Source: Yara match | File source: WoyEsA8v7H.dll, type: SAMPLE |
Source: Yara match | File source: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000015.00000002.590312640.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000D.00000002.552879000.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000002.545510346.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0.2.loaddll32.exe.6e1a0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 22.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 21.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: WoyEsA8v7H.dll, type: SAMPLE |
Source: Yara match | File source: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000015.00000002.590312640.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000D.00000002.552879000.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000002.545510346.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0.2.loaddll32.exe.6e1a0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 22.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 21.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E1E3E00 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E2167D9 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E1E1C3C |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E2084BB |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E2202BC |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E210396 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E1FE079 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E1F5150 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_6E1E3E00 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_6E1E1C3C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_6E2167D9 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_6E2084BB |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_6E2202BC |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_6E210396 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_6E1FE079 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_6E1F5150 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 22_2_6E1E3E00 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 22_2_6E1E1C3C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 22_2_6E2167D9 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 22_2_6E2084BB |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 22_2_6E2202BC |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 22_2_6E210396 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 22_2_6E1FE079 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 22_2_6E1F5150 |
Source: C:\Windows\System32\loaddll32.exe | Code function: String function: 6E1E0990 appears 32 times |
Source: C:\Windows\System32\loaddll32.exe | Code function: String function: 6E1E00AC appears 100 times |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: String function: 6E1E0990 appears 68 times |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: String function: 6E1E00E0 appears 58 times |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: String function: 6E1E00AC appears 200 times |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: String function: 6E2023A9 appears 36 times |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6104:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5812:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6292:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6036:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5436:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6108:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1492:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1000:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6208:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4576:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5440:120:WilError_01 |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\WoyEsA8v7H.dll' |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\WoyEsA8v7H.dll',#1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Connectdark |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\WoyEsA8v7H.dll',#1 |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Mindlake |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Porthigh |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Problemscale |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,WingGrass |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\WoyEsA8v7H.dll',#1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Connectdark |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Mindlake |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Porthigh |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Problemscale |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,WingGrass |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\WoyEsA8v7H.dll',#1 |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E1E0075 push ecx; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E1E09D6 push ecx; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_6E1E09D6 push ecx; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_6E1E0075 push ecx; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 22_2_6E1E09D6 push ecx; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 22_2_6E1E0075 push ecx; ret |
Source: Yara match | File source: WoyEsA8v7H.dll, type: SAMPLE |
Source: Yara match | File source: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000015.00000002.590312640.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000D.00000002.552879000.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000002.545510346.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0.2.loaddll32.exe.6e1a0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 22.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 21.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E201F6D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E1E07A7 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E1E0288 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_6E201F6D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_6E1E07A7 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_6E1E0288 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 22_2_6E201F6D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 22_2_6E1E07A7 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 22_2_6E1E0288 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\WoyEsA8v7H.dll',#1 |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m |
Source: loaddll32.exe, 00000000.00000002.556995982.00000000013C0000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.523374046.0000000003B80000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.599260061.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 0000000D.00000002.535562022.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 00000010.00000002.529667252.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.590270593.00000000038C0000.00000002.00000001.sdmp, rundll32.exe, 00000016.00000002.554215165.0000000003420000.00000002.00000001.sdmp | Binary or memory string: Program Manager |
Source: loaddll32.exe, 00000000.00000002.556995982.00000000013C0000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.523374046.0000000003B80000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.599260061.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 0000000D.00000002.535562022.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 00000010.00000002.529667252.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.590270593.00000000038C0000.00000002.00000001.sdmp, rundll32.exe, 00000016.00000002.554215165.0000000003420000.00000002.00000001.sdmp | Binary or memory string: Shell_TrayWnd |
Source: loaddll32.exe, 00000000.00000002.556995982.00000000013C0000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.523374046.0000000003B80000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.599260061.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 0000000D.00000002.535562022.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 00000010.00000002.529667252.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.590270593.00000000038C0000.00000002.00000001.sdmp, rundll32.exe, 00000016.00000002.554215165.0000000003420000.00000002.00000001.sdmp | Binary or memory string: Progman |
Source: loaddll32.exe, 00000000.00000002.556995982.00000000013C0000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.523374046.0000000003B80000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.599260061.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 0000000D.00000002.535562022.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 00000010.00000002.529667252.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.590270593.00000000038C0000.00000002.00000001.sdmp, rundll32.exe, 00000016.00000002.554215165.0000000003420000.00000002.00000001.sdmp | Binary or memory string: Progmanlock |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
Source: C:\Windows\System32\loaddll32.exe | Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: ___crtGetLocaleInfoEx, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: ___crtGetLocaleInfoEx, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: ___crtGetLocaleInfoEx, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
Source: Yara match | File source: WoyEsA8v7H.dll, type: SAMPLE |
Source: Yara match | File source: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000015.00000002.590312640.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000D.00000002.552879000.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000002.545510346.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0.2.loaddll32.exe.6e1a0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 22.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 21.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: WoyEsA8v7H.dll, type: SAMPLE |
Source: Yara match | File source: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000015.00000002.590312640.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000D.00000002.552879000.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000002.545510346.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0.2.loaddll32.exe.6e1a0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 22.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 21.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE |