Windows Analysis Report
libmmd.dll.dll

Overview

General Information

Sample name: libmmd.dll.dll
(renamed file extension from exe to dll)
Original sample name: libmmd.dll.exe
Analysis ID: 1483413
MD5: 19c31c58313c58fc88cf27e77befb0c3
SHA1: b0711e10ef98b86e76ad28665285598d8809ae36
SHA256: c2684b143c3417c588a3c0ae0a9c4329e71a04fc304aa3a69eae61ede1d0b290
Tags: exe
Infos:

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found large amount of non-executed APIs
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: libmmd.dll.dll Virustotal: Detection: 59% Perma Link
Source: libmmd.dll.dll ReversingLabs: Detection: 55%
Source: libmmd.dll.dll Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: libmmd.pdb source: loaddll64.exe, 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000003.00000002.1848304264.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.1873710881.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.1885773523.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000D.00000002.1862393694.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000010.00000002.1747347794.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000011.00000002.1747087759.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000012.00000002.1750013302.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000013.00000002.1749039897.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000014.00000002.1749032696.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000015.00000002.1752058510.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000016.00000002.1751496469.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000017.00000002.1749543583.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000018.00000002.1749536241.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000019.00000002.1750742280.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001A.00000002.1752568515.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001B.00000002.1752624679.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001C.00000002.1754625176.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001D.00000002.1750788043.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001E.00000002.1748228081.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001F.00000002.1749140606.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000021.00000002.1755733861.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000022.00000002.1754466954.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000023.00000002.1752953424.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000024.00000002.1754615312.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000026.00000002.1755501845.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000027.00000002.1753539233.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000029.00000002.1755439685.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, libmmd.dll.dll
Source: libmmd.dll.dll String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: libmmd.dll.dll String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
Source: libmmd.dll.dll String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: libmmd.dll.dll String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: libmmd.dll.dll String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
Source: libmmd.dll.dll String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: libmmd.dll.dll String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: libmmd.dll.dll String found in binary or memory: http://ocsp.comodoca.com0
Source: libmmd.dll.dll String found in binary or memory: http://ocsp.sectigo.com0
Source: libmmd.dll.dll String found in binary or memory: http://ocsp.sectigo.com0.
Source: Amcache.hve.8.dr String found in binary or memory: http://upx.sf.net
Source: libmmd.dll.dll String found in binary or memory: https://sectigo.com/CPS0
Detected potential crypto function
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB51F3D0 0_2_00007FFDFB51F3D0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4C8BD0 0_2_00007FFDFB4C8BD0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B8BC0 0_2_00007FFDFB4B8BC0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB54C390 0_2_00007FFDFB54C390
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB506360 0_2_00007FFDFB506360
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B3C30 0_2_00007FFDFB4B3C30
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4CA450 0_2_00007FFDFB4CA450
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4D13F0 0_2_00007FFDFB4D13F0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4EEC00 0_2_00007FFDFB4EEC00
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4D8AB0 0_2_00007FFDFB4D8AB0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB54BAA0 0_2_00007FFDFB54BAA0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB54D2A0 0_2_00007FFDFB54D2A0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B4AD0 0_2_00007FFDFB4B4AD0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B52D0 0_2_00007FFDFB4B52D0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B4AC0 0_2_00007FFDFB4B4AC0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4CAA80 0_2_00007FFDFB4CAA80
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB553B40 0_2_00007FFDFB553B40
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4CC330 0_2_00007FFDFB4CC330
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4CCB50 0_2_00007FFDFB4CCB50
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB537B30 0_2_00007FFDFB537B30
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4BCB40 0_2_00007FFDFB4BCB40
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB591300 0_2_00007FFDFB591300
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4BBAE0 0_2_00007FFDFB4BBAE0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB504AE0 0_2_00007FFDFB504AE0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4E0B10 0_2_00007FFDFB4E0B10
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4CD310 0_2_00007FFDFB4CD310
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B5300 0_2_00007FFDFB4B5300
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4C9300 0_2_00007FFDFB4C9300
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4C71B0 0_2_00007FFDFB4C71B0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4EE1C0 0_2_00007FFDFB4EE1C0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB51E980 0_2_00007FFDFB51E980
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB54A960 0_2_00007FFDFB54A960
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB592170 0_2_00007FFDFB592170
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B4A50 0_2_00007FFDFB4B4A50
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4DC250 0_2_00007FFDFB4DC250
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B9240 0_2_00007FFDFB4B9240
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB591A10 0_2_00007FFDFB591A10
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB503A10 0_2_00007FFDFB503A10
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4D0210 0_2_00007FFDFB4D0210
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4E1200 0_2_00007FFDFB4E1200
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B58B0 0_2_00007FFDFB4B58B0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB527080 0_2_00007FFDFB527080
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB531890 0_2_00007FFDFB531890
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4EC930 0_2_00007FFDFB4EC930
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4F2130 0_2_00007FFDFB4F2130
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B6120 0_2_00007FFDFB4B6120
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB53A120 0_2_00007FFDFB53A120
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB54B120 0_2_00007FFDFB54B120
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B98F0 0_2_00007FFDFB4B98F0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B60E0 0_2_00007FFDFB4B60E0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B6110 0_2_00007FFDFB4B6110
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B6100 0_2_00007FFDFB4B6100
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB591FC0 0_2_00007FFDFB591FC0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B37A0 0_2_00007FFDFB4B37A0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB502FD0 0_2_00007FFDFB502FD0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4ECFD0 0_2_00007FFDFB4ECFD0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4C0F60 0_2_00007FFDFB4C0F60
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4D1760 0_2_00007FFDFB4D1760
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4FD030 0_2_00007FFDFB4FD030
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4BD020 0_2_00007FFDFB4BD020
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4CF7E0 0_2_00007FFDFB4CF7E0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4D5FE0 0_2_00007FFDFB4D5FE0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4DA010 0_2_00007FFDFB4DA010
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB505000 0_2_00007FFDFB505000
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4F16B0 0_2_00007FFDFB4F16B0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4C9EB0 0_2_00007FFDFB4C9EB0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4D0EB0 0_2_00007FFDFB4D0EB0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB591EA0 0_2_00007FFDFB591EA0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB52F6B0 0_2_00007FFDFB52F6B0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB51EEB0 0_2_00007FFDFB51EEB0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB54D6B0 0_2_00007FFDFB54D6B0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB5526B0 0_2_00007FFDFB5526B0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4EE6C0 0_2_00007FFDFB4EE6C0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4D0EC0 0_2_00007FFDFB4D0EC0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4ED670 0_2_00007FFDFB4ED670
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4F4690 0_2_00007FFDFB4F4690
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB512E70 0_2_00007FFDFB512E70
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4D8E80 0_2_00007FFDFB4D8E80
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B8F30 0_2_00007FFDFB4B8F30
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4F0F10 0_2_00007FFDFB4F0F10
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4CBF10 0_2_00007FFDFB4CBF10
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4BB700 0_2_00007FFDFB4BB700
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4C7DA0 0_2_00007FFDFB4C7DA0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4F1DD0 0_2_00007FFDFB4F1DD0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB5915B0 0_2_00007FFDFB5915B0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4DE590 0_2_00007FFDFB4DE590
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B4630 0_2_00007FFDFB4B4630
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB58CE40 0_2_00007FFDFB58CE40
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4BA620 0_2_00007FFDFB4BA620
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB58FE20 0_2_00007FFDFB58FE20
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4D2650 0_2_00007FFDFB4D2650
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B4640 0_2_00007FFDFB4B4640
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4BE4B0 0_2_00007FFDFB4BE4B0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB54CCB0 0_2_00007FFDFB54CCB0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4BC4C0 0_2_00007FFDFB4BC4C0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B9CC0 0_2_00007FFDFB4B9CC0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4C84F0 0_2_00007FFDFB4C84F0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB592510 0_2_00007FFDFB592510
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4EDCE0 0_2_00007FFDFB4EDCE0
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4BDD10 0_2_00007FFDFB4BDD10
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4C0510 0_2_00007FFDFB4C0510
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB504510 0_2_00007FFDFB504510
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB591FC0 3_2_00007FFDFB591FC0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB51F3D0 3_2_00007FFDFB51F3D0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB502FD0 3_2_00007FFDFB502FD0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4ECFD0 3_2_00007FFDFB4ECFD0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4C8BD0 3_2_00007FFDFB4C8BD0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4B8BC0 3_2_00007FFDFB4B8BC0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB54C390 3_2_00007FFDFB54C390
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4C0F60 3_2_00007FFDFB4C0F60
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB506360 3_2_00007FFDFB506360
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4D1760 3_2_00007FFDFB4D1760
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4B3796 3_2_00007FFDFB4B3796
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4B3C30 3_2_00007FFDFB4B3C30
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4FD030 3_2_00007FFDFB4FD030
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4BD020 3_2_00007FFDFB4BD020
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4CA450 3_2_00007FFDFB4CA450
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4D13F0 3_2_00007FFDFB4D13F0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4CF7E0 3_2_00007FFDFB4CF7E0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4D5FE0 3_2_00007FFDFB4D5FE0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4DA010 3_2_00007FFDFB4DA010
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB505000 3_2_00007FFDFB505000
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4EEC00 3_2_00007FFDFB4EEC00
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4F16B0 3_2_00007FFDFB4F16B0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4D8AB0 3_2_00007FFDFB4D8AB0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4C9EB0 3_2_00007FFDFB4C9EB0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4D0EB0 3_2_00007FFDFB4D0EB0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB54BAA0 3_2_00007FFDFB54BAA0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB54D2A0 3_2_00007FFDFB54D2A0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4B52D0 3_2_00007FFDFB4B52D0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4B4AD0 3_2_00007FFDFB4B4AD0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB591EA0 3_2_00007FFDFB591EA0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB52F6B0 3_2_00007FFDFB52F6B0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB51EEB0 3_2_00007FFDFB51EEB0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB54D6B0 3_2_00007FFDFB54D6B0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB5526B0 3_2_00007FFDFB5526B0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4B4AC0 3_2_00007FFDFB4B4AC0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4EE6C0 3_2_00007FFDFB4EE6C0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4D0EC0 3_2_00007FFDFB4D0EC0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4ED670 3_2_00007FFDFB4ED670
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4F4690 3_2_00007FFDFB4F4690
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB512E70 3_2_00007FFDFB512E70
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4D8E80 3_2_00007FFDFB4D8E80
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4CAA80 3_2_00007FFDFB4CAA80
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB553B40 3_2_00007FFDFB553B40
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4B8F30 3_2_00007FFDFB4B8F30
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4CC330 3_2_00007FFDFB4CC330
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4CCB50 3_2_00007FFDFB4CCB50
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB537B30 3_2_00007FFDFB537B30
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4BCB40 3_2_00007FFDFB4BCB40
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB591300 3_2_00007FFDFB591300
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4BBAE0 3_2_00007FFDFB4BBAE0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB504AE0 3_2_00007FFDFB504AE0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4F0F10 3_2_00007FFDFB4F0F10
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4E0B10 3_2_00007FFDFB4E0B10
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4CBF10 3_2_00007FFDFB4CBF10
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4CD310 3_2_00007FFDFB4CD310
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4BB700 3_2_00007FFDFB4BB700
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4B5300 3_2_00007FFDFB4B5300
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4C9300 3_2_00007FFDFB4C9300
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4C71B0 3_2_00007FFDFB4C71B0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4C7DA0 3_2_00007FFDFB4C7DA0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4F1DD0 3_2_00007FFDFB4F1DD0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB5915B0 3_2_00007FFDFB5915B0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4EE1C0 3_2_00007FFDFB4EE1C0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB51E980 3_2_00007FFDFB51E980
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB54A960 3_2_00007FFDFB54A960
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4DE590 3_2_00007FFDFB4DE590
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB592170 3_2_00007FFDFB592170
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4B4630 3_2_00007FFDFB4B4630
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB58CE40 3_2_00007FFDFB58CE40
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4BA620 3_2_00007FFDFB4BA620
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4B4A50 3_2_00007FFDFB4B4A50
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB58FE20 3_2_00007FFDFB58FE20
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4DC250 3_2_00007FFDFB4DC250
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4D2650 3_2_00007FFDFB4D2650
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4B9240 3_2_00007FFDFB4B9240
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4B4640 3_2_00007FFDFB4B4640
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB591A10 3_2_00007FFDFB591A10
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB503A10 3_2_00007FFDFB503A10
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4D0210 3_2_00007FFDFB4D0210
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4E1200 3_2_00007FFDFB4E1200
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4BE4B0 3_2_00007FFDFB4BE4B0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4B58B0 3_2_00007FFDFB4B58B0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB54CCB0 3_2_00007FFDFB54CCB0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4B9CC0 3_2_00007FFDFB4B9CC0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4BC4C0 3_2_00007FFDFB4BC4C0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB527080 3_2_00007FFDFB527080
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB531890 3_2_00007FFDFB531890
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4EC930 3_2_00007FFDFB4EC930
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4F2130 3_2_00007FFDFB4F2130
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4B6120 3_2_00007FFDFB4B6120
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB53A120 3_2_00007FFDFB53A120
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB54B120 3_2_00007FFDFB54B120
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4B98F0 3_2_00007FFDFB4B98F0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4C84F0 3_2_00007FFDFB4C84F0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4B60E0 3_2_00007FFDFB4B60E0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB592510 3_2_00007FFDFB592510
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4EDCE0 3_2_00007FFDFB4EDCE0
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4BDD10 3_2_00007FFDFB4BDD10
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4C0510 3_2_00007FFDFB4C0510
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4B6110 3_2_00007FFDFB4B6110
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB504510 3_2_00007FFDFB504510
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB4B6100 3_2_00007FFDFB4B6100
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB51F3D0 10_2_00007FFDFB51F3D0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4C8BD0 10_2_00007FFDFB4C8BD0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4B8BC0 10_2_00007FFDFB4B8BC0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB54C390 10_2_00007FFDFB54C390
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB506360 10_2_00007FFDFB506360
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4B3C30 10_2_00007FFDFB4B3C30
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4CA450 10_2_00007FFDFB4CA450
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4D13F0 10_2_00007FFDFB4D13F0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4EEC00 10_2_00007FFDFB4EEC00
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4D8AB0 10_2_00007FFDFB4D8AB0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB54BAA0 10_2_00007FFDFB54BAA0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB54D2A0 10_2_00007FFDFB54D2A0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4B52D0 10_2_00007FFDFB4B52D0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4B4AD0 10_2_00007FFDFB4B4AD0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4B4AC0 10_2_00007FFDFB4B4AC0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4CAA80 10_2_00007FFDFB4CAA80
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB553B40 10_2_00007FFDFB553B40
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4CC330 10_2_00007FFDFB4CC330
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4CCB50 10_2_00007FFDFB4CCB50
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB537B30 10_2_00007FFDFB537B30
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4BCB40 10_2_00007FFDFB4BCB40
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB591300 10_2_00007FFDFB591300
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4BBAE0 10_2_00007FFDFB4BBAE0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB504AE0 10_2_00007FFDFB504AE0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4E0B10 10_2_00007FFDFB4E0B10
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4CD310 10_2_00007FFDFB4CD310
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4B5300 10_2_00007FFDFB4B5300
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4C9300 10_2_00007FFDFB4C9300
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4C71B0 10_2_00007FFDFB4C71B0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4EE1C0 10_2_00007FFDFB4EE1C0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB51E980 10_2_00007FFDFB51E980
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB54A960 10_2_00007FFDFB54A960
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB592170 10_2_00007FFDFB592170
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4B4A50 10_2_00007FFDFB4B4A50
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4DC250 10_2_00007FFDFB4DC250
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4B9240 10_2_00007FFDFB4B9240
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB591A10 10_2_00007FFDFB591A10
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB503A10 10_2_00007FFDFB503A10
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4D0210 10_2_00007FFDFB4D0210
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4E1200 10_2_00007FFDFB4E1200
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4B58B0 10_2_00007FFDFB4B58B0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB527080 10_2_00007FFDFB527080
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB531890 10_2_00007FFDFB531890
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4EC930 10_2_00007FFDFB4EC930
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4F2130 10_2_00007FFDFB4F2130
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4B6120 10_2_00007FFDFB4B6120
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB53A120 10_2_00007FFDFB53A120
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB54B120 10_2_00007FFDFB54B120
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4B98F0 10_2_00007FFDFB4B98F0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4B60E0 10_2_00007FFDFB4B60E0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4B6110 10_2_00007FFDFB4B6110
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4B6100 10_2_00007FFDFB4B6100
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB591FC0 10_2_00007FFDFB591FC0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4B37A0 10_2_00007FFDFB4B37A0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB502FD0 10_2_00007FFDFB502FD0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4ECFD0 10_2_00007FFDFB4ECFD0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4C0F60 10_2_00007FFDFB4C0F60
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4D1760 10_2_00007FFDFB4D1760
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4FD030 10_2_00007FFDFB4FD030
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4BD020 10_2_00007FFDFB4BD020
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4CF7E0 10_2_00007FFDFB4CF7E0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4D5FE0 10_2_00007FFDFB4D5FE0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4DA010 10_2_00007FFDFB4DA010
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB505000 10_2_00007FFDFB505000
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4F16B0 10_2_00007FFDFB4F16B0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4C9EB0 10_2_00007FFDFB4C9EB0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4D0EB0 10_2_00007FFDFB4D0EB0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB591EA0 10_2_00007FFDFB591EA0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB52F6B0 10_2_00007FFDFB52F6B0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB51EEB0 10_2_00007FFDFB51EEB0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB54D6B0 10_2_00007FFDFB54D6B0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB5526B0 10_2_00007FFDFB5526B0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4EE6C0 10_2_00007FFDFB4EE6C0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4D0EC0 10_2_00007FFDFB4D0EC0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4ED670 10_2_00007FFDFB4ED670
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4F4690 10_2_00007FFDFB4F4690
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB512E70 10_2_00007FFDFB512E70
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4D8E80 10_2_00007FFDFB4D8E80
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4B8F30 10_2_00007FFDFB4B8F30
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4F0F10 10_2_00007FFDFB4F0F10
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4CBF10 10_2_00007FFDFB4CBF10
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4BB700 10_2_00007FFDFB4BB700
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4C7DA0 10_2_00007FFDFB4C7DA0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4F1DD0 10_2_00007FFDFB4F1DD0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB5915B0 10_2_00007FFDFB5915B0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4DE590 10_2_00007FFDFB4DE590
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4B4630 10_2_00007FFDFB4B4630
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB58CE40 10_2_00007FFDFB58CE40
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4BA620 10_2_00007FFDFB4BA620
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB58FE20 10_2_00007FFDFB58FE20
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4D2650 10_2_00007FFDFB4D2650
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4B4640 10_2_00007FFDFB4B4640
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4BE4B0 10_2_00007FFDFB4BE4B0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB54CCB0 10_2_00007FFDFB54CCB0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4BC4C0 10_2_00007FFDFB4BC4C0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4B9CC0 10_2_00007FFDFB4B9CC0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4C84F0 10_2_00007FFDFB4C84F0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB592510 10_2_00007FFDFB592510
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4EDCE0 10_2_00007FFDFB4EDCE0
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4BDD10 10_2_00007FFDFB4BDD10
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB4C0510 10_2_00007FFDFB4C0510
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB504510 10_2_00007FFDFB504510
One or more processes crash
Source: C:\Windows\System32\rundll32.exe Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5572 -s 328
PE / OLE file has an invalid certificate
Source: libmmd.dll.dll Static PE information: invalid certificate
Sample file is different than original file name gathered from version info
Source: libmmd.dll.dll Binary or memory string: OriginalFilenamelibmmd.dll` vs libmmd.dll.dll
Source: classification engine Classification label: mal48.winDLL@126/17@0/0
Source: C:\Windows\System32\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7360
Source: C:\Windows\System32\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7212
Source: C:\Windows\System32\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5572
Source: C:\Windows\System32\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5180
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6372:120:WilError_03
Source: C:\Windows\System32\WerFault.exe File created: C:\ProgramData\Microsoft\Windows\WER\Temp\08768608-d9f7-4341-905f-872fba1a7398 Jump to behavior
Source: libmmd.dll.dll Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\loaddll64.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,_LIB_VERSIONIMF
Source: libmmd.dll.dll Virustotal: Detection: 59%
Source: libmmd.dll.dll ReversingLabs: Detection: 55%
Source: unknown Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\libmmd.dll.dll"
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",#1
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,_LIB_VERSIONIMF
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",#1
Source: C:\Windows\System32\rundll32.exe Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5572 -s 328
Source: C:\Windows\System32\rundll32.exe Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5180 -s 328
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,__acosdq
Source: C:\Windows\System32\rundll32.exe Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7212 -s 328
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,__acoshq
Source: C:\Windows\System32\rundll32.exe Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7360 -s 320
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",_LIB_VERSIONIMF
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",__acosdq
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",__acoshq
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynl
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynf16
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynf
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",yn
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1l
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1f16
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1f
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0l
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0f16
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0f
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncl
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncf16
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncf
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",trunc
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammal
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammaf16
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammaf
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgamma
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",#1 Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,_LIB_VERSIONIMF Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,__acosdq Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,__acoshq Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",_LIB_VERSIONIMF Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",__acosdq Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",__acoshq Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynl Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynf16 Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynf Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",yn Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1l Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1f16 Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1f Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1 Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0l Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0f16 Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0f Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0 Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncl Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncf16 Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncf Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",trunc Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammal Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammaf16 Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammaf Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgamma Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5180 -s 328 Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7212 -s 328 Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",#1 Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: apphelp.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: libmmd.dll.dll Static PE information: More than 1031 > 100 exports found
Source: libmmd.dll.dll Static PE information: Virtual size of .text is bigger than: 0x100000
Source: libmmd.dll.dll Static PE information: Image base 0x180000000 > 0x60000000
Source: libmmd.dll.dll Static file information: File size 4148864 > 1048576
Source: libmmd.dll.dll Static PE information: Raw size of .text is bigger than: 0x100000 < 0x186200
Source: libmmd.dll.dll Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x1d4e00
Source: libmmd.dll.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: libmmd.dll.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: libmmd.dll.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: libmmd.dll.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: libmmd.dll.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: libmmd.dll.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: libmmd.dll.dll Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: libmmd.dll.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: libmmd.pdb source: loaddll64.exe, 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000003.00000002.1848304264.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.1873710881.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.1885773523.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000D.00000002.1862393694.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000010.00000002.1747347794.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000011.00000002.1747087759.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000012.00000002.1750013302.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000013.00000002.1749039897.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000014.00000002.1749032696.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000015.00000002.1752058510.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000016.00000002.1751496469.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000017.00000002.1749543583.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000018.00000002.1749536241.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000019.00000002.1750742280.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001A.00000002.1752568515.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001B.00000002.1752624679.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001C.00000002.1754625176.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001D.00000002.1750788043.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001E.00000002.1748228081.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001F.00000002.1749140606.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000021.00000002.1755733861.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000022.00000002.1754466954.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000023.00000002.1752953424.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000024.00000002.1754615312.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000026.00000002.1755501845.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000027.00000002.1753539233.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000029.00000002.1755439685.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, libmmd.dll.dll
PE file contains an invalid checksum
Source: libmmd.dll.dll Static PE information: real checksum: 0x40421d should be: 0x40244a
PE file contains sections with non-standard names
Source: libmmd.dll.dll Static PE information: section name: .trace
Source: libmmd.dll.dll Static PE information: section name: _RDATA
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Found large amount of non-executed APIs
Source: C:\Windows\System32\loaddll64.exe API coverage: 8.1 %
Source: C:\Windows\System32\rundll32.exe API coverage: 2.7 %
Source: C:\Windows\System32\rundll32.exe API coverage: 3.7 %
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: Amcache.hve.8.dr Binary or memory string: VMware
Source: Amcache.hve.8.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.8.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.8.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.8.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.8.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.8.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.8.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.8.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.8.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.8.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.8.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.8.dr Binary or memory string: vmci.sys
Source: Amcache.hve.8.dr Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.8.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.8.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.8.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.8.dr Binary or memory string: VMware20,1
Source: Amcache.hve.8.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.8.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.8.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.8.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.8.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.8.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.8.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.8.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.8.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.8.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.8.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Checks if the current process is being debugged
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB62BDAC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 10_2_00007FFDFB62BDAC
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB4B8420 CreateFileW,GetProcessHeap,HeapAlloc, 0_2_00007FFDFB4B8420
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB624CCC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00007FFDFB624CCC
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFDFB624CCC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 3_2_00007FFDFB624CCC
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB62BDAC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 10_2_00007FFDFB62BDAC
Source: C:\Windows\System32\rundll32.exe Code function: 10_2_00007FFDFB624CCC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 10_2_00007FFDFB624CCC
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",#1 Jump to behavior
Contains functionality to query CPU information (cpuid)
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB624670 cpuid 0_2_00007FFDFB624670
Source: C:\Windows\System32\loaddll64.exe Code function: 0_2_00007FFDFB624F68 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 0_2_00007FFDFB624F68
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.8.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.8.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.8.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.8.dr Binary or memory string: MsMpEng.exe
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1483413 Sample: libmmd.dll.exe Startdate: 27/07/2024 Architecture: WINDOWS Score: 48 28 Multi AV Scanner detection for submitted file 2->28 8 loaddll64.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 8->14         started        16 25 other processes 8->16 process5 18 rundll32.exe 10->18         started        20 WerFault.exe 18 12->20         started        22 WerFault.exe 16 14->22         started        24 WerFault.exe 16 16->24         started        process6 26 WerFault.exe 20 16 18->26         started       
No contacted IP infos