Windows Analysis Report
file.dll

Overview

General Information

Sample name: file.dll
(renamed file extension from exe to dll)
Original sample name: file.exe
Analysis ID: 1524398
MD5: 3221211c319e55e42e398e062c1e155e
SHA1: b1378446aa1cbe0858eed3c7083235a3856a82ba
SHA256: cae7512666ae3f18702df3bffaf297739a30aa05ea73a7d1ee4c50ba2d874b93
Tags: dllexesignedx64user-jstrosch
Infos:

Detection

Score: 6
Range: 0 - 100
Whitelisted: false
Confidence: 0%

Signatures

AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Classification

Source: file.dll Static PE information: certificate valid
Source: file.dll Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-x64-cygwin\jdk8u361\3183\build\windows-x64\jdk\objs\libjsound\jsound.pdb source: rundll32.exe, 00000003.00000002.1830544768.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.1858789941.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.1876625033.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000E.00000002.1845055529.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000F.00000002.1775538392.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000012.00000002.1774962600.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000014.00000002.1775772661.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000016.00000002.1779009700.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000019.00000002.1778970705.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001A.00000002.1776288921.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001B.00000002.1779014099.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001C.00000002.1779041307.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000021.00000002.1779110136.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000023.00000002.1779057663.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000024.00000002.1780573721.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000027.00000002.2924216865.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000028.00000002.1780499954.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000029.00000002.1779102324.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, file.dll
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-x64-cygwin\jdk8u361\3183\build\windows-x64\jdk\objs\libjsound\jsound.pdb!! source: rundll32.exe, 00000003.00000002.1830544768.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.1858789941.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.1876625033.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000E.00000002.1845055529.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000F.00000002.1775538392.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000012.00000002.1774962600.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000014.00000002.1775772661.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000016.00000002.1779009700.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000019.00000002.1778970705.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001A.00000002.1776288921.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001B.00000002.1779014099.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001C.00000002.1779041307.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000021.00000002.1779110136.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000023.00000002.1779057663.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000024.00000002.1780573721.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000027.00000002.2924216865.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000028.00000002.1780499954.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000029.00000002.1779102324.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, file.dll
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Source: unknown DNS traffic detected: query: 171.39.242.20.in-addr.arpa replaycode: Name error (3)
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa
Source: file.dll String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: file.dll String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: file.dll String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: file.dll String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: file.dll String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: file.dll String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: file.dll String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: file.dll String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: file.dll String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: file.dll String found in binary or memory: http://ocsp.digicert.com0
Source: file.dll String found in binary or memory: http://ocsp.digicert.com0A
Source: file.dll String found in binary or memory: http://ocsp.digicert.com0C
Source: file.dll String found in binary or memory: http://ocsp.digicert.com0X
Source: Amcache.hve.8.dr String found in binary or memory: http://upx.sf.net
Source: file.dll String found in binary or memory: http://www.digicert.com/CPS0
Detected potential crypto function
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFE148E176C 3_2_00007FFE148E176C
Source: C:\Windows\System32\rundll32.exe Code function: 41_2_00007FFE148E176C 41_2_00007FFE148E176C
One or more processes crash
Source: C:\Windows\System32\rundll32.exe Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6768 -s 356
Sample file is different than original file name gathered from version info
Source: file.dll Binary or memory string: OriginalFilenamejsound.dllN vs file.dll
Source: classification engine Classification label: clean6.winDLL@78/13@1/0
Source: C:\Windows\System32\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6728
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6556:120:WilError_03
Source: C:\Windows\System32\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6036
Source: C:\Windows\System32\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6768
Source: C:\Windows\System32\WerFault.exe File created: C:\ProgramData\Microsoft\Windows\WER\Temp\e58b05d4-f5ae-4b8d-bfbd-c699532ae4aa Jump to behavior
Source: file.dll Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\loaddll64.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,Java_com_sun_media_sound_MidiInDeviceProvider_nGetDescription
Source: unknown Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\file.dll"
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,Java_com_sun_media_sound_MidiInDeviceProvider_nGetDescription
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Source: C:\Windows\System32\rundll32.exe Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6768 -s 356
Source: C:\Windows\System32\rundll32.exe Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6728 -s 356
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,Java_com_sun_media_sound_MidiInDeviceProvider_nGetName
Source: C:\Windows\System32\rundll32.exe Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6036 -s 528
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,Java_com_sun_media_sound_MidiInDeviceProvider_nGetNumDevices
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiInDeviceProvider_nGetDescription
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiInDeviceProvider_nGetName
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiInDeviceProvider_nGetNumDevices
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nOpen
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nGetPortType
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nGetPortName
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nGetPortCount
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nGetControls
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nControlSetIntValue
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nControlSetFloatValue
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nControlGetIntValue
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nControlGetFloatValue
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nClose
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixerProvider_nNewPortMixerInfo
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixerProvider_nGetNumDevices
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_Platform_nIsSigned8
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_Platform_nIsBigEndian
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_Platform_nGetLibraryForFeature
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_Platform_nGetExtraLibraries
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiOutDevice_nSendShortMessage
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiOutDevice_nSendLongMessage
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiOutDevice_nOpen
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiOutDevice_nGetTimeStamp
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiOutDevice_nClose
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiOutDeviceProvider_nGetVersion
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiOutDeviceProvider_nGetVendor
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1 Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,Java_com_sun_media_sound_MidiInDeviceProvider_nGetDescription Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,Java_com_sun_media_sound_MidiInDeviceProvider_nGetName Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,Java_com_sun_media_sound_MidiInDeviceProvider_nGetNumDevices Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiInDeviceProvider_nGetDescription Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiInDeviceProvider_nGetName Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiInDeviceProvider_nGetNumDevices Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nOpen Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nGetPortType Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nGetPortName Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nGetPortCount Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nGetControls Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nControlSetIntValue Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nControlSetFloatValue Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nControlGetIntValue Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nControlGetFloatValue Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixer_nClose Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixerProvider_nNewPortMixerInfo Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_PortMixerProvider_nGetNumDevices Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_Platform_nIsSigned8 Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_Platform_nIsBigEndian Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_Platform_nGetLibraryForFeature Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_Platform_nGetExtraLibraries Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiOutDevice_nSendShortMessage Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiOutDevice_nSendLongMessage Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiOutDevice_nOpen Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiOutDevice_nGetTimeStamp Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiOutDevice_nClose Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiOutDeviceProvider_nGetVersion Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_MidiOutDeviceProvider_nGetVendor Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1 Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: vcruntime140.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: file.dll Static PE information: certificate valid
Source: file.dll Static PE information: Image base 0x180000000 > 0x60000000
Source: file.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.dll Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: file.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-x64-cygwin\jdk8u361\3183\build\windows-x64\jdk\objs\libjsound\jsound.pdb source: rundll32.exe, 00000003.00000002.1830544768.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.1858789941.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.1876625033.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000E.00000002.1845055529.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000F.00000002.1775538392.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000012.00000002.1774962600.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000014.00000002.1775772661.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000016.00000002.1779009700.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000019.00000002.1778970705.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001A.00000002.1776288921.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001B.00000002.1779014099.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001C.00000002.1779041307.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000021.00000002.1779110136.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000023.00000002.1779057663.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000024.00000002.1780573721.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000027.00000002.2924216865.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000028.00000002.1780499954.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000029.00000002.1779102324.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, file.dll
Source: Binary string: c:\jenkins\workspace\8-2-build-windows-x64-cygwin\jdk8u361\3183\build\windows-x64\jdk\objs\libjsound\jsound.pdb!! source: rundll32.exe, 00000003.00000002.1830544768.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.1858789941.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.1876625033.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000E.00000002.1845055529.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000F.00000002.1775538392.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000012.00000002.1774962600.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000014.00000002.1775772661.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000016.00000002.1779009700.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000019.00000002.1778970705.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001A.00000002.1776288921.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001B.00000002.1779014099.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001C.00000002.1779041307.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000021.00000002.1779110136.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000023.00000002.1779057663.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000024.00000002.1780573721.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000027.00000002.2924216865.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000028.00000002.1780499954.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000029.00000002.1779102324.00007FFE148E6000.00000002.00000001.01000000.00000003.sdmp, file.dll
Source: file.dll Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.dll Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.dll Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.dll Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.dll Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\System32\rundll32.exe Window / User API: threadDelayed 4716
Source: C:\Windows\System32\rundll32.exe Window / User API: threadDelayed 5284
Found large amount of non-executed APIs
Source: C:\Windows\System32\rundll32.exe API coverage: 8.9 %
Source: C:\Windows\System32\rundll32.exe API coverage: 9.5 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\System32\loaddll64.exe TID: 6560 Thread sleep time: -120000s >= -30000s Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7472 Thread sleep count: 4716 > 30
Source: C:\Windows\System32\rundll32.exe TID: 7472 Thread sleep count: 5284 > 30
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe Last function: Thread delayed
Source: C:\Windows\System32\loaddll64.exe Thread delayed: delay time: 120000 Jump to behavior
Source: Amcache.hve.8.dr Binary or memory string: VMware
Source: Amcache.hve.8.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.8.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.8.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.8.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.8.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.8.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.8.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.8.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.8.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.8.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.8.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.8.dr Binary or memory string: vmci.sys
Source: Amcache.hve.8.dr Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.8.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.8.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.8.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.8.dr Binary or memory string: VMware20,1
Source: Amcache.hve.8.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.8.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.8.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.8.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.8.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.8.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.8.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.8.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.8.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.8.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.8.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Checks if the current process is being debugged
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Source: C:\Windows\System32\rundll32.exe Process queried: DebugPort
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFE148E538C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_2_00007FFE148E538C
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFE148E5078 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 3_2_00007FFE148E5078
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFE148E538C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_2_00007FFE148E538C
Source: C:\Windows\System32\rundll32.exe Code function: 41_2_00007FFE148E5078 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 41_2_00007FFE148E5078
Source: C:\Windows\System32\rundll32.exe Code function: 41_2_00007FFE148E538C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 41_2_00007FFE148E538C
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1 Jump to behavior
Source: C:\Windows\System32\rundll32.exe Code function: 3_2_00007FFE148E54DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 3_2_00007FFE148E54DC
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.8.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.8.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.8.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.8.dr Binary or memory string: MsMpEng.exe
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1524398 Sample: file.exe Startdate: 02/10/2024 Architecture: WINDOWS Score: 6 26 171.39.242.20.in-addr.arpa 2->26 8 loaddll64.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 8->14         started        16 28 other processes 8->16 process5 18 rundll32.exe 10->18         started        20 WerFault.exe 16 12->20         started        22 WerFault.exe 16 14->22         started        process6 24 WerFault.exe 20 18 18->24         started       
No contacted IP infos

Contacted Domains

Name IP Active
171.39.242.20.in-addr.arpa unknown unknown