Edit tour

Windows Analysis Report
dpnhupnp.dll

Overview

General Information

Sample Name:	dpnhupnp.dll
Analysis ID:	579430
MD5:	cf22fca6a1c8035cb38867787f16be21
SHA1:	85cae7532a21983295a2c0aad5889e8dbd024c9f
SHA256:	3a52c4f27db221ed975af3d38ac4b9060203b9c6fb3532cdc61b969e21ca666c
Tags:	dlldridexexe
Infos:

Detection

Dridex

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Dridex unpacked file

Multi AV Scanner detection for submitted file

Benign windows process drops PE files

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Changes memory attributes in foreign processes to executable or writable

Machine Learning detection for sample

Queues an APC in another process (thread injection)

Sigma detected: Suspicious Call by Ordinal

Machine Learning detection for dropped file

Uses Atom Bombing / ProGate to inject into other processes

Uses a Windows Living Off The Land Binaries (LOL bins)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Queries the installation date of Windows

Detected potential crypto function

Found potential string decryption / allocating functions

Stores files to the Windows start menu directory

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains functionality for execution timing, often used to detect debuggers

Installs a raw input device (often for capturing keystrokes)

Sample file is different than original file name gathered from version info

PE file contains strange resources

Drops PE files

Tries to load missing DLLs

Found evasive API chain checking for process token information

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to launch a program with higher privileges

Binary contains a suspicious time stamp

PE file contains more sections than normal

Contains functionality to retrieve information about pressed keystrokes

Found large amount of non-executed APIs

Uses Microsoft's Enhanced Cryptographic Provider

Creates a process in suspended mode (likely to inject code)

Contains functionality to simulate mouse events

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality for read data from the clipboard

Classification

Process Tree

System is w10x64

loaddll64.exe (PID: 4592 cmdline: loaddll64.exe "C:\Users\user\Desktop\dpnhupnp.dll" MD5: 4E8A40CAD6CCC047914E3A7830A2D8AA)

cmd.exe (PID: 4532 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\dpnhupnp.dll",#1 MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

rundll32.exe (PID: 4356 cmdline: rundll32.exe "C:\Users\user\Desktop\dpnhupnp.dll",#1 MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 2332 cmdline: rundll32.exe C:\Users\user\Desktop\dpnhupnp.dll,GetFileVersionInfoA MD5: 73C519F050C20580F8A62C849D49215A)

explorer.exe (PID: 3352 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)

DisplaySwitch.exe (PID: 2172 cmdline: C:\Windows\system32\DisplaySwitch.exe MD5: 97411B8A84E5980E509E500C3209E5C0)

DisplaySwitch.exe (PID: 1740 cmdline: C:\Users\user\AppData\Local\4xeLXaDKW\DisplaySwitch.exe MD5: 97411B8A84E5980E509E500C3209E5C0)

wusa.exe (PID: 5472 cmdline: C:\Windows\system32\wusa.exe MD5: 04CE745559916B99248F266BBF5F9ED9)

GamePanel.exe (PID: 4868 cmdline: C:\Windows\system32\GamePanel.exe MD5: 4EF330EFAE954723B1F2800C15FDA7EB)

GamePanel.exe (PID: 5712 cmdline: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe MD5: 4EF330EFAE954723B1F2800C15FDA7EB)

msdt.exe (PID: 4792 cmdline: C:\Windows\system32\msdt.exe MD5: 8BE43BAF1F37DA5AB31A53CA1C07EE0C)

msdt.exe (PID: 4796 cmdline: C:\Users\user\AppData\Local\1XXGC21\msdt.exe MD5: 8BE43BAF1F37DA5AB31A53CA1C07EE0C)

cmstp.exe (PID: 6272 cmdline: C:\Windows\system32\cmstp.exe MD5: 2A9828E0C405422D166E0141054A04B3)

cmstp.exe (PID: 6384 cmdline: C:\Users\user\AppData\Local\M4eXJF\cmstp.exe MD5: 2A9828E0C405422D166E0141054A04B3)

PresentationHost.exe (PID: 4516 cmdline: C:\Windows\system32\PresentationHost.exe MD5: E3053C73EA240F4C2F7971B3905A91CF)

PresentationHost.exe (PID: 2208 cmdline: C:\Users\user\AppData\Local\a6o\PresentationHost.exe MD5: E3053C73EA240F4C2F7971B3905A91CF)

cmstp.exe (PID: 2880 cmdline: C:\Windows\system32\cmstp.exe MD5: 2A9828E0C405422D166E0141054A04B3)

cmstp.exe (PID: 5004 cmdline: C:\Users\user\AppData\Local\96P3D\cmstp.exe MD5: 2A9828E0C405422D166E0141054A04B3)

rundll32.exe (PID: 5880 cmdline: rundll32.exe C:\Users\user\Desktop\dpnhupnp.dll,GetFileVersionInfoByHandle MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 7008 cmdline: rundll32.exe C:\Users\user\Desktop\dpnhupnp.dll,GetFileVersionInfoExA MD5: 73C519F050C20580F8A62C849D49215A)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000004.00000002.278695271.00007FFC6F9E1000.00000020.00000001.01000000.00000003.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
00000003.00000002.357902587.00007FFC6F9E1000.00000020.00000001.01000000.00000003.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
00000018.00000002.424452492.00007FFC6F9E1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
00000014.00000002.392236668.00007FFC6F9E1000.00000020.00000001.01000000.00000008.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
00000020.00000002.463842556.00007FFC6E2A1000.00000020.00000001.01000000.0000000C.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
00000023.00000002.491431291.00007FFC7C2F1000.00000020.00000001.01000000.0000000E.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
00000026.00000002.520892941.00007FFC7C2F1000.00000020.00000001.01000000.00000010.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
00000000.00000002.298715660.00007FFC6F9E1000.00000020.00000001.01000000.00000003.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
00000028.00000002.548047896.00007FFC7C2F1000.00000020.00000001.01000000.00000012.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
0000000E.00000002.293533164.00007FFC6F9E1000.00000020.00000001.01000000.00000003.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
00000009.00000002.285131581.00007FFC6F9E1000.00000020.00000001.01000000.00000003.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
Click to see the 6 entries

Unpacked PEs

Source	Rule	Description	Author
35.2.cmstp.exe.7ffc7c2f0000.3.unpack	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
38.2.PresentationHost.exe.7ffc7c2f0000.3.unpack	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
3.2.rundll32.exe.7ffc6f9e0000.2.unpack	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
4.2.rundll32.exe.7ffc6f9e0000.2.unpack	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
20.2.DisplaySwitch.exe.7ffc6f9e0000.3.unpack	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
9.2.rundll32.exe.7ffc6f9e0000.2.unpack	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
24.2.GamePanel.exe.7ffc6f9e0000.3.unpack	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
32.2.msdt.exe.7ffc6e2a0000.3.unpack	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
14.2.rundll32.exe.7ffc6f9e0000.2.unpack	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
0.2.loaddll64.exe.7ffc6f9e0000.2.unpack	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
40.2.cmstp.exe.7ffc7c2f0000.3.unpack	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
Click to see the 6 entries

Sigma Signatures

System Summary

Sigma detected: Suspicious Call by Ordinal

Source: Process started

Author: Florian Roth: Data: Command: rundll32.exe "C:\Users\user\Desktop\dpnhupnp.dll",#1, CommandLine: rundll32.exe "C:\Users\user\Desktop\dpnhupnp.dll",#1, CommandLine|base64offset|contains: , Image: C:\Windows\System32\rundll32.exe, NewProcessName: C:\Windows\System32\rundll32.exe, OriginalFileName: C:\Windows\System32\rundll32.exe, ParentCommandLine: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\dpnhupnp.dll",#1, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4532, ProcessCommandLine: rundll32.exe "C:\Users\user\Desktop\dpnhupnp.dll",#1, ProcessId: 4356

Source: Process started

Author: juju4: Data: Command: C:\Windows\system32\msdt.exe, CommandLine: C:\Windows\system32\msdt.exe, CommandLine|base64offset|contains: , Image: C:\Windows\System32\msdt.exe, NewProcessName: C:\Windows\System32\msdt.exe, OriginalFileName: C:\Windows\System32\msdt.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3352, ProcessCommandLine: C:\Windows\system32\msdt.exe, ProcessId: 4792

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: dpnhupnp.dll	Virustotal: Detection: 65%	Perma Link
Source: dpnhupnp.dll	Metadefender: Detection: 62%	Perma Link
Source: dpnhupnp.dll	ReversingLabs: Detection: 83%

Antivirus / Scanner detection for submitted sample

Source: dpnhupnp.dll

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\4xeLXaDKW\WINSTA.dll	Avira: detection malicious, Label: TR/Crypt.ZPACK.Gen
Source: C:\Users\user\AppData\Local\WPx7QKO3\UxTheme.dll	Avira: detection malicious, Label: TR/Crypt.ZPACK.Gen
Source: C:\Users\user\AppData\Local\uRSIQRt4\dxgi.dll	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen7
Source: C:\Users\user\AppData\Local\96P3D\VERSION.dll	Avira: detection malicious, Label: TR/Crypt.ZPACK.Gen
Source: C:\Users\user\AppData\Local\96P3D\VERSION.dll	Avira: detection malicious, Label: TR/Crypt.ZPACK.Gen
Source: C:\Users\user\AppData\Local\1XXGC21\DUI70.dll	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen7
Source: C:\Users\user\AppData\Local\96P3D\VERSION.dll	Avira: detection malicious, Label: TR/Crypt.ZPACK.Gen
Source: C:\Users\user\AppData\Local\RiK2PNsRy\HID.DLL	Avira: detection malicious, Label: TR/Crypt.ZPACK.Gen

Machine Learning detection for sample

Source: dpnhupnp.dll

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\4xeLXaDKW\WINSTA.dll	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\WPx7QKO3\UxTheme.dll	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\uRSIQRt4\dxgi.dll	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\96P3D\VERSION.dll	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\96P3D\VERSION.dll	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\1XXGC21\DUI70.dll	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\96P3D\VERSION.dll	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\RiK2PNsRy\HID.DLL	Joe Sandbox ML: detected

Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF775508534 CryptDestroyHash,CryptReleaseContext,	24_2_00007FF775508534
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF775508610 CryptGetHashParam,memset,	24_2_00007FF775508610
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF775508598 CryptAcquireContextW,CryptCreateHash,	24_2_00007FF775508598
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7755088F8 CryptHashData,	24_2_00007FF7755088F8
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77550874C CryptHashData,	24_2_00007FF77550874C
Source: C:\Users\user\AppData\Local\1XXGC21\msdt.exe	Code function: 32_2_00007FF7299EDF30 CertGetCertificateContextProperty,GetLastError,CryptHashCertificate,GetLastError,GetLastError,CertFreeCertificateContext,	32_2_00007FF7299EDF30

Source: dpnhupnp.dll

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA

Source:	Binary string: cmstp.pdbGCTL source: cmstp.exe, 00000023.00000000.468453797.00007FF7DE0BF000.00000002.00000001.01000000.0000000D.sdmp, cmstp.exe, 00000023.00000002.491387694.00007FF7DE0BF000.00000002.00000001.01000000.0000000D.sdmp, cmstp.exe, 00000028.00000002.547996060.00007FF72BE3F000.00000002.00000001.01000000.00000011.sdmp, cmstp.exe, 00000028.00000000.525056194.00007FF72BE3F000.00000002.00000001.01000000.00000011.sdmp, cmstp.exe.6.dr, cmstp.exe0.6.dr
Source:	Binary string: msdt.pdbGCTL source: msdt.exe, 00000020.00000002.463579902.00007FF729A08000.00000002.00000001.01000000.0000000B.sdmp, msdt.exe, 00000020.00000000.438710187.00007FF729A08000.00000002.00000001.01000000.0000000B.sdmp, msdt.exe.6.dr
Source:	Binary string: CloudNotifications.pdb source: CloudNotifications.exe.6.dr
Source:	Binary string: tabcal.pdbGCTL source: tabcal.exe.6.dr
Source:	Binary string: PresentationHost.pdbGCTL source: PresentationHost.exe, 00000026.00000002.520780934.00007FF76ED9F000.00000002.00000001.01000000.0000000F.sdmp, PresentationHost.exe, 00000026.00000000.496651636.00007FF76ED9F000.00000002.00000001.01000000.0000000F.sdmp, PresentationHost.exe.6.dr
Source:	Binary string: GamePanel.pdbGCTL source: GamePanel.exe, 00000018.00000000.398666237.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe, 00000018.00000002.423900656.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe.6.dr
Source:	Binary string: PresentationHost.pdb source: PresentationHost.exe, 00000026.00000002.520780934.00007FF76ED9F000.00000002.00000001.01000000.0000000F.sdmp, PresentationHost.exe, 00000026.00000000.496651636.00007FF76ED9F000.00000002.00000001.01000000.0000000F.sdmp, PresentationHost.exe.6.dr
Source:	Binary string: cmstp.pdb source: cmstp.exe, 00000023.00000000.468453797.00007FF7DE0BF000.00000002.00000001.01000000.0000000D.sdmp, cmstp.exe, 00000023.00000002.491387694.00007FF7DE0BF000.00000002.00000001.01000000.0000000D.sdmp, cmstp.exe, 00000028.00000002.547996060.00007FF72BE3F000.00000002.00000001.01000000.00000011.sdmp, cmstp.exe, 00000028.00000000.525056194.00007FF72BE3F000.00000002.00000001.01000000.00000011.sdmp, cmstp.exe.6.dr, cmstp.exe0.6.dr
Source:	Binary string: DisplaySwitch.pdbGCTL source: DisplaySwitch.exe, 00000014.00000000.368442640.00007FF701BE4000.00000002.00000001.01000000.00000007.sdmp, DisplaySwitch.exe, 00000014.00000002.391524243.00007FF701BE4000.00000002.00000001.01000000.00000007.sdmp, DisplaySwitch.exe.6.dr
Source:	Binary string: GamePanel.pdb source: GamePanel.exe, 00000018.00000000.398666237.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe, 00000018.00000002.423900656.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe.6.dr
Source:	Binary string: tabcal.pdb source: tabcal.exe.6.dr
Source:	Binary string: msdt.pdb source: msdt.exe, 00000020.00000002.463579902.00007FF729A08000.00000002.00000001.01000000.0000000B.sdmp, msdt.exe, 00000020.00000000.438710187.00007FF729A08000.00000002.00000001.01000000.0000000B.sdmp, msdt.exe.6.dr
Source:	Binary string: DisplaySwitch.pdb source: DisplaySwitch.exe, 00000014.00000000.368442640.00007FF701BE4000.00000002.00000001.01000000.00000007.sdmp, DisplaySwitch.exe, 00000014.00000002.391524243.00007FF701BE4000.00000002.00000001.01000000.00000007.sdmp, DisplaySwitch.exe.6.dr
Source:	Binary string: CloudNotifications.pdbGCTL source: CloudNotifications.exe.6.dr

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA3ED10 FindFirstFileExW,	0_2_00007FFC6FA3ED10
Source: C:\Users\user\AppData\Local\1XXGC21\msdt.exe	Code function: 32_2_00007FF7299E7C3C GetProcessHeap,HeapAlloc,FindFirstFileW,_wcsicmp,_wcsicmp,SetFileAttributesW,GetLastError,DeleteFileW,GetLastError,FindNextFileW,FindClose,RemoveDirectoryW,GetLastError,GetProcessHeap,HeapFree,	32_2_00007FF7299E7C3C
Source: C:\Users\user\AppData\Local\1XXGC21\msdt.exe	Code function: 32_2_00007FF7299E6494 memset,GetProcessHeap,HeapAlloc,FindFirstFileW,_wcsicmp,_wcsicmp,FindNextFileW,FindClose,#13,GetLastError,GetProcessHeap,HeapFree,	32_2_00007FF7299E6494
Source: C:\Users\user\AppData\Local\1XXGC21\msdt.exe	Code function: 32_2_00007FF7299FA65C memset,GetProcessHeap,HeapAlloc,FindFirstFileW,GetProcessHeap,HeapAlloc,GetLastError,FindClose,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,	32_2_00007FF7299FA65C
Source: C:\Users\user\AppData\Local\1XXGC21\msdt.exe	Code function: 32_2_00007FF7299FBD48 memset,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,FindFirstFileW,_wcsicmp,_wcsicmp,CopyFileW,GetLastError,FindNextFileW,FindClose,GetLastError,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,	32_2_00007FF7299FBD48
Source: C:\Users\user\AppData\Local\1XXGC21\msdt.exe	Code function: 32_2_00007FF7299E6720 memset,GetProcessHeap,HeapAlloc,FindFirstFileW,_wcsicmp,_wcsicmp,FindNextFileW,FindClose,GetLastError,GetProcessHeap,HeapFree,	32_2_00007FF7299E6720
Source: C:\Users\user\AppData\Local\1XXGC21\msdt.exe	Code function: 32_2_00007FF7299E7784 memset,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,CloseHandle,FindFirstFileW,_wcsicmp,_wcsicmp,GetFileAttributesW,SetFileAttributesW,GetLastError,GetFileAttributesW,SetFileAttributesW,GetLastError,DeleteFileW,CreateFileW,GetLastError,CloseHandle,FindNextFileW,FindClose,GetLastError,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,	32_2_00007FF7299E7784
Source: C:\Users\user\AppData\Local\1XXGC21\msdt.exe	Code function: 32_2_00007FF7299E2770 memset,GetProcessHeap,HeapAlloc,FindFirstFileW,_wcsicmp,_wcsicmp,FindNextFileW,FindClose,GetLastError,GetProcessHeap,HeapFree,	32_2_00007FF7299E2770
Source: C:\Users\user\AppData\Local\1XXGC21\msdt.exe	Code function: 32_2_00007FFC6E2FED10 FindFirstFileExW,	32_2_00007FFC6E2FED10

Source: explorer.exe, 00000006.00000000.313547112.000000000EE50000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.293192524.000000000EE50000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.326336701.000000000EE50000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://schemas.mi
Source: explorer.exe, 00000006.00000000.313547112.000000000EE50000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.293192524.000000000EE50000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.326336701.000000000EE50000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://schemas.micr
Source: GamePanel.exe	String found in binary or memory: https://MediaData.XboxLive.com/broadcasts/Augment
Source: GamePanel.exe, 00000018.00000000.398666237.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe, 00000018.00000002.423900656.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe.6.dr	String found in binary or memory: https://MediaData.XboxLive.com/broadcasts/Augmenthttps://MediaData.XboxLive.com/screenshots/Augmenth
Source: GamePanel.exe	String found in binary or memory: https://MediaData.XboxLive.com/gameclips/Augment
Source: GamePanel.exe	String found in binary or memory: https://MediaData.XboxLive.com/screenshots/Augment
Source: GamePanel.exe	String found in binary or memory: https://aka.ms/ifg0es
Source: GamePanel.exe	String found in binary or memory: https://aka.ms/imfx4k
Source: GamePanel.exe	String found in binary or memory: https://aka.ms/imrx2o
Source: GamePanel.exe	String found in binary or memory: https://aka.ms/v5do45
Source: GamePanel.exe	String found in binary or memory: https://aka.ms/w5ryqn
Source: GamePanel.exe, 00000018.00000000.398666237.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe, 00000018.00000002.423900656.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe.6.dr	String found in binary or memory: https://aka.ms/w5ryqnhttps://aka.ms/imfx4kQUITTING
Source: GamePanel.exe, GamePanel.exe, 00000018.00000000.398666237.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe, 00000018.00000002.423900656.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe.6.dr	String found in binary or memory: https://aka.ms/wk9ocd
Source: GamePanel.exe	String found in binary or memory: https://mixer.com/%ws
Source: GamePanel.exe, 00000018.00000000.398666237.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe, 00000018.00000002.423900656.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe.6.dr	String found in binary or memory: https://mixer.com/%wsWindows.System.Launcher
Source: GamePanel.exe	String found in binary or memory: https://mixer.com/_latest/assets/emoticons/%ls.png
Source: GamePanel.exe, 00000018.00000000.398666237.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe, 00000018.00000002.423900656.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe.6.dr	String found in binary or memory: https://mixer.com/_latest/assets/emoticons/%ls.pngtitleIdaumIdkglIdprocessNamenametypeIdmultimedia
Source: GamePanel.exe, GamePanel.exe, 00000018.00000000.398666237.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe, 00000018.00000002.423900656.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe.6.dr	String found in binary or memory: https://mixer.com/api/v1/broadcasts/current
Source: GamePanel.exe	String found in binary or memory: https://mixer.com/api/v1/channels/%d
Source: GamePanel.exe	String found in binary or memory: https://mixer.com/api/v1/channels/%ws
Source: GamePanel.exe	String found in binary or memory: https://mixer.com/api/v1/chats/%.0f
Source: GamePanel.exe, 00000018.00000000.398666237.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe, 00000018.00000002.423900656.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe.6.dr	String found in binary or memory: https://mixer.com/api/v1/chats/%.0fhttps://mixer.com/api/v1/users/currentBEAM_IMAGEGamesGuide::BeamC
Source: GamePanel.exe	String found in binary or memory: https://mixer.com/api/v1/oauth/xbl/login
Source: GamePanel.exe	String found in binary or memory: https://mixer.com/api/v1/types/lookup%ws
Source: GamePanel.exe, 00000018.00000000.398666237.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe, 00000018.00000002.423900656.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe.6.dr	String found in binary or memory: https://mixer.com/api/v1/types/lookup%wshttps://mixer.com/api/v1/channels/%wshttps://mixer.com/api/v
Source: GamePanel.exe	String found in binary or memory: https://mixer.com/api/v1/users/current
Source: GamePanel.exe	String found in binary or memory: https://profile.xboxlive.com/users/me/profile/settings?settings=GameDisplayPicRaw
Source: GamePanel.exe	String found in binary or memory: https://www.xboxlive.com
Source: GamePanel.exe, 00000018.00000000.398666237.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe, 00000018.00000002.423900656.00007FF775557000.00000002.00000001.01000000.00000009.sdmp, GamePanel.exe.6.dr	String found in binary or memory: https://www.xboxlive.comMBI_SSLhttps://profile.xboxlive.com/users/me/profile/settings?settings=GameD

Source: unknown

DNS traffic detected: queries for: store-images.s-microsoft.com

Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe

Code function: 24_2_00007FF7754CFC50 RegisterRawInputDevices,

24_2_00007FF7754CFC50

Source: C:\Users\user\AppData\Local\4xeLXaDKW\DisplaySwitch.exe

Code function: 20_2_00007FF701BD5E1C GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetAsyncKeyState,

20_2_00007FF701BD5E1C

Source: C:\Users\user\AppData\Local\1XXGC21\msdt.exe

Code function: 32_2_00007FF7299E3120 GetProcessHeap,HeapAlloc,CreateStreamOnHGlobal,OpenClipboard,GetLastError,EmptyClipboard,GetHGlobalFromStream,SetClipboardData,CloseClipboard,GetProcessHeap,HeapFree,

32_2_00007FF7299E3120

E-Banking Fraud

Yara detected Dridex unpacked file

Source: Yara match	File source: 35.2.cmstp.exe.7ffc7c2f0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.2.PresentationHost.exe.7ffc7c2f0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.7ffc6f9e0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.7ffc6f9e0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.DisplaySwitch.exe.7ffc6f9e0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.rundll32.exe.7ffc6f9e0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.GamePanel.exe.7ffc6f9e0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.2.msdt.exe.7ffc6e2a0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.rundll32.exe.7ffc6f9e0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll64.exe.7ffc6f9e0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.cmstp.exe.7ffc7c2f0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.278695271.00007FFC6F9E1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.357902587.00007FFC6F9E1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.424452492.00007FFC6F9E1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.392236668.00007FFC6F9E1000.00000020.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.463842556.00007FFC6E2A1000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.491431291.00007FFC7C2F1000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.520892941.00007FFC7C2F1000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.298715660.00007FFC6F9E1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.548047896.00007FFC7C2F1000.00000020.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.293533164.00007FFC6F9E1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.285131581.00007FFC6F9E1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY

Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\cmstp.exe C:\Windows\system32\cmstp.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\M4eXJF\cmstp.exe C:\Users\user\AppData\Local\M4eXJF\cmstp.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\cmstp.exe C:\Windows\system32\cmstp.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\96P3D\cmstp.exe C:\Users\user\AppData\Local\96P3D\cmstp.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\cmstp.exe C:\Windows\system32\cmstp.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\M4eXJF\cmstp.exe C:\Users\user\AppData\Local\M4eXJF\cmstp.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\cmstp.exe C:\Windows\system32\cmstp.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\96P3D\cmstp.exe C:\Users\user\AppData\Local\96P3D\cmstp.exe	Jump to behavior

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA15020	0_2_00007FFC6FA15020
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA297D0	0_2_00007FFC6FA297D0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA47650	0_2_00007FFC6FA47650
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA3DDC0	0_2_00007FFC6FA3DDC0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA4D520	0_2_00007FFC6FA4D520
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA2A2C0	0_2_00007FFC6FA2A2C0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA1AA70	0_2_00007FFC6FA1AA70
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA2CA50	0_2_00007FFC6FA2CA50
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA159F0	0_2_00007FFC6FA159F0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA33150	0_2_00007FFC6FA33150
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA07880	0_2_00007FFC6FA07880
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA0C030	0_2_00007FFC6FA0C030
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA10020	0_2_00007FFC6FA10020
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA04800	0_2_00007FFC6FA04800
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9E1010	0_2_00007FFC6F9E1010
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA1F870	0_2_00007FFC6FA1F870
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA2F870	0_2_00007FFC6FA2F870
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA35840	0_2_00007FFC6FA35840
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA05050	0_2_00007FFC6FA05050
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA0E7B0	0_2_00007FFC6FA0E7B0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA5B7A0	0_2_00007FFC6FA5B7A0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA4C780	0_2_00007FFC6FA4C780
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA5EF80	0_2_00007FFC6FA5EF80
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9E6790	0_2_00007FFC6F9E6790
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA54FF0	0_2_00007FFC6FA54FF0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA06FE0	0_2_00007FFC6FA06FE0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9F8FC0	0_2_00007FFC6F9F8FC0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9FA7D0	0_2_00007FFC6F9FA7D0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA40F30	0_2_00007FFC6FA40F30
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA0872B	0_2_00007FFC6FA0872B
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA5BF6F	0_2_00007FFC6FA5BF6F
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA40770	0_2_00007FFC6FA40770
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA45760	0_2_00007FFC6FA45760
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9FE770	0_2_00007FFC6F9FE770
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA02F50	0_2_00007FFC6FA02F50
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA4A6B0	0_2_00007FFC6FA4A6B0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA0F6B0	0_2_00007FFC6FA0F6B0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA106A0	0_2_00007FFC6FA106A0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9E7E80	0_2_00007FFC6F9E7E80
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9E6E90	0_2_00007FFC6F9E6E90
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA47EC0	0_2_00007FFC6FA47EC0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9E1620	0_2_00007FFC6F9E1620
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9EDE20	0_2_00007FFC6F9EDE20
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA12E10	0_2_00007FFC6FA12E10
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA03610	0_2_00007FFC6FA03610
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9F8670	0_2_00007FFC6F9F8670
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA30650	0_2_00007FFC6FA30650
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9EC5A0	0_2_00007FFC6F9EC5A0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9F65E0	0_2_00007FFC6F9F65E0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9F95C0	0_2_00007FFC6F9F95C0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA125C0	0_2_00007FFC6FA125C0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA11D30	0_2_00007FFC6FA11D30
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA10D10	0_2_00007FFC6FA10D10
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9F9D70	0_2_00007FFC6F9F9D70
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA0D550	0_2_00007FFC6FA0D550
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA03D50	0_2_00007FFC6FA03D50
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA4E4AD	0_2_00007FFC6FA4E4AD
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA4E4B6	0_2_00007FFC6FA4E4B6
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA4E49D	0_2_00007FFC6FA4E49D
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA42CA0	0_2_00007FFC6FA42CA0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA4E4A6	0_2_00007FFC6FA4E4A6
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA4A490	0_2_00007FFC6FA4A490
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA4E494	0_2_00007FFC6FA4E494
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA0AC80	0_2_00007FFC6FA0AC80
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA4E48B	0_2_00007FFC6FA4E48B
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA13CF0	0_2_00007FFC6FA13CF0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA15CD0	0_2_00007FFC6FA15CD0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9F3CD0	0_2_00007FFC6F9F3CD0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9E5C20	0_2_00007FFC6F9E5C20
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9F5420	0_2_00007FFC6F9F5420
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA49410	0_2_00007FFC6FA49410
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA4E400	0_2_00007FFC6FA4E400
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9F7410	0_2_00007FFC6F9F7410
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA44390	0_2_00007FFC6FA44390
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9F23F0	0_2_00007FFC6F9F23F0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA34BC0	0_2_00007FFC6FA34BC0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA11B30	0_2_00007FFC6FA11B30
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9EBB20	0_2_00007FFC6F9EBB20
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA0A310	0_2_00007FFC6FA0A310
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA10300	0_2_00007FFC6FA10300
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA14360	0_2_00007FFC6FA14360
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA45B50	0_2_00007FFC6FA45B50
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA03340	0_2_00007FFC6FA03340
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9F8340	0_2_00007FFC6F9F8340
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9E5350	0_2_00007FFC6F9E5350
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA482A0	0_2_00007FFC6FA482A0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA4AAA0	0_2_00007FFC6FA4AAA0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA0DAA0	0_2_00007FFC6FA0DAA0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA47AF0	0_2_00007FFC6FA47AF0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA082E0	0_2_00007FFC6FA082E0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA1BAE0	0_2_00007FFC6FA1BAE0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA42AE0	0_2_00007FFC6FA42AE0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA092C0	0_2_00007FFC6FA092C0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA3F2C0	0_2_00007FFC6FA3F2C0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA4B260	0_2_00007FFC6FA4B260
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA1B250	0_2_00007FFC6FA1B250
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9E7A40	0_2_00007FFC6F9E7A40
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA0E9A0	0_2_00007FFC6FA0E9A0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9FE9B0	0_2_00007FFC6F9FE9B0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA011B0	0_2_00007FFC6FA011B0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA19990	0_2_00007FFC6FA19990
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9E2980	0_2_00007FFC6F9E2980
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA0F1F0	0_2_00007FFC6FA0F1F0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA191F0	0_2_00007FFC6FA191F0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA189F0	0_2_00007FFC6FA189F0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA121D0	0_2_00007FFC6FA121D0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA069C0	0_2_00007FFC6FA069C0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA16130	0_2_00007FFC6FA16130
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9EB100	0_2_00007FFC6F9EB100
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9FE110	0_2_00007FFC6F9FE110
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA03910	0_2_00007FFC6FA03910
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA4B960	0_2_00007FFC6FA4B960
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA46950	0_2_00007FFC6FA46950
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6FA04140	0_2_00007FFC6FA04140
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9F08B0	0_2_00007FFC6F9F08B0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9FD890	0_2_00007FFC6F9FD890
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFC6F9E18D0	0_2_00007FFC6F9E18D0
Source: C:\Users\user\AppData\Local\4xeLXaDKW\DisplaySwitch.exe	Code function: 20_2_00007FF701BD4EC8	20_2_00007FF701BD4EC8
Source: C:\Users\user\AppData\Local\4xeLXaDKW\DisplaySwitch.exe	Code function: 20_2_00007FF701BE1670	20_2_00007FF701BE1670
Source: C:\Users\user\AppData\Local\4xeLXaDKW\DisplaySwitch.exe	Code function: 20_2_00007FF701BC1250	20_2_00007FF701BC1250
Source: C:\Users\user\AppData\Local\4xeLXaDKW\DisplaySwitch.exe	Code function: 20_2_00007FF701BCB24C	20_2_00007FF701BCB24C
Source: C:\Users\user\AppData\Local\4xeLXaDKW\DisplaySwitch.exe	Code function: 20_2_00007FF701BD41D8	20_2_00007FF701BD41D8
Source: C:\Users\user\AppData\Local\4xeLXaDKW\DisplaySwitch.exe	Code function: 20_2_00007FF701BCFCD8	20_2_00007FF701BCFCD8
Source: C:\Users\user\AppData\Local\4xeLXaDKW\DisplaySwitch.exe	Code function: 20_2_00007FF701BD740C	20_2_00007FF701BD740C
Source: C:\Users\user\AppData\Local\4xeLXaDKW\DisplaySwitch.exe	Code function: 20_2_00007FF701BE13B0	20_2_00007FF701BE13B0
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77550D6B0	24_2_00007FF77550D6B0
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77553D788	24_2_00007FF77553D788
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77554D7A2	24_2_00007FF77554D7A2
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754D3260	24_2_00007FF7754D3260
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77551B26C	24_2_00007FF77551B26C
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754D72C8	24_2_00007FF7754D72C8
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF775535190	24_2_00007FF775535190
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77553B14C	24_2_00007FF77553B14C
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77552B124	24_2_00007FF77552B124
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF775547460	24_2_00007FF775547460
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754F9484	24_2_00007FF7754F9484
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77550B454	24_2_00007FF77550B454
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77553137C	24_2_00007FF77553137C
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77550BE58	24_2_00007FF77550BE58
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF775515F08	24_2_00007FF775515F08
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754A3D38	24_2_00007FF7754A3D38
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754AA058	24_2_00007FF7754AA058
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77553BF88	24_2_00007FF77553BF88
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77554BFEC	24_2_00007FF77554BFEC
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF775537A20	24_2_00007FF775537A20
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF775511AD4	24_2_00007FF775511AD4
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754AB928	24_2_00007FF7754AB928
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77552F920	24_2_00007FF77552F920
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF775517A00	24_2_00007FF775517A00
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77554FC59	24_2_00007FF77554FC59
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754DDC44	24_2_00007FF7754DDC44
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77552BD14	24_2_00007FF77552BD14
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77554DB6C	24_2_00007FF77554DB6C
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF775510644	24_2_00007FF775510644
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF775500620	24_2_00007FF775500620
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754DE560	24_2_00007FF7754DE560
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754F253C	24_2_00007FF7754F253C
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7755445E0	24_2_00007FF7755445E0
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77550A5D0	24_2_00007FF77550A5D0
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7755048C0	24_2_00007FF7755048C0
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF775540728	24_2_00007FF775540728
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754AA7EC	24_2_00007FF7754AA7EC
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7755547E5	24_2_00007FF7755547E5
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754B9AF0	24_2_00007FF7754B9AF0
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754AE7FC	24_2_00007FF7754AE7FC
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754CE224	24_2_00007FF7754CE224
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754EA250	24_2_00007FF7754EA250
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77552C2D8	24_2_00007FF77552C2D8
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754E21AC	24_2_00007FF7754E21AC
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF775524198	24_2_00007FF775524198
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7755221AC	24_2_00007FF7755221AC
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754D43B8	24_2_00007FF7754D43B8
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77553EE40	24_2_00007FF77553EE40
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754F8F14	24_2_00007FF7754F8F14
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77552ED90	24_2_00007FF77552ED90
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF775524DD0	24_2_00007FF775524DD0
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77553D010	24_2_00007FF77553D010
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77550AFF0	24_2_00007FF77550AFF0
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754F6948	24_2_00007FF7754F6948
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7755089F4	24_2_00007FF7755089F4
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77553A998	24_2_00007FF77553A998
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF775530C44	24_2_00007FF775530C44
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF77550CCFC	24_2_00007FF77550CCFC
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754C4CDC	24_2_00007FF7754C4CDC
Source: C:\Users\user\AppData\Local\uRSIQRt4\GamePanel.exe	Code function: 24_2_00007FF7754DED00	24_2_00007FF7754DED00

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report
dpnhupnp.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report dpnhupnp.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Windows Analysis Report
dpnhupnp.dll