Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen.22455.25862.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_4d60d8e56cf1fa2026a08b6eec534822c8224ea_952b8cde_b57e043f-944d-48f0-aae1-0d2173533ee8\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_9eff24576f898a4a6729317b756d85bad5bb9442_7522e4b5_095ffdda-9b60-4c02-b23a-645ca43c141a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD14.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sun Oct 27 16:54:12 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD33.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sun Oct 27 16:54:13 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCE2E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCE7D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCF86.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD004.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen.22455.25862.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen.22455.25862.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen.22455.25862.dll",#1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 252
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 552
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.clamav.net
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
198.187.3.20.in-addr.arpa
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProgramId
|
||
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
FileId
|
||
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LongPathHash
|
||
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Name
|
||
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
OriginalFileName
|
||
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Publisher
|
||
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Version
|
||
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinFileVersion
|
||
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinaryType
|
||
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductName
|
||
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductVersion
|
||
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LinkDate
|
||
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinProductVersion
|
||
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Size
|
||
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Language
|
||
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
IsOsComponent
|
||
|
\REGISTRY\A\{f2267fd0-9303-0d50-e215-e9802d9fb085}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2E00000
|
heap
|
page read and write
|
||
|
E3E000
|
stack
|
page read and write
|
||
|
2E29000
|
heap
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
4A7F000
|
stack
|
page read and write
|
||
|
2E26000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
2E29000
|
heap
|
page read and write
|
||
|
63AF000
|
stack
|
page read and write
|
||
|
FDF000
|
heap
|
page read and write
|
||
|
3097000
|
heap
|
page read and write
|
||
|
6190000
|
heap
|
page read and write
|
||
|
487E000
|
stack
|
page read and write
|
||
|
305E000
|
stack
|
page read and write
|
||
|
2E29000
|
heap
|
page read and write
|
||
|
4A3E000
|
stack
|
page read and write
|
||
|
FEE000
|
heap
|
page read and write
|
||
|
2E45000
|
heap
|
page read and write
|
||
|
301E000
|
stack
|
page read and write
|
||
|
2E0A000
|
heap
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
F3F000
|
stack
|
page read and write
|
||
|
FDB000
|
heap
|
page read and write
|
||
|
F7E000
|
stack
|
page read and write
|
||
|
2B4C000
|
stack
|
page read and write
|
||
|
6180000
|
heap
|
page read and write
|
||
|
636E000
|
stack
|
page read and write
|
||
|
2E29000
|
heap
|
page read and write
|
||
|
61B4000
|
heap
|
page read and write
|
||
|
95D000
|
stack
|
page read and write
|
||
|
2E2A000
|
heap
|
page read and write
|
||
|
2E27000
|
heap
|
page read and write
|
||
|
309A000
|
heap
|
page read and write
|
||
|
2E29000
|
heap
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
2E31000
|
heap
|
page read and write
|
||
|
2E2D000
|
heap
|
page read and write
|
||
|
2E25000
|
heap
|
page read and write
|
||
|
48BF000
|
stack
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
2E2F000
|
heap
|
page read and write
|
||
|
2E46000
|
heap
|
page read and write
|
||
|
2B09000
|
stack
|
page read and write
|
||
|
61B0000
|
heap
|
page read and write
|
||
|
6740000
|
trusted library allocation
|
page read and write
|
||
|
11CF000
|
stack
|
page read and write
|
||
|
A5D000
|
stack
|
page read and write
|
There are 43 hidden memdumps, click here to show them.