Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | July 9, 2022, 1:40 p.m. | July 9, 2022, 1:51 p.m. |
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,AjkRVrFNnyQmqXQdrComyaiwV
2316-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,AjkRVrFNnyQmqXQdrComyaiwV
2920
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,BMIWqtk
2512-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,BMIWqtk
1580
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,AkMhEGvNFpnSswjeCw
2420-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,AkMhEGvNFpnSswjeCw
3008
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,BxBybURSqJfOwVmXj
2692-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,BxBybURSqJfOwVmXj
2348
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,CCSLGUsdVtcCbfF
2784-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,CCSLGUsdVtcCbfF
2308
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,CWBdqFubMR
2880-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,CWBdqFubMR
2432
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,BpsBUyIiAmXYU
2604-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,BpsBUyIiAmXYU
2416
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,CbEceKaoQvfuhhIK
3040-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,CbEceKaoQvfuhhIK
2676
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,CcBDyidVYuvtjWfG
2536-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,CcBDyidVYuvtjWfG
2960
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,CeOVtVdkUnRPoUvswsvkEf
2868-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,CeOVtVdkUnRPoUvswsvkEf
2324
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,CvxIGiXAzAG
2224-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,CvxIGiXAzAG
2632
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,DllRegisterServer
2992-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,DllRegisterServer
2884-
regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\RPhdXxV\hyoafnKWtJAy.dll"
3612
-
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,DPsWXvFrrwOLZwoq
2136-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,DPsWXvFrrwOLZwoq
2080
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,ENtihcf
2584-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,ENtihcf
2588
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,EVYoaysfyVmedMKzqOkd
2936-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,EVYoaysfyVmedMKzqOkd
2052
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,FSgLIbzCJsGhKrdTRUhBnjq
2492-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,FSgLIbzCJsGhKrdTRUhBnjq
3032
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,FXswjNvwqEmJHSzKXfB
2384-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,FXswjNvwqEmJHSzKXfB
3052
-
-
explorer.exe C:\Windows\Explorer.EXE
1236 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,FmRrLoGPniSXxeHYAaRXrsSIt
2680-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,FmRrLoGPniSXxeHYAaRXrsSIt
3056
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,FzYYWlRKDQMfKaJAUq
2304-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,FzYYWlRKDQMfKaJAUq
2872
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,GEQqgSeWrJkaNSdjOw
2728 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,GLvPFjzv
3124 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,GTfYoyhXUmiOrfM
3216 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,GVTerofsGHUASHLhWfIFX
3324 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,GlLOHKioWJZCQPS
3456 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,GpqOdmj
3596 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,GtaEQGQNcgERZqWo
3752 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,GzdHPyIXWoMGb
3848 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,HKgdkPfboZzjQODFfSu
3980 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,HmXZBMEhrWvTg
2476 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,HvFWvy
3208 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,ICrKqnEJHHrxYaH
3352 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,IDENrF
3520 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,ISuniIBoqjzfv
3720 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,IcEiBSQQHwaxZGs
2436 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,JCFScdjDVMLKVa
3916 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,JGwGKVHFHwfxsyCIp
3100 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,JnkFkZthy
3044 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,LSRvMYckceDUkCMxwUAq
3588 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,LhZoEaJRggyJr
2772 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,MknuTlXosJJdvczIkg
3996 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,MrhDZxAutnSSobTVt
3388 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,NRfTvw
3656 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,NZDMYgNWoHhCVPBFWyuTBSesQ
3684 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,NmBmwe
3296 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,NzYPpUvQ
3688 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,OThzaIZTEfYKTCCRQlcnW
2496 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,OWMilsbkgGVyJL
4028 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,OguxguFiYSHz
3332 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,PHzWjRI
3784 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,PNJeVrAcZDAW
3264 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,PSDYwIgmLiVzYESIaUYrbKg
4164 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,PiJSThSmMmzNNC
4268 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,PneIJqdSVVerltCm
4380 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,PpsLezsCiHiCVkHmZP
4480 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,PuoUVwFKYxjCqT
4600 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,PwNlKX
4744 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,QRkaVvgiLqTCjGKy
4848 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,RJAcdfSthTv
4944 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,RYkwsDq
5052 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,RZtKxjO
4100 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,RcnQoaySRBXJxsiZQIHxe
4348 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,RdnXeofUSzEDgzxXeW
4472 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,RfsPQSmuvBYXfIScfOT
4640 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,RkfakVk
4804 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,RmhqixPgftgQ
4972 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,SInCoGYrouPZGmYYJGKIR
5116 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,SRXSueHCT
4328 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,SVlQsYSAXEyhEvVkdWdX
4500 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,SnLgFTA
4756 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,SxfQZPkEOIcG
5048 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,TJZCJgp
4208 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,TSNqZL
4504 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,TfpEQJjWUDp
4876 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,TvUVDsEcInyvKdGRA
4112 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,TvtXyQtNShHDYCMvH
4772 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,UGXSNpc
5040 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,ULOMXGiV
4996 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,UVzHIeChKCEwTMG
4228 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,UagSsmENTltTUKpktiEuRJfE
4568 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,UbjFSQJG
5124 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,UjDfVglhgynLAuMpwrtpXkH
5248 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,UrxprELRNWbXXBuOJlJ
5348 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,VXDuMBzruSCyfbAMzIrvV
5464 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,VcrtEzpxSRmZr
5584 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,VkRjra
5688 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,WMxfpgNLwoiQTZjkM
5804 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,WjtCBeYwDkRZvKLfJD
5924 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,XoMiJXhdBRBldnkLkgMM
6048 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,XsBeDFcmOsaqRihqMytJ
4708 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,YGPQhuvjFbQXSoJfVilOnVw
5220 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,YvzKAJK
5444 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,ZAppiYnp
5600 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,ZXZEfUeKC
5744 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,ZoyjBLvuBnIxXaWxFC
5880 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,aZwlVZLRtCIfDmaYbAXR
6016 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,bdnAzUNoMZJXxzHG
4184 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,btmsIKQVm
5408 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,cFminOM
5648 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,cKjOEfqQYYQ
5572 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,czIvuAZ
6036 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,dMEJcsHSUiODu
5416 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,dPYgmMRi
5720 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,dStUmppUwHfwVxtCgCewXt
6064 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,deMXieymThIxfyWzHCMb
5344 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,dgCMMkwNpUNZ
5668 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,eDtAbxMTINFwGjIRymBKxBFTe
6072 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,ePfrWQkHuKqOV
5168 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,eQnPJdIEwUrOjHyYKajVY
6060 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,eWqtOcNgKbDEwKynrCTAaqRd
4204 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,eiRJXgFAjkyObQxtC
6160 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,fLsjxmtTmthGKPw
6276 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,fqsAeZLb
6376 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,frkkGhhTKCPBzCLoveBHn
6500 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,fxmvSQNzSiXj
6600 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,gATjvjWkzNfdmAJbeFMKFtUmoI
6716 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,gCFmNdxvaAq
6840 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,gfeRIwKkCZUnQQ
6988 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,gjZENXkR
7080 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,gzzlrzxMlshrI
5884 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,hClTxV
6328 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,hDdSABujeGhBdM
6424 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,hJbRrovBnfzadHBLOAaX
6560 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,hLNWWET
6644 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,iIJmtODVuCFQPMFae
6884 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,iItzzFKWzIZojfOFqJG
7004 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,ibqesePIQXoUwnfgkLvfcuMFHK
7136 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,ieuLWaTjVeuBYegSaGXuly
204 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,igFffrhNCQcHQStroQFS
6512 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,irtTnxRuuXAWDuDRGCivHz
6740 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,jVNpFjHcSQ
900 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,jotleypmamgIHEUfZPLSmMtq
6836 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,jrkFXlWfdhOn
6204 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,kOcvjMhVkKI
6628 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,kPsHiOxOlxeVBpHYooACxIXHB
6792 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,kUHyuFSDHjRQgcFnZIHgvahta
6268 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,kXMermOELWqc
6224 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,kkWRnVCjitIbHTy
6264 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,kpoFTDgQJFpD
6912 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,kvCgXPvHuWWWdAHGy
6888 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,lFcjChjFWgKWuOuaAxn
6200 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,lKFTvqNg
7032 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,lcbnVGCdYXcKZTYevsVX
7184 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,lefIOOsVMhliLLj
7280 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,mKrNVAlauoRSIht
7400 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,nRVfeUAoalGiEviupjuyTviKt
7500 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,nWkMZMN
7620 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,naKLRCkO
7744 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,njUWLbQgRBGSd
7860 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,nlBfCJTJQhnnPxbkQkUAwWpmaA
7968 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,nmBYnmjGCq
8108 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,oIAdOUfQaetEfqMDSL
6592 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,osSAAvHx
7320 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,ovwgmHjsMpOQyjNpuqeLd
7512 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,ozpFyAlRWIHNYPuJbOLpoZosmO
7636 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,pAbWNQjHuawouRBUprBVrXw
7820 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,pCYRinZyYkFOxayPFyJDEDxKzO
7976 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,pQvYHQSqPMdqFOFub
8096 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,pbzbgZeZipMwitVYJJbYTdyYQ
8144 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,pnbxRJnSdfpDADRIEWZXepR
7560 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,qAirVWefWGdomxGs
7572 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,qbgUwwXPUNM
7916 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,rJVMJaiBojiOWxURyzmLWnxH
8180 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,rOlGGoosrOYjYnwqSX
7528 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,rSHUNkevMkknNwSlqR
8000 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,rmrMOmqIIM
7384 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,sBcaPzIWckINwkFTBxmdkiKID
7732 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,sJXDLm
7492 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,sNQjkxnpfL
8084 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,sPKnvGEKVGRHsXgbRRJFS
8008 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,snoSMpnSAlGCDUoadZDE
7428 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,tGDiqYCDbgMaBXHmxqrJv
8076 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,tGdwKquShaUWskzgERPqeG
8264 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,tXncljehbaR
8384 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,taNCAYWnFedga
8492 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,uFBMgXMRHfYmHKtd
8616 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,uQadijPTgYiRGTkxDpqTOeI
8732 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,vlEZdJoJilVuJxGaLFCzX
8832 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,vlPATCQWfWfv
8944 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,vnMwerzIvV
9076 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,wDtWqzCTVUWdqo
9192 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,weKcSTEtgvLwNKGEWr
8312 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,wyslQDXAh
8480 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,xRklmHvgNdkXc
8628 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,xbTTVacjLMTUBskAADEzpolBV
8792 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,xbcfQIhiMJswKveISUtGpEWTr
8988 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,ytgHNsgBKfkMoZjHI
9136 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,zLypEkbxfdampkTf
8288 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,ziTLFIzOnbzURBefGdA
8524 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\NxYwE8FyaIw3Kgile.dll,
8600
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
Suricata Alerts
Suricata TLS
No Suricata TLS
description | explorer.exe tried to sleep 120 seconds, actually delayed analysis time by 120 seconds |
cmdline | C:\Windows\system32\regsvr32.exe "C:\Windows\system32\RPhdXxV\hyoafnKWtJAy.dll" |
section | {u'size_of_data': u'0x0002be00', u'virtual_address': u'0x0001b000', u'entropy': 7.848244115365133, u'name': u'.rsrc', u'virtual_size': u'0x0002bc80'} | entropy | 7.84824411537 | description | A section with a high entropy has been found | |||||||||
entropy | 0.654850746269 | description | Overall entropy of this PE file is high |
process | regsvr32.exe |
process | rundll32.exe |
host | 104.168.155.143 | |||
host | 144.202.108.116 | |||
host | 149.56.131.28 | |||
host | 164.90.222.65 | |||
host | 172.105.226.75 | |||
host | 196.218.30.83 | |||
host | 207.148.79.14 | |||
host | 213.239.212.5 |
service_name | hyoafnKWtJAy.dll | service_path | C:\Windows\System32\regsvr32.exe "C:\Windows\system32\RPhdXxV\hyoafnKWtJAy.dll" |
Elastic | malicious (moderate confidence) |
DrWeb | Trojan.Emotet.1203 |
FireEye | Generic.mg.ea0d73a321582562 |
McAfee | Emotet-FTY!EA0D73A32158 |
Cyren | W64/Emotet.ELT.gen!Eldorado |
ESET-NOD32 | a variant of Win64/Kryptik.DHR |
Kaspersky | Trojan.Win64.Strab.n |
Avast | BotX-gen [Trj] |
TrendMicro | TrojanSpy.Win64.EMOTET.SMYXCFC |
McAfee-GW-Edition | Emotet-FTY!EA0D73A32158 |
ZoneAlarm | Trojan.Win64.Strab.n |
Microsoft | Trojan:Win64/Emotet.BY!MTB |
AhnLab-V3 | Malware/Win.FTY.R503424 |
Rising | Trojan.Kryptik!8.8 (C64:YzY0OqasBLIYLZhS) |
Fortinet | W64/Emotet.F1DB!tr |
AVG | BotX-gen [Trj] |
file | C:\Windows\System32\RPhdXxV\hyoafnKWtJAy.dll:Zone.Identifier |
dead_host | 144.202.108.116:8080 |
dead_host | 207.148.79.14:8080 |
dead_host | 164.90.222.65:443 |
dead_host | 196.218.30.83:443 |
dead_host | 104.168.155.143:8080 |