 PID 1252 wrote to memory of 2148 1252 rundll32.exe 89 PID 1252 wrote to memory of 2148 1252 rundll32.exe 89 PID 1252 wrote to memory of 2148 1252 rundll32.exe 89 PID 2148 wrote to memory of 552 2148 rundll32.exe 90 PID 2148 wrote to memory of 552 2148 rundll32.exe 90 PID 2148 wrote to memory of 552 2148 rundll32.exe 90 PID 552 wrote to memory of 464 552 rundll32.exe 91 PID 552 wrote to memory of 464 552 rundll32.exe 91 PID 552 wrote to memory of 464 552 rundll32.exe 91 PID 464 wrote to memory of 724 464 rundll32.exe 92 PID 464 wrote to memory of 724 464 rundll32.exe 92 PID 464 wrote to memory of 724 464 rundll32.exe 92 PID 724 wrote to memory of 1368 724 rundll32.exe 93 PID 724 wrote to memory of 1368 724 rundll32.exe 93 PID 724 wrote to memory of 1368 724 rundll32.exe 93 PID 1368 wrote to memory of 1948 1368 rundll32.exe 94 PID 1368 wrote to memory of 1948 1368 rundll32.exe 94 PID 1368 wrote to memory of 1948 1368 rundll32.exe 94 PID 1948 wrote to memory of 236 1948 rundll32.exe 95 PID 1948 wrote to memory of 236 1948 rundll32.exe 95 PID 1948 wrote to memory of 236 1948 rundll32.exe 95 PID 236 wrote to memory of 3396 236 rundll32.exe 96 PID 236 wrote to memory of 3396 236 rundll32.exe 96 PID 236 wrote to memory of 3396 236 rundll32.exe 96 PID 3396 wrote to memory of 3712 3396 rundll32.exe 97 PID 3396 wrote to memory of 3712 3396 rundll32.exe 97 PID 3396 wrote to memory of 3712 3396 rundll32.exe 97 PID 3712 wrote to memory of 1416 3712 rundll32.exe 98 PID 3712 wrote to memory of 1416 3712 rundll32.exe 98 PID 3712 wrote to memory of 1416 3712 rundll32.exe 98 PID 1416 wrote to memory of 4984 1416 rundll32.exe 99 PID 1416 wrote to memory of 4984 1416 rundll32.exe 99 PID 1416 wrote to memory of 4984 1416 rundll32.exe 99 PID 4984 wrote to memory of 692 4984 rundll32.exe 100 PID 4984 wrote to memory of 692 4984 rundll32.exe 100 PID 4984 wrote to memory of 692 4984 rundll32.exe 100 PID 692 wrote to memory of 744 692 rundll32.exe 101 PID 692 wrote to memory of 744 692 rundll32.exe 101 PID 692 wrote to memory of 744 692 rundll32.exe 101 PID 744 wrote to memory of 3956 744 rundll32.exe 102 PID 744 wrote to memory of 3956 744 rundll32.exe 102 PID 744 wrote to memory of 3956 744 rundll32.exe 102 PID 3956 wrote to memory of 2924 3956 rundll32.exe 103 PID 3956 wrote to memory of 2924 3956 rundll32.exe 103 PID 3956 wrote to memory of 2924 3956 rundll32.exe 103 PID 2924 wrote to memory of 4600 2924 rundll32.exe 104 PID 2924 wrote to memory of 4600 2924 rundll32.exe 104 PID 2924 wrote to memory of 4600 2924 rundll32.exe 104 PID 4600 wrote to memory of 4800 4600 rundll32.exe 105
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:224 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:4988 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#13⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4444 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#14⤵
- Suspicious use of WriteProcessMemory
PID:4612 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#15⤵
- Suspicious use of WriteProcessMemory
PID:2432 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#16⤵
- Suspicious use of WriteProcessMemory
PID:1252 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#17⤵
- Suspicious use of WriteProcessMemory
PID:2148 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#18⤵
- Suspicious use of WriteProcessMemory
PID:552 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#19⤵
- Suspicious use of WriteProcessMemory
PID:464 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#110⤵
- Suspicious use of WriteProcessMemory
PID:724 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#111⤵
- Suspicious use of WriteProcessMemory
PID:1368 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#112⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1948 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#113⤵
- Suspicious use of WriteProcessMemory
PID:236 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#114⤵
- Suspicious use of WriteProcessMemory
PID:3396 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#115⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3712 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#116⤵
- Suspicious use of WriteProcessMemory
PID:1416 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#117⤵
- Suspicious use of WriteProcessMemory
PID:4984 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#118⤵
- Suspicious use of WriteProcessMemory
PID:692 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#119⤵
- Suspicious use of WriteProcessMemory
PID:744 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#120⤵
- Suspicious use of WriteProcessMemory
PID:3956 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#121⤵
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#122⤵
- Suspicious use of WriteProcessMemory
PID:4600 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#123⤵PID:4800
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#124⤵PID:2324
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#125⤵PID:4156
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#126⤵PID:1704
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#127⤵PID:3940
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#128⤵PID:4780
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#129⤵PID:320
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#130⤵PID:4136
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#131⤵PID:1120
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#132⤵PID:4044
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#133⤵PID:1796
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#134⤵PID:4232
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#135⤵PID:3312
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#136⤵PID:2448
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#137⤵PID:4328
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#138⤵PID:4032
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#139⤵PID:4152
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#140⤵PID:1576
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#141⤵PID:2572
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#142⤵
- System Location Discovery: System Language Discovery
PID:4980 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#143⤵PID:1068
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#144⤵PID:4860
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#145⤵PID:2320
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#146⤵PID:1084
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#147⤵PID:4624
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#148⤵PID:3960
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#149⤵PID:4424
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#150⤵PID:456
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#151⤵PID:2408
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#152⤵PID:1656
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#153⤵PID:4248
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#154⤵PID:4492
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#155⤵PID:2836
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#156⤵PID:392
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#157⤵PID:4996
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#158⤵PID:3544
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#159⤵PID:1900
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#160⤵PID:1052
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#161⤵PID:1376
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#162⤵PID:3688
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#163⤵
- System Location Discovery: System Language Discovery
PID:1268 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#164⤵PID:3612
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#165⤵PID:2084
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#166⤵PID:5028
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#167⤵PID:1276
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#168⤵PID:1472
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#169⤵PID:2288
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#170⤵PID:3244
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#171⤵PID:212
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#172⤵PID:664
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#173⤵PID:436
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#174⤵PID:3808
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#175⤵PID:1220
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#176⤵PID:1436
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#177⤵PID:3656
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#178⤵PID:2852
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#179⤵PID:4376
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#180⤵PID:2712
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#181⤵PID:800
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#182⤵PID:1284
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#183⤵PID:4312
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#184⤵PID:4652
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#185⤵PID:3404
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#186⤵PID:3840
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#187⤵PID:5144
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#188⤵PID:5176
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#189⤵PID:5192
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#190⤵PID:5212
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#191⤵PID:5224
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#192⤵PID:5244
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#193⤵PID:5260
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#194⤵PID:5276
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#195⤵PID:5288
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#196⤵PID:5304
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#197⤵PID:5320
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#198⤵PID:5332
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#199⤵PID:5344
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1100⤵PID:5372
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1101⤵
- System Location Discovery: System Language Discovery
PID:5388 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1102⤵PID:5400
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1103⤵PID:5424
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1104⤵PID:5436
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1105⤵PID:5448
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1106⤵PID:5460
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1107⤵PID:5480
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1108⤵PID:5492
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1109⤵PID:5504
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1110⤵PID:5524
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1111⤵PID:5544
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1112⤵PID:5556
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1113⤵PID:5572
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1114⤵PID:5592
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1115⤵PID:5608
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1116⤵PID:5628
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1117⤵PID:5672
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1118⤵PID:5688
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1119⤵PID:5708
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1120⤵PID:5736
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1121⤵PID:5748
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\funny.dll,#1122⤵PID:5764
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-