Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: unknown | TCP traffic detected without corresponding DNS query: 89.22.236.225 |
Source: 6k00SOeMjU.dll | String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t |
Source: 6k00SOeMjU.dll | String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0# |
Source: 6k00SOeMjU.dll | String found in binary or memory: http://ocsp.sectigo.com0 |
Source: rundll32.exe, 00000003.00000002.769805471.0000000010B69000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.769805642.0000000010B69000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000005.00000002.769803694.0000000010B69000.00000002.00000001.01000000.00000003.sdmp, 6k00SOeMjU.dll | String found in binary or memory: http://www.innosetup.com |
Source: 6k00SOeMjU.dll | String found in binary or memory: https://sectigo.com/CPS0 |
Source: 4.2.rundll32.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: EXT_MAL_SystemBC_Mar22_1 date = 2022-03-11, hash1 = c926338972be5bdfdd89574f3dc2fe4d4f70fd4e24c1c6ac5d2439c7fcc50db5, author = Thomas Barabosch, Deutsche Telekom Security, description = Detects unpacked SystemBC module as used by Emotet in March 2022, score = https://malpedia.caad.fkie.fraunhofer.de/details/win.systembc, reference2 = https://medium.com/walmartglobaltech/inside-the-systembc-malware-as-a-service-9aa03afd09c6, reference = https://twitter.com/Cryptolaemus1/status/1502069552246575105 |
Source: 4.2.rundll32.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC |
Source: 5.2.rundll32.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: EXT_MAL_SystemBC_Mar22_1 date = 2022-03-11, hash1 = c926338972be5bdfdd89574f3dc2fe4d4f70fd4e24c1c6ac5d2439c7fcc50db5, author = Thomas Barabosch, Deutsche Telekom Security, description = Detects unpacked SystemBC module as used by Emotet in March 2022, score = https://malpedia.caad.fkie.fraunhofer.de/details/win.systembc, reference2 = https://medium.com/walmartglobaltech/inside-the-systembc-malware-as-a-service-9aa03afd09c6, reference = https://twitter.com/Cryptolaemus1/status/1502069552246575105 |
Source: 5.2.rundll32.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC |
Source: 3.2.rundll32.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: EXT_MAL_SystemBC_Mar22_1 date = 2022-03-11, hash1 = c926338972be5bdfdd89574f3dc2fe4d4f70fd4e24c1c6ac5d2439c7fcc50db5, author = Thomas Barabosch, Deutsche Telekom Security, description = Detects unpacked SystemBC module as used by Emotet in March 2022, score = https://malpedia.caad.fkie.fraunhofer.de/details/win.systembc, reference2 = https://medium.com/walmartglobaltech/inside-the-systembc-malware-as-a-service-9aa03afd09c6, reference = https://twitter.com/Cryptolaemus1/status/1502069552246575105 |
Source: 3.2.rundll32.exe.10000000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC |
Source: 00000005.00000002.764703413.0000000010005000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: EXT_MAL_SystemBC_Mar22_1 date = 2022-03-11, hash1 = c926338972be5bdfdd89574f3dc2fe4d4f70fd4e24c1c6ac5d2439c7fcc50db5, author = Thomas Barabosch, Deutsche Telekom Security, description = Detects unpacked SystemBC module as used by Emotet in March 2022, score = https://malpedia.caad.fkie.fraunhofer.de/details/win.systembc, reference2 = https://medium.com/walmartglobaltech/inside-the-systembc-malware-as-a-service-9aa03afd09c6, reference = https://twitter.com/Cryptolaemus1/status/1502069552246575105 |
Source: 00000003.00000002.764685317.0000000010005000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: EXT_MAL_SystemBC_Mar22_1 date = 2022-03-11, hash1 = c926338972be5bdfdd89574f3dc2fe4d4f70fd4e24c1c6ac5d2439c7fcc50db5, author = Thomas Barabosch, Deutsche Telekom Security, description = Detects unpacked SystemBC module as used by Emotet in March 2022, score = https://malpedia.caad.fkie.fraunhofer.de/details/win.systembc, reference2 = https://medium.com/walmartglobaltech/inside-the-systembc-malware-as-a-service-9aa03afd09c6, reference = https://twitter.com/Cryptolaemus1/status/1502069552246575105 |
Source: 00000004.00000002.764666285.0000000010005000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: EXT_MAL_SystemBC_Mar22_1 date = 2022-03-11, hash1 = c926338972be5bdfdd89574f3dc2fe4d4f70fd4e24c1c6ac5d2439c7fcc50db5, author = Thomas Barabosch, Deutsche Telekom Security, description = Detects unpacked SystemBC module as used by Emotet in March 2022, score = https://malpedia.caad.fkie.fraunhofer.de/details/win.systembc, reference2 = https://medium.com/walmartglobaltech/inside-the-systembc-malware-as-a-service-9aa03afd09c6, reference = https://twitter.com/Cryptolaemus1/status/1502069552246575105 |
Source: Process Memory Space: rundll32.exe PID: 5448, type: MEMORYSTR | Matched rule: EXT_MAL_SystemBC_Mar22_1 date = 2022-03-11, hash1 = c926338972be5bdfdd89574f3dc2fe4d4f70fd4e24c1c6ac5d2439c7fcc50db5, author = Thomas Barabosch, Deutsche Telekom Security, description = Detects unpacked SystemBC module as used by Emotet in March 2022, score = https://malpedia.caad.fkie.fraunhofer.de/details/win.systembc, reference2 = https://medium.com/walmartglobaltech/inside-the-systembc-malware-as-a-service-9aa03afd09c6, reference = https://twitter.com/Cryptolaemus1/status/1502069552246575105 |
Source: Process Memory Space: rundll32.exe PID: 5476, type: MEMORYSTR | Matched rule: EXT_MAL_SystemBC_Mar22_1 date = 2022-03-11, hash1 = c926338972be5bdfdd89574f3dc2fe4d4f70fd4e24c1c6ac5d2439c7fcc50db5, author = Thomas Barabosch, Deutsche Telekom Security, description = Detects unpacked SystemBC module as used by Emotet in March 2022, score = https://malpedia.caad.fkie.fraunhofer.de/details/win.systembc, reference2 = https://medium.com/walmartglobaltech/inside-the-systembc-malware-as-a-service-9aa03afd09c6, reference = https://twitter.com/Cryptolaemus1/status/1502069552246575105 |
Source: Process Memory Space: rundll32.exe PID: 3920, type: MEMORYSTR | Matched rule: EXT_MAL_SystemBC_Mar22_1 date = 2022-03-11, hash1 = c926338972be5bdfdd89574f3dc2fe4d4f70fd4e24c1c6ac5d2439c7fcc50db5, author = Thomas Barabosch, Deutsche Telekom Security, description = Detects unpacked SystemBC module as used by Emotet in March 2022, score = https://malpedia.caad.fkie.fraunhofer.de/details/win.systembc, reference2 = https://medium.com/walmartglobaltech/inside-the-systembc-malware-as-a-service-9aa03afd09c6, reference = https://twitter.com/Cryptolaemus1/status/1502069552246575105 |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\6k00SOeMjU.dll" |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\6k00SOeMjU.dll",#1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\6k00SOeMjU.dll,rundll |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\6k00SOeMjU.dll",#1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\6k00SOeMjU.dll",rundll |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\6k00SOeMjU.dll",#1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\6k00SOeMjU.dll,rundll |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\6k00SOeMjU.dll",rundll |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\6k00SOeMjU.dll",#1 |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: DF0005 value: E9 FB 99 AF 76 |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 778E9A00 value: E9 0A 66 50 89 |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 10D0007 value: E9 7B 4C 85 76 |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 77924C80 value: E9 8E B3 7A 89 |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 10E0005 value: E9 FB BF 7D 76 |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 778BC000 value: E9 0A 40 82 89 |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 1290008 value: E9 AB E0 66 76 |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 778FE0B0 value: E9 60 1F 99 89 |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 12A0005 value: E9 CB 5A 66 73 |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 74905AD0 value: E9 3A A5 99 8C |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 12B0005 value: E9 5B B0 67 73 |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 7492B060 value: E9 AA 4F 98 8C |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 12C0005 value: E9 DB F8 9E 75 |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 76CAF8E0 value: E9 2A 07 61 8A |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 2D70005 value: E9 FB 42 F6 73 |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 76CD4300 value: E9 0A BD 09 8C |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5448 base: 860005 value: E9 FB 99 08 77 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5448 base: 778E9A00 value: E9 0A 66 F7 88 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5448 base: 870007 value: E9 7B 4C 0B 77 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5448 base: 77924C80 value: E9 8E B3 F4 88 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5448 base: 890005 value: E9 FB BF 02 77 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5448 base: 778BC000 value: E9 0A 40 FD 88 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5448 base: 8B0008 value: E9 AB E0 04 77 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5448 base: 778FE0B0 value: E9 60 1F FB 88 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5448 base: AD0005 value: E9 CB 5A E3 73 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5448 base: 74905AD0 value: E9 3A A5 1C 8C |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5448 base: AE0005 value: E9 5B B0 E4 73 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5448 base: 7492B060 value: E9 AA 4F 1B 8C |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5448 base: 1050005 value: E9 DB F8 C5 75 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5448 base: 76CAF8E0 value: E9 2A 07 3A 8A |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5448 base: 4490005 value: E9 FB 42 84 72 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5448 base: 76CD4300 value: E9 0A BD 7B 8D |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5476 base: 9E0005 value: E9 FB 99 F0 76 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5476 base: 778E9A00 value: E9 0A 66 0F 89 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5476 base: 9F0007 value: E9 7B 4C F3 76 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5476 base: 77924C80 value: E9 8E B3 0C 89 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5476 base: D10005 value: E9 FB BF BA 76 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5476 base: 778BC000 value: E9 0A 40 45 89 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5476 base: ED0008 value: E9 AB E0 A2 76 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5476 base: 778FE0B0 value: E9 60 1F 5D 89 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5476 base: EF0005 value: E9 CB 5A A1 73 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5476 base: 74905AD0 value: E9 3A A5 5E 8C |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5476 base: 1040005 value: E9 5B B0 8E 73 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5476 base: 7492B060 value: E9 AA 4F 71 8C |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5476 base: 1050005 value: E9 DB F8 C5 75 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5476 base: 76CAF8E0 value: E9 2A 07 3A 8A |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5476 base: 4810005 value: E9 FB 42 4C 72 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 5476 base: 76CD4300 value: E9 0A BD B3 8D |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 3920 base: 3150005 value: E9 FB 99 79 74 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 3920 base: 778E9A00 value: E9 0A 66 86 8B |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 3920 base: 3400007 value: E9 7B 4C 52 74 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 3920 base: 77924C80 value: E9 8E B3 AD 8B |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 3920 base: 3410005 value: E9 FB BF 4A 74 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 3920 base: 778BC000 value: E9 0A 40 B5 8B |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 3920 base: 3430008 value: E9 AB E0 4C 74 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 3920 base: 778FE0B0 value: E9 60 1F B3 8B |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 3920 base: 3440005 value: E9 CB 5A 4C 71 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 3920 base: 74905AD0 value: E9 3A A5 B3 8E |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 3920 base: 3450005 value: E9 5B B0 4D 71 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 3920 base: 7492B060 value: E9 AA 4F B2 8E |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 3920 base: 3460005 value: E9 DB F8 84 73 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 3920 base: 76CAF8E0 value: E9 2A 07 7B 8C |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 3920 base: 3470005 value: E9 FB 42 86 73 |
Source: C:\Windows\SysWOW64\rundll32.exe | Memory written: PID: 3920 base: 76CD4300 value: E9 0A BD 79 8C |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 778BC000 value: 8B FF 55 8B EC |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 74905AD0 value: 8B FF 55 8B EC |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 7492B060 value: 8B FF 55 8B EC |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 76CAF8E0 value: 8B FF 55 8B EC |
Source: C:\Windows\System32\loaddll32.exe | Memory written: PID: 5288 base: 76CD4300 value: 8B FF 55 8B EC |
Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 00000000106587EA second address: 0000000010658809 instructions: 0x00000000 rdtsc 0x00000002 ror cl, 1 0x00000004 ror edx, FFFFFF86h 0x00000007 xor ax, si 0x0000000a not cl 0x0000000c clc 0x0000000d xor bl, cl 0x0000000f push esi 0x00000010 push edi 0x00000011 rol dh, FFFFFF9Dh 0x00000014 rcl eax, cl 0x00000016 test bx, bx 0x00000019 push ebx 0x0000001a mov ebx, ecx 0x0000001c movsx eax, di 0x0000001f rdtsc |
Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 00000000106587EA second address: 0000000010658809 instructions: 0x00000000 rdtsc 0x00000002 ror cl, 1 0x00000004 ror edx, FFFFFF86h 0x00000007 xor ax, si 0x0000000a not cl 0x0000000c clc 0x0000000d xor bl, cl 0x0000000f push esi 0x00000010 push edi 0x00000011 rol dh, FFFFFF9Dh 0x00000014 rcl eax, cl 0x00000016 test bx, bx 0x00000019 push ebx 0x0000001a mov ebx, ecx 0x0000001c movsx eax, di 0x0000001f rdtsc |
Source: C:\Windows\System32\loaddll32.exe | Thread information set: HideFromDebugger |
Source: C:\Windows\System32\loaddll32.exe | Thread information set: HideFromDebugger |
Source: C:\Windows\SysWOW64\rundll32.exe | Thread information set: HideFromDebugger |
Source: C:\Windows\SysWOW64\rundll32.exe | Thread information set: HideFromDebugger |
Source: C:\Windows\SysWOW64\rundll32.exe | Thread information set: HideFromDebugger |
Source: C:\Windows\SysWOW64\rundll32.exe | Thread information set: HideFromDebugger |
Source: C:\Windows\SysWOW64\rundll32.exe | Thread information set: HideFromDebugger |
Source: C:\Windows\SysWOW64\rundll32.exe | Thread information set: HideFromDebugger |
Source: C:\Windows\System32\loaddll32.exe | Process queried: DebugPort |
Source: C:\Windows\System32\loaddll32.exe | Process queried: DebugObjectHandle |
Source: C:\Windows\System32\loaddll32.exe | Process queried: DebugObjectHandle |
Source: C:\Windows\System32\loaddll32.exe | Process queried: DebugObjectHandle |
Source: C:\Windows\System32\loaddll32.exe | Process queried: DebugPort |
Source: C:\Windows\SysWOW64\rundll32.exe | Process queried: DebugPort |
Source: C:\Windows\SysWOW64\rundll32.exe | Process queried: DebugObjectHandle |
Source: C:\Windows\SysWOW64\rundll32.exe | Process queried: DebugObjectHandle |
Source: C:\Windows\SysWOW64\rundll32.exe | Process queried: DebugObjectHandle |
Source: C:\Windows\SysWOW64\rundll32.exe | Process queried: DebugPort |
Source: C:\Windows\SysWOW64\rundll32.exe | Process queried: DebugPort |
Source: C:\Windows\SysWOW64\rundll32.exe | Process queried: DebugObjectHandle |
Source: C:\Windows\SysWOW64\rundll32.exe | Process queried: DebugObjectHandle |
Source: C:\Windows\SysWOW64\rundll32.exe | Process queried: DebugObjectHandle |
Source: C:\Windows\SysWOW64\rundll32.exe | Process queried: DebugPort |
Source: C:\Windows\SysWOW64\rundll32.exe | Process queried: DebugPort |
Source: C:\Windows\SysWOW64\rundll32.exe | Process queried: DebugObjectHandle |
Source: C:\Windows\SysWOW64\rundll32.exe | Process queried: DebugObjectHandle |
Source: C:\Windows\SysWOW64\rundll32.exe | Process queried: DebugObjectHandle |
Source: C:\Windows\SysWOW64\rundll32.exe | Process queried: DebugPort |