Source: Yara match | File source: 00000011.00000002.531717710.0000000140001000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000025.00000002.532357019.0000000140001000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000015.00000002.531718093.0000000140001000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.531527593.0000000140001000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000014.00000002.531894805.0000000140001000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000022.00000002.533238918.0000000140001000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.531244676.0000000140001000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000001C.00000002.532059437.0000000140001000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000008.00000002.531418646.0000000140001000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000021.00000002.532290767.0000000140001000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000E.00000002.531716160.0000000140001000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000001E.00000002.532228237.0000000140001000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.531206986.0000000140001000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.531295536.0000000140001000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.531585014.0000000140001000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000028.00000002.532418928.0000000140001000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000018.00000002.531937010.0000000140001000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000001A.00000002.531718874.0000000140001000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000001F.00000002.532276672.0000000140001000.00000020.00020000.sdmp, type: MEMORY |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400421C8 | 1_2_00000001400421C8 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400431CC | 1_2_00000001400431CC |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400504E4 | 1_2_00000001400504E4 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014003A688 | 1_2_000000014003A688 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014004271C | 1_2_000000014004271C |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400447B8 | 1_2_00000001400447B8 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140027954 | 1_2_0000000140027954 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140053AF0 | 1_2_0000000140053AF0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140045BE0 | 1_2_0000000140045BE0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014004ED58 | 1_2_000000014004ED58 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140026FF0 | 1_2_0000000140026FF0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140019054 | 1_2_0000000140019054 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014001C05C | 1_2_000000014001C05C |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140005078 | 1_2_0000000140005078 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140053094 | 1_2_0000000140053094 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400330C4 | 1_2_00000001400330C4 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014003B0C8 | 1_2_000000014003B0C8 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400380D0 | 1_2_00000001400380D0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014003F0FC | 1_2_000000014003F0FC |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140063102 | 1_2_0000000140063102 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140052110 | 1_2_0000000140052110 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014001311C | 1_2_000000014001311C |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140001154 | 1_2_0000000140001154 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400311B0 | 1_2_00000001400311B0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400021C8 | 1_2_00000001400021C8 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400231DC | 1_2_00000001400231DC |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014006D1F0 | 1_2_000000014006D1F0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140032214 | 1_2_0000000140032214 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002A214 | 1_2_000000014002A214 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002E228 | 1_2_000000014002E228 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140035268 | 1_2_0000000140035268 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140046264 | 1_2_0000000140046264 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140069278 | 1_2_0000000140069278 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002F278 | 1_2_000000014002F278 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014004B288 | 1_2_000000014004B288 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140068292 | 1_2_0000000140068292 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400362A0 | 1_2_00000001400362A0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400172A8 | 1_2_00000001400172A8 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014001E2E4 | 1_2_000000014001E2E4 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140029320 | 1_2_0000000140029320 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014000732C | 1_2_000000014000732C |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002C348 | 1_2_000000014002C348 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140038424 | 1_2_0000000140038424 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014006B428 | 1_2_000000014006B428 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014005343C | 1_2_000000014005343C |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014005B470 | 1_2_000000014005B470 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014004F4C8 | 1_2_000000014004F4C8 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014001B52C | 1_2_000000014001B52C |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140026540 | 1_2_0000000140026540 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140044584 | 1_2_0000000140044584 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140061598 | 1_2_0000000140061598 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014004759C | 1_2_000000014004759C |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400215FC | 1_2_00000001400215FC |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140051620 | 1_2_0000000140051620 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140032648 | 1_2_0000000140032648 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140053644 | 1_2_0000000140053644 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140067663 | 1_2_0000000140067663 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014001A66C | 1_2_000000014001A66C |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014003C6B0 | 1_2_000000014003C6B0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014001D6C4 | 1_2_000000014001D6C4 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400356F4 | 1_2_00000001400356F4 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014004F708 | 1_2_000000014004F708 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140024718 | 1_2_0000000140024718 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014001276C | 1_2_000000014001276C |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014000F76C | 1_2_000000014000F76C |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140056790 | 1_2_0000000140056790 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400557DC | 1_2_00000001400557DC |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140057820 | 1_2_0000000140057820 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014003E8E0 | 1_2_000000014003E8E0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400258FC | 1_2_00000001400258FC |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014005C8FC | 1_2_000000014005C8FC |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014006D904 | 1_2_000000014006D904 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140005918 | 1_2_0000000140005918 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140020924 | 1_2_0000000140020924 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140068928 | 1_2_0000000140068928 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140031928 | 1_2_0000000140031928 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140019928 | 1_2_0000000140019928 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140024940 | 1_2_0000000140024940 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002D95C | 1_2_000000014002D95C |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140032964 | 1_2_0000000140032964 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014005497C | 1_2_000000014005497C |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140033984 | 1_2_0000000140033984 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400479E0 | 1_2_00000001400479E0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002CA14 | 1_2_000000014002CA14 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014006BA1C | 1_2_000000014006BA1C |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140002A20 | 1_2_0000000140002A20 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140026A24 | 1_2_0000000140026A24 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002AA90 | 1_2_000000014002AA90 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140005AB8 | 1_2_0000000140005AB8 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014001CAC8 | 1_2_000000014001CAC8 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014006AAD8 | 1_2_000000014006AAD8 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140024AEC | 1_2_0000000140024AEC |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140041AF4 | 1_2_0000000140041AF4 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002BB18 | 1_2_000000014002BB18 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014000EB3C | 1_2_000000014000EB3C |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140014B68 | 1_2_0000000140014B68 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140001B74 | 1_2_0000000140001B74 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002AB7A | 1_2_000000014002AB7A |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002AB7F | 1_2_000000014002AB7F |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002AB84 | 1_2_000000014002AB84 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140006B88 | 1_2_0000000140006B88 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002AB89 | 1_2_000000014002AB89 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002AB8E | 1_2_000000014002AB8E |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002AB93 | 1_2_000000014002AB93 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002AB98 | 1_2_000000014002AB98 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002AB9D | 1_2_000000014002AB9D |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002ABA2 | 1_2_000000014002ABA2 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002ABA7 | 1_2_000000014002ABA7 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014001DBB8 | 1_2_000000014001DBB8 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014000BBC4 | 1_2_000000014000BBC4 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140003BE0 | 1_2_0000000140003BE0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140034BF8 | 1_2_0000000140034BF8 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140050BF4 | 1_2_0000000140050BF4 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140016BFC | 1_2_0000000140016BFC |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014005ABFC | 1_2_000000014005ABFC |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140036C08 | 1_2_0000000140036C08 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140029C1C | 1_2_0000000140029C1C |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140026C30 | 1_2_0000000140026C30 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014003CC38 | 1_2_000000014003CC38 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140035C80 | 1_2_0000000140035C80 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140022C84 | 1_2_0000000140022C84 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140032CC8 | 1_2_0000000140032CC8 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014004CCD4 | 1_2_000000014004CCD4 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014003BCE4 | 1_2_000000014003BCE4 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140015D04 | 1_2_0000000140015D04 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014001AD0C | 1_2_000000014001AD0C |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140037D24 | 1_2_0000000140037D24 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014001CD24 | 1_2_000000014001CD24 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014005CD24 | 1_2_000000014005CD24 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014001FD44 | 1_2_000000014001FD44 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140052D60 | 1_2_0000000140052D60 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014000AD5C | 1_2_000000014000AD5C |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014003DDA4 | 1_2_000000014003DDA4 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140050DA8 | 1_2_0000000140050DA8 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014005CDAB | 1_2_000000014005CDAB |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140030DC0 | 1_2_0000000140030DC0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140051DE4 | 1_2_0000000140051DE4 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140018DE8 | 1_2_0000000140018DE8 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014006BE28 | 1_2_000000014006BE28 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140006E34 | 1_2_0000000140006E34 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002AE48 | 1_2_000000014002AE48 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140068E58 | 1_2_0000000140068E58 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014001EE68 | 1_2_000000014001EE68 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140004E68 | 1_2_0000000140004E68 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014000CEAC | 1_2_000000014000CEAC |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140011EB4 | 1_2_0000000140011EB4 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140014EBC | 1_2_0000000140014EBC |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140013ED4 | 1_2_0000000140013ED4 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140057FA8 | 1_2_0000000140057FA8 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014005CFCA | 1_2_000000014005CFCA |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140047FCC | 1_2_0000000140047FCC |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140025FD4 | 1_2_0000000140025FD4 |
Source: unknown | Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe 'C:\Users\user\Desktop\0G0AO3HYEI.dll' | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\0G0AO3HYEI.dll',#1 | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,CheckDriverSoftwareDependenciesSatisfied | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\0G0AO3HYEI.dll',#1 | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DeviceInternetSettingUiW | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiInstallDevice | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiInstallDriverA | |
Source: unknown | Process created: C:\Windows\explorer.exe explorer.exe | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiInstallDriverW | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiRollbackDriver | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiShowUpdateDevice | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiShowUpdateDriver | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiUninstallDevice | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiUninstallDriverA | |
Source: unknown | Process created: C:\Windows\explorer.exe explorer.exe | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiUninstallDriverW | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,GetInternetPolicies | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallNewDevice | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallSelectedDriver | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallWindowsUpdateDriver | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallWindowsUpdateDriverEx | |
Source: unknown | Process created: C:\Windows\explorer.exe explorer.exe | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallWindowsUpdateDrivers | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\0G0AO3HYEI.dll',#1 | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,CheckDriverSoftwareDependenciesSatisfied | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DeviceInternetSettingUiW | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiInstallDevice | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiInstallDriverA | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiInstallDriverW | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiRollbackDriver | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiShowUpdateDevice | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiShowUpdateDriver | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiUninstallDevice | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiUninstallDriverA | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiUninstallDriverW | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,GetInternetPolicies | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallNewDevice | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallSelectedDriver | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallWindowsUpdateDriver | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallWindowsUpdateDriverEx | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallWindowsUpdateDrivers | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\0G0AO3HYEI.dll',#1 | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\rundll32.exe | Last function: Thread delayed |
Source: explorer.exe, 00000006.00000000.266283482.0000000008A32000.00000004.00000001.sdmp | Binary or memory string: VMware SATA CD00dRom0 |
Source: explorer.exe, 00000006.00000000.266283482.0000000008A32000.00000004.00000001.sdmp | Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000 |
Source: explorer.exe, 0000000C.00000000.307251989.000000000054D000.00000004.00000020.sdmp | Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000V |
Source: explorer.exe, 00000006.00000000.269976007.000000000EE70000.00000004.00000001.sdmp | Binary or memory string: 0000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 00000006.00000000.266555490.0000000008B88000.00000004.00000001.sdmp | Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 00000006.00000000.266555490.0000000008B88000.00000004.00000001.sdmp | Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}e |
Source: explorer.exe, 00000006.00000000.261140112.00000000048E0000.00000004.00000001.sdmp | Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 00000006.00000000.266971589.0000000008C73000.00000004.00000001.sdmp | Binary or memory string: 0ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5& |
Source: explorer.exe, 00000006.00000000.266399504.0000000008ACF000.00000004.00000001.sdmp | Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000Datc |
Source: explorer.exe, 00000006.00000000.266555490.0000000008B88000.00000004.00000001.sdmp | Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}C |
Source: explorer.exe, 00000006.00000000.269976007.000000000EE70000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}|| |
Source: explorer.exe, 0000001B.00000000.343461857.00000000010A9000.00000004.00000020.sdmp | Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000 |
Source: explorer.exe, 0000001B.00000000.343461857.00000000010A9000.00000004.00000020.sdmp | Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}_3 |
Source: explorer.exe, 00000006.00000000.280701146.00000000069DA000.00000004.00000001.sdmp | Binary or memory string: VMware SATA CD002 |
Source: explorer.exe, 0000000C.00000000.307214159.0000000000538000.00000004.00000020.sdmp | Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}k |
Source: explorer.exe, 00000006.00000000.260396404.0000000001400000.00000002.00020000.sdmp | Binary or memory string: uProgram Manager |
Source: rundll32.exe, 00000004.00000002.537719544.0000028680000000.00000002.00020000.sdmp, explorer.exe, 00000006.00000000.279867449.0000000005F40000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.307798770.0000000000BD0000.00000002.00020000.sdmp, explorer.exe, 0000001B.00000000.352492281.0000000004A10000.00000004.00000001.sdmp | Binary or memory string: Shell_TrayWnd |
Source: rundll32.exe, 00000004.00000002.537719544.0000028680000000.00000002.00020000.sdmp, explorer.exe, 00000006.00000000.260396404.0000000001400000.00000002.00020000.sdmp, explorer.exe, 0000000C.00000000.307798770.0000000000BD0000.00000002.00020000.sdmp, explorer.exe, 0000001B.00000000.354870844.0000000005570000.00000004.00000001.sdmp | Binary or memory string: Progman |
Source: rundll32.exe, 00000004.00000002.537719544.0000028680000000.00000002.00020000.sdmp | Binary or memory string: Program Manager" |
Source: explorer.exe, 0000001B.00000000.347528150.00000000017E0000.00000002.00020000.sdmp | Binary or memory string: Program Manager/ |
Source: explorer.exe, 0000000C.00000000.307251989.000000000054D000.00000004.00000020.sdmp | Binary or memory string: ProgmanG |
Source: explorer.exe, 0000001B.00000000.343461857.00000000010A9000.00000004.00000020.sdmp | Binary or memory string: Progman~D |
Source: rundll32.exe, 00000004.00000002.537719544.0000028680000000.00000002.00020000.sdmp | Binary or memory string: Shell_TrayWndStart |
Source: rundll32.exe, 00000004.00000002.537719544.0000028680000000.00000002.00020000.sdmp, explorer.exe, 00000006.00000000.260396404.0000000001400000.00000002.00020000.sdmp, explorer.exe, 0000000C.00000000.307798770.0000000000BD0000.00000002.00020000.sdmp, explorer.exe, 0000001B.00000000.347528150.00000000017E0000.00000002.00020000.sdmp | Binary or memory string: Progmanlock |
Source: explorer.exe, 00000006.00000000.259975951.0000000000EB8000.00000004.00000020.sdmp | Binary or memory string: ProgmanX |
Source: explorer.exe, 0000000C.00000000.307798770.0000000000BD0000.00000002.00020000.sdmp | Binary or memory string: OProgram Manager |
Source: explorer.exe, 00000006.00000000.266399504.0000000008ACF000.00000004.00000001.sdmp | Binary or memory string: Shell_TrayWndAj |
Source: explorer.exe, 0000001B.00000003.350412249.0000000004AD4000.00000004.00000001.sdmp | Binary or memory string: Progman#Y |
Source: explorer.exe, 0000000C.00000000.309606315.0000000004677000.00000004.00000001.sdmp | Binary or memory string: Progmanllw{v |