Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DACOUv0x9T.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
|
initial sample
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_478f438831aa6399f8caa2599237798e96e3_7522e4b5_290e18b4-4b47-4463-8f66-24aaf4116a17\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_478f438831aa6399f8caa2599237798e96e3_7522e4b5_dbf30b08-2d3d-4f77-92e0-6fca8e52a230\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_f7ad191254677193eedb46eba66076be13a25fcf_7522e4b5_70debaf7-245e-4135-b189-34a93c3d0717\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_f7ad191254677193eedb46eba66076be13a25fcf_7522e4b5_88892343-9514-4023-957e-1fb52be0fea4\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9859.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Jul 3 09:07:58 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A8C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9ACC.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA029.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Jul 3 09:08:00 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA0A7.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA0E6.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERACBB.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Jul 3 09:08:03 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAD2A.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAD2A.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Jul 3 09:08:03 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAD69.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERADD7.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAE26.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\DACOUv0x9T.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\DACOUv0x9T.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\DACOUv0x9T.dll,HI_Deinterlace
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\DACOUv0x9T.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\DACOUv0x9T.dll,HI_GetVersion
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 596
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\DACOUv0x9T.dll,HI_InitDeinterlace
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 592
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\DACOUv0x9T.dll",HI_Deinterlace
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\DACOUv0x9T.dll",HI_GetVersion
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\DACOUv0x9T.dll",HI_InitDeinterlace
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\DACOUv0x9T.dll",HI_ReleaseDeinterlace
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 592
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 600
|
There are 5 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProgramId
|
||
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
FileId
|
||
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LongPathHash
|
||
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Name
|
||
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
OriginalFileName
|
||
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Publisher
|
||
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Version
|
||
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinFileVersion
|
||
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinaryType
|
||
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductName
|
||
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductVersion
|
||
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LinkDate
|
||
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinProductVersion
|
||
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Size
|
||
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Language
|
||
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
IsOsComponent
|
||
|
\REGISTRY\A\{12505225-c38b-0024-01f3-6791ab9f2a60}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00B8FA4A2E4
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 16 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2870000
|
heap
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
33C0000
|
direct allocation
|
page execute and read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
4250000
|
heap
|
page read and write
|
||
|
A3E000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
27BF000
|
stack
|
page read and write
|
||
|
4210000
|
heap
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
6A2000
|
direct allocation
|
page execute and read and write
|
||
|
33B0000
|
direct allocation
|
page execute and read and write
|
||
|
3210000
|
direct allocation
|
page read and write
|
||
|
4A1E000
|
stack
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
33A0000
|
direct allocation
|
page execute and read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
33D4000
|
heap
|
page read and write
|
||
|
2880000
|
heap
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
650000
|
direct allocation
|
page execute and read and write
|
||
|
2FAC000
|
stack
|
page read and write
|
||
|
4270000
|
heap
|
page read and write
|
||
|
4090000
|
heap
|
page read and write
|
||
|
59F000
|
stack
|
page read and write
|
||
|
4150000
|
direct allocation
|
page read and write
|
||
|
17B000
|
stack
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
3210000
|
heap
|
page read and write
|
||
|
10009000
|
unkown
|
page execute and read and write
|
||
|
4CA000
|
heap
|
page read and write
|
||
|
26D0000
|
heap
|
page read and write
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
5E0000
|
direct allocation
|
page execute and read and write
|
||
|
6F2000
|
direct allocation
|
page execute and read and write
|
||
|
40CF000
|
stack
|
page read and write
|
||
|
303A000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
2550000
|
heap
|
page read and write
|
||
|
66E000
|
stack
|
page read and write
|
||
|
3202000
|
direct allocation
|
page execute and read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
6A0000
|
direct allocation
|
page execute and read and write
|
||
|
33C2000
|
direct allocation
|
page execute and read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
2E8B000
|
stack
|
page read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute and read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
A2F000
|
heap
|
page read and write
|
||
|
1000C000
|
unkown
|
page execute and read and write
|
||
|
2770000
|
heap
|
page read and write
|
||
|
16C000
|
stack
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
277A000
|
heap
|
page read and write
|
||
|
4BE000
|
stack
|
page read and write
|
||
|
2500000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute and read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
2510000
|
direct allocation
|
page read and write
|
||
|
6E0000
|
direct allocation
|
page execute and read and write
|
||
|
C5E000
|
stack
|
page read and write
|
||
|
1CB000
|
stack
|
page read and write
|
||
|
A38000
|
heap
|
page read and write
|
||
|
8FC000
|
stack
|
page read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
353E000
|
stack
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute and read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
329E000
|
stack
|
page read and write
|
||
|
12B000
|
stack
|
page read and write
|
||
|
2824000
|
heap
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
3200000
|
direct allocation
|
page execute and read and write
|
||
|
410E000
|
stack
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
6CF000
|
stack
|
page read and write
|
||
|
55C000
|
stack
|
page read and write
|
||
|
4CDE000
|
stack
|
page read and write
|
||
|
2500000
|
direct allocation
|
page execute and read and write
|
||
|
2FAC000
|
stack
|
page read and write
|
||
|
6B0000
|
direct allocation
|
page read and write
|
||
|
3AC000
|
stack
|
page read and write
|
||
|
275F000
|
stack
|
page read and write
|
||
|
31F0000
|
direct allocation
|
page execute and read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
2720000
|
direct allocation
|
page read and write
|
||
|
2770000
|
direct allocation
|
page execute and read and write
|
||
|
6AF000
|
stack
|
page read and write
|
||
|
6FF000
|
stack
|
page read and write
|
||
|
D5F000
|
stack
|
page read and write
|
||
|
33B2000
|
direct allocation
|
page execute and read and write
|
||
|
4210000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute and read and write
|
||
|
10009000
|
unkown
|
page execute and read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
277E000
|
stack
|
page read and write
|
||
|
2F6B000
|
stack
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
2820000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2770000
|
heap
|
page read and write
|
||
|
1000C000
|
unkown
|
page execute and read and write
|
||
|
640000
|
direct allocation
|
page execute and read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
1000C000
|
unkown
|
page execute and read and write
|
||
|
A2B000
|
heap
|
page read and write
|
||
|
4D1E000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute and read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
15B000
|
stack
|
page read and write
|
||
|
2A52000
|
direct allocation
|
page execute and read and write
|
||
|
10009000
|
unkown
|
page execute and read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
63F000
|
stack
|
page read and write
|
||
|
6F0000
|
direct allocation
|
page execute and read and write
|
||
|
4EA0000
|
heap
|
page read and write
|
||
|
4214000
|
heap
|
page read and write
|
||
|
2A50000
|
direct allocation
|
page execute and read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
279F000
|
stack
|
page read and write
|
||
|
2554000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
2A4E000
|
stack
|
page read and write
|
||
|
34FF000
|
stack
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
2880000
|
heap
|
page read and write
|
||
|
2502000
|
direct allocation
|
page execute and read and write
|
||
|
3630000
|
heap
|
page read and write
|
||
|
45E000
|
stack
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
2760000
|
direct allocation
|
page execute and read and write
|
||
|
470000
|
direct allocation
|
page execute and read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
1000C000
|
unkown
|
page execute and read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
32BA000
|
heap
|
page read and write
|
||
|
10009000
|
unkown
|
page execute and read and write
|
||
|
4D20000
|
direct allocation
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
2ECC000
|
stack
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
4A5F000
|
stack
|
page read and write
|
||
|
2F6B000
|
stack
|
page read and write
|
||
|
2760000
|
direct allocation
|
page execute and read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
33B0000
|
direct allocation
|
page execute and read and write
|
||
|
652000
|
direct allocation
|
page execute and read and write
|
||
|
4274000
|
heap
|
page read and write
|
||
|
1000C000
|
unkown
|
page execute and read and write
|
||
|
338E000
|
stack
|
page read and write
|
||
|
53A000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
43C000
|
stack
|
page read and write
|
||
|
4C9F000
|
stack
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
10009000
|
unkown
|
page execute and read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
4360000
|
heap
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
4190000
|
remote allocation
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
5DE000
|
stack
|
page read and write
|
||
|
2780000
|
direct allocation
|
page read and write
|
||
|
5AA000
|
heap
|
page read and write
|
||
|
36B000
|
stack
|
page read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
4EA4000
|
heap
|
page read and write
|
||
|
283A000
|
heap
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
C1F000
|
stack
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
31DF000
|
stack
|
page read and write
|
||
|
275E000
|
stack
|
page read and write
|
||
|
3214000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
1BC000
|
stack
|
page read and write
|
||
|
4BB0000
|
heap
|
page read and write
|
||
|
4DF0000
|
heap
|
page read and write
|
||
|
414F000
|
stack
|
page read and write
|
||
|
357F000
|
stack
|
page read and write
|
||
|
33CA000
|
heap
|
page read and write
|
||
|
2772000
|
direct allocation
|
page execute and read and write
|
||
|
4094000
|
heap
|
page read and write
|
||
|
3580000
|
direct allocation
|
page read and write
|
||
|
660000
|
direct allocation
|
page read and write
|
There are 193 hidden memdumps, click here to show them.