Windows Analysis Report
goopdate.dll

Overview

General Information

Sample name: goopdate.dll
Analysis ID: 1500521
MD5: 351f45571fd7039de0241245aa85731f
SHA1: 2ff66d370f7cedc92585c6abb37ef01b36ae6439
SHA256: c03cc808b64645455aba526be1ea018242fcd39278acbbf5ec3df544f9cf9595
Tags: AdvancedPersistentThreatdll
Infos:

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: goopdate.dll Avira: detected
Multi AV Scanner detection for submitted file
Source: goopdate.dll ReversingLabs: Detection: 44%
Uses 32bit PE files
Source: goopdate.dll Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
Source: goopdate.dll Static PE information: DYNAMIC_BASE, NX_COMPAT
Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD41570.29.dr, 57C8EDB95DF3F0AD4EE2DC2B8CFD41571.29.dr String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: SIHClient.exe, 0000001D.00000003.2220975877.000001DE74BDA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?36a140b
Source: SIHClient.exe, 0000001D.00000003.2220750756.000001DE74C0E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?abd98b4
Creates files inside the system directory
Source: C:\Windows\System32\SIHClient.exe File created: C:\Windows\SoftwareDistribution\SLS\522D76A4-93E1-47F8-B8CE-07C937AD1A1E\TMPF32B.tmp
Source: C:\Windows\System32\SIHClient.exe File created: C:\Windows\SoftwareDistribution\SLS\E7A50285-D08D-499D-9FF8-180FDC2332BC\TMP85B7.tmp
Uses 32bit PE files
Source: goopdate.dll Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
Source: classification engine Classification label: mal56.winDLL@9343/8@0/0
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3440:120:WilError_03
Source: C:\Windows\System32\SIHClient.exe Mutant created: {376155FF-95A0-46CA-8F57-ACB09EA70153}
Source: goopdate.dll Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\loaddll32.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\System32\SIHClient.exe File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\SIHClient.exe File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\SIHClient.exe File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\SIHClient.exe File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry
Source: goopdate.dll ReversingLabs: Detection: 44%
Source: unknown Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\goopdate.dll"
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\System32\SIHClient.exe C:\Windows\System32\sihclient.exe /cv xwcuVp8y50a/oEcgM7A80w.0.2
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",DllEntry
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1 Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\System32\SIHClient.exe C:\Windows\System32\sihclient.exe /cv xwcuVp8y50a/oEcgM7A80w.0.2 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\goopdate.dll,DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",DllEntry Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\SIHClient.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07369A67-07A6-4608-ABEA-379491CB7C46}\InprocServer32
Source: goopdate.dll Static PE information: Virtual size of .text is bigger than: 0x100000
Source: goopdate.dll Static file information: File size 21085696 > 1048576
Source: goopdate.dll Static PE information: Raw size of .text is bigger than: 0x100000 < 0x140d000
Source: goopdate.dll Static PE information: DYNAMIC_BASE, NX_COMPAT
Source: goopdate.dll Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: goopdate.dll Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: goopdate.dll Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: goopdate.dll Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: goopdate.dll Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\SIHClient.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SIHClient.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SIHClient.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SIHClient.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SIHClient.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SIHClient.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SIHClient.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SIHClient.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SIHClient.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SIHClient.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\SysWOW64\rundll32.exe Window / User API: threadDelayed 2914 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Window / User API: threadDelayed 2870 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Window / User API: threadDelayed 2798 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\SysWOW64\rundll32.exe TID: 4500 Thread sleep count: 2914 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 4500 Thread sleep time: -5828000s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 4500 Thread sleep count: 233 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 4500 Thread sleep time: -466000s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6008 Thread sleep count: 2870 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6008 Thread sleep time: -5740000s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6008 Thread sleep count: 252 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6008 Thread sleep time: -504000s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 1164 Thread sleep count: 2798 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 1164 Thread sleep time: -5596000s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 1164 Thread sleep count: 229 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 1164 Thread sleep time: -458000s >= -30000s Jump to behavior
Source: C:\Windows\System32\SIHClient.exe TID: 4068 Thread sleep time: -60000s >= -30000s
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Windows\System32\SIHClient.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\SIHClient.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Source: C:\Windows\System32\SIHClient.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\SIHClient.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\loaddll32.exe Thread delayed: delay time: 120000 Jump to behavior
Source: SIHClient.exe, 0000001D.00000003.2221733576.000001DE74BC4000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001D.00000002.2600023005.000001DE74BC4000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001D.00000003.2599517386.000001DE74BC4000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001D.00000003.2222702214.000001DE74BC4000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001D.00000003.2223221619.000001DE74BC4000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001D.00000003.2220975877.000001DE74BC4000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001D.00000003.2222228330.000001DE74BC4000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001D.00000003.2599347012.000001DE74B74000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001D.00000002.2600023005.000001DE74B74000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001D.00000003.2220939280.000001DE74B77000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\goopdate.dll",#1 Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1500521 Sample: goopdate.dll Startdate: 28/08/2024 Architecture: WINDOWS Score: 56 44 Antivirus / Scanner detection for submitted sample 2->44 46 Multi AV Scanner detection for submitted file 2->46 8 loaddll32.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 8->14         started        16 conhost.exe 8->16         started        process5 18 rundll32.exe 10->18         started        20 rundll32.exe 12->20         started        22 rundll32.exe 12->22         started        24 rundll32.exe 12->24         started        32 8 other processes 12->32 26 rundll32.exe 14->26         started        28 rundll32.exe 14->28         started        30 rundll32.exe 14->30         started        34 8 other processes 14->34 process6 36 rundll32.exe 18->36         started        38 rundll32.exe 18->38         started        40 rundll32.exe 18->40         started        42 10 other processes 18->42
No contacted IP infos

Contacted Domains

Name IP Active
bg.microsoft.map.fastly.net 199.232.214.172 true