| ProcessID | ProcessName | Type | HANDLE |
|---|
| 2156 | \Device\HarddiskVolume1\Windows\System32\rundll32.exe | Directory | \KnownDlls |
| 2156 | \Device\HarddiskVolume1\Windows\System32\rundll32.exe | File | \Device\HarddiskVolume1\Users\xxx\Desktop |
| 2156 | \Device\HarddiskVolume1\Windows\System32\rundll32.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 2156 | \Device\HarddiskVolume1\Windows\System32\rundll32.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 2156 | \Device\HarddiskVolume1\Windows\System32\rundll32.exe | WindowStation | \Sessions\2\Windows\WindowStations\WinSta0 |
| 2156 | \Device\HarddiskVolume1\Windows\System32\rundll32.exe | Desktop | \Default |
| 2156 | \Device\HarddiskVolume1\Windows\System32\rundll32.exe | WindowStation | \Sessions\2\Windows\WindowStations\WinSta0 |
| 2156 | \Device\HarddiskVolume1\Windows\System32\rundll32.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\rundll32.exe.mui |
| 2156 | \Device\HarddiskVolume1\Windows\System32\rundll32.exe | Key | \REGISTRY\MACHINE |
| 2156 | \Device\HarddiskVolume1\Windows\System32\rundll32.exe | Key | \REGISTRY\USER\S-1-5-21-1275482342-1466935459-3063877345-1000\Software\Microsoft\Windows NT\CurrentVersion |
| 2156 | \Device\HarddiskVolume1\Windows\System32\rundll32.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 2156 | \Device\HarddiskVolume1\Windows\System32\rundll32.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Directory | \KnownDlls |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Directory | \KnownDlls32 |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | File | \Device\HarddiskVolume1\Windows |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Directory | \KnownDlls32 |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | File | \Device\HarddiskVolume1\Users\xxx\Desktop |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Key | \REGISTRY\MACHINE |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | WindowStation | \Sessions\2\Windows\WindowStations\WinSta0 |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Desktop | \Default |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | WindowStation | \Sessions\2\Windows\WindowStations\WinSta0 |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | File | \Device\HarddiskVolume1\Windows\SysWOW64\en-US\rundll32.exe.mui |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Directory | \Sessions\2\BaseNamedObjects |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Section | \BaseNamedObjects\3E486A30-85C8-406F-AA49-13128C973C71-x86 |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Section | \BaseNamedObjects\85A6147E-29F3-462C-9A02-F2BD8B1E8512-x86 |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | File | \Device\HarddiskVolume1\Windows\a |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | File | \Device\KsecDD |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | File | \Device\Nsi |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | File | \Device\NamedPipe\{6A1FA23E-6976-41A3-977C-10FFF48EC3B6} |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | File | \Device\Afd |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | File | \Device\Afd |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Mutant | \Sessions\2\BaseNamedObjects\HGFSMUTEX |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Section | \Sessions\2\BaseNamedObjects\HGFSMEMORY |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Key | \REGISTRY\USER |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | File | \Device\HarddiskVolume1\Windows\SysWOW64\en-US\KernelBase.dll.mui |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Key | \REGISTRY\USER\S-1-5-21-1275482342-1466935459-3063877345-1000 |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Key | \REGISTRY\USER\S-1-5-21-1275482342-1466935459-3063877345-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Key | \REGISTRY\USER\S-1-5-21-1275482342-1466935459-3063877345-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings |
| 2188 | \Device\HarddiskVolume1\Windows\SysWOW64\rundll32.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE |