Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ipc_core.dll.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_ipc_34de501b8bd73c3e36d3e0acfc3b73cfa66f9184_69175d2b_a729d135-c707-4015-acc1-f27b8f28852a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_ipc_8b9bed975dae47e075ac375e31246032436a60ba_69175d2b_857be848-56bf-4ec5-a37e-8df4ee63ed60\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_ipc_94ee8ec67bc632ff8e90ed8ca719e8074793a6_69175d2b_366efc25-0cd7-4d79-ad15-0a93ec4edbd3\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_ipc_94ee8ec67bc632ff8e90ed8ca719e8074793a6_69175d2b_bddcb41c-2ce8-4647-90cb-888c62a06e81\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER100.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Aug 30 10:32:08 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER11F.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Aug 30 10:32:08 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1AD.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1DB.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Aug 30 10:32:08 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1EC.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER21A.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER289.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C6.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER306.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE664.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Aug 30 10:32:01 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE701.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE77F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\ipc_core.dll.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\ipc_core.dll.dll",#1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\ipc_core.dll.dll,CreateServiceHost
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\ipc_core.dll.dll",#1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\ipc_core.dll.dll,CreateServiceInvoker
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7492 -s 408
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\ipc_core.dll.dll,DestroyServiceHost
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\ipc_core.dll.dll",CreateServiceHost
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\ipc_core.dll.dll",CreateServiceInvoker
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\ipc_core.dll.dll",DestroyServiceHost
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\ipc_core.dll.dll",InitIPCCoreRuntime
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\ipc_core.dll.dll",DestroyServiceInvoker
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7792 -s 400
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7820 -s 404
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7800 -s 408
|
There are 6 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{d3517036-8e18-fecf-3691-f40c2ee185db}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF8A8F09000
|
unkown
|
page write copy
|
||
|
2A6BAAC0000
|
heap
|
page read and write
|
||
|
11872EE0000
|
heap
|
page read and write
|
||
|
1A4472F0000
|
heap
|
page read and write
|
||
|
7FF8A8DF1000
|
unkown
|
page execute read
|
||
|
2C63CFF0000
|
heap
|
page read and write
|
||
|
288FAC50000
|
heap
|
page read and write
|
||
|
7FF8A8F08000
|
unkown
|
page read and write
|
||
|
2634FD80000
|
heap
|
page read and write
|
||
|
1A4475A5000
|
heap
|
page read and write
|
||
|
7FF8A8F1F000
|
unkown
|
page readonly
|
||
|
2634FDE8000
|
heap
|
page read and write
|
||
|
7FF8A8DFA000
|
unkown
|
page execute read
|
||
|
11872F00000
|
heap
|
page read and write
|
||
|
94C047C000
|
stack
|
page read and write
|
||
|
7FF8A8F09000
|
unkown
|
page write copy
|
||
|
142B07C8000
|
heap
|
page read and write
|
||
|
2C63D390000
|
heap
|
page read and write
|
||
|
A7DE5FF000
|
stack
|
page read and write
|
||
|
288FC660000
|
heap
|
page read and write
|
||
|
142B0730000
|
heap
|
page read and write
|
||
|
1A4475A0000
|
heap
|
page read and write
|
||
|
1A447330000
|
heap
|
page read and write
|
||
|
25E9DFE0000
|
heap
|
page read and write
|
||
|
2A6BAE85000
|
heap
|
page read and write
|
||
|
7FF8A8EE7000
|
unkown
|
page readonly
|
||
|
7FF8A8DF0000
|
unkown
|
page readonly
|
||
|
25E9DEB0000
|
heap
|
page read and write
|
||
|
7FF8A8DFA000
|
unkown
|
page execute read
|
||
|
7FF8A8F31000
|
unkown
|
page readonly
|
||
|
7FF8A8EC2000
|
unkown
|
page execute read
|
||
|
7FF8A8F08000
|
unkown
|
page read and write
|
||
|
25E9E160000
|
heap
|
page read and write
|
||
|
7FF8A8DF0000
|
unkown
|
page readonly
|
||
|
7FF8A8DFA000
|
unkown
|
page execute read
|
||
|
24537F000
|
stack
|
page read and write
|
||
|
F51F3EE000
|
stack
|
page read and write
|
||
|
221332D5000
|
heap
|
page read and write
|
||
|
26350040000
|
heap
|
page read and write
|
||
|
2A6BAA10000
|
heap
|
page read and write
|
||
|
7FF8A8DF1000
|
unkown
|
page execute read
|
||
|
118731A0000
|
heap
|
page read and write
|
||
|
94C057F000
|
stack
|
page read and write
|
||
|
2C63D395000
|
heap
|
page read and write
|
||
|
7FF8A8ED3000
|
unkown
|
page readonly
|
||
|
7FF8A8F1D000
|
unkown
|
page read and write
|
||
|
C3B2D9C000
|
stack
|
page read and write
|
||
|
118732A0000
|
heap
|
page read and write
|
||
|
11872ED0000
|
heap
|
page read and write
|
||
|
7FF8A8DF7000
|
unkown
|
page execute read
|
||
|
7FF8A8DF1000
|
unkown
|
page execute read
|
||
|
17B46575000
|
heap
|
page read and write
|
||
|
7FF8A8DF7000
|
unkown
|
page execute read
|
||
|
7FF8A8EC2000
|
unkown
|
page execute read
|
||
|
2C63EA00000
|
heap
|
page read and write
|
||
|
1A447210000
|
heap
|
page read and write
|
||
|
7FF8A8DF1000
|
unkown
|
page execute read
|
||
|
9E6967E000
|
stack
|
page read and write
|
||
|
7FF8A8F09000
|
unkown
|
page write copy
|
||
|
7FF8A8EE7000
|
unkown
|
page readonly
|
||
|
9E693BE000
|
stack
|
page read and write
|
||
|
94C04FF000
|
stack
|
page read and write
|
||
|
7FF8A8F2A000
|
unkown
|
page readonly
|
||
|
68C8E7C000
|
stack
|
page read and write
|
||
|
288FAC40000
|
heap
|
page read and write
|
||
|
2A6BAAC8000
|
heap
|
page read and write
|
||
|
7FF8A8F2A000
|
unkown
|
page readonly
|
||
|
22134970000
|
heap
|
page read and write
|
||
|
F51F67E000
|
stack
|
page read and write
|
||
|
288FAB10000
|
heap
|
page read and write
|
||
|
F51F2EC000
|
stack
|
page read and write
|
||
|
7FF8A8DF7000
|
unkown
|
page execute read
|
||
|
7FF8A8F31000
|
unkown
|
page readonly
|
||
|
7FF8A8F1D000
|
unkown
|
page read and write
|
||
|
7FF8A8F31000
|
unkown
|
page readonly
|
||
|
142B0720000
|
heap
|
page read and write
|
||
|
17B462B8000
|
heap
|
page read and write
|
||
|
17B46490000
|
heap
|
page read and write
|
||
|
25E9E190000
|
heap
|
page read and write
|
||
|
7FF8A8F2A000
|
unkown
|
page readonly
|
||
|
142B0750000
|
heap
|
page read and write
|
||
|
142B0B25000
|
heap
|
page read and write
|
||
|
7FF8A8EE7000
|
unkown
|
page readonly
|
||
|
7FF8A8EC2000
|
unkown
|
page execute read
|
||
|
5E5D67C000
|
stack
|
page read and write
|
||
|
142B0B20000
|
heap
|
page read and write
|
||
|
7FF8A8F2A000
|
unkown
|
page readonly
|
||
|
7FF8A8EC2000
|
unkown
|
page execute read
|
||
|
7FF8A8F1D000
|
unkown
|
page read and write
|
||
|
7FF8A8DFA000
|
unkown
|
page execute read
|
||
|
2A6BAA00000
|
heap
|
page read and write
|
||
|
2634FDEF000
|
heap
|
page read and write
|
||
|
7FF8A8DF0000
|
unkown
|
page readonly
|
||
|
2851A7C000
|
stack
|
page read and write
|
||
|
2851AFF000
|
stack
|
page read and write
|
||
|
118732A5000
|
heap
|
page read and write
|
||
|
288FAC10000
|
heap
|
page read and write
|
||
|
288FAC45000
|
heap
|
page read and write
|
||
|
7FF8A8EE7000
|
unkown
|
page readonly
|
||
|
2A6BAA30000
|
heap
|
page read and write
|
||
|
17B46570000
|
heap
|
page read and write
|
||
|
7FF8A8DF7000
|
unkown
|
page execute read
|
||
|
2452FF000
|
stack
|
page read and write
|
||
|
7FF8A8F1F000
|
unkown
|
page readonly
|
||
|
22132F50000
|
heap
|
page read and write
|
||
|
7FF8A8ED3000
|
unkown
|
page readonly
|
||
|
F51F36E000
|
stack
|
page read and write
|
||
|
7FF8A8F1F000
|
unkown
|
page readonly
|
||
|
A7DE4FE000
|
stack
|
page read and write
|
||
|
288FAC58000
|
heap
|
page read and write
|
||
|
68C8F7F000
|
stack
|
page read and write
|
||
|
22132E50000
|
heap
|
page read and write
|
||
|
25E9DED0000
|
heap
|
page read and write
|
||
|
22132FE8000
|
heap
|
page read and write
|
||
|
26351860000
|
heap
|
page read and write
|
||
|
24527C000
|
stack
|
page read and write
|
||
|
2C63CFD0000
|
heap
|
page read and write
|
||
|
7FF8A8F1D000
|
unkown
|
page read and write
|
||
|
7FF8A8F09000
|
unkown
|
page write copy
|
||
|
7FF8A8F08000
|
unkown
|
page read and write
|
||
|
11872F58000
|
heap
|
page read and write
|
||
|
7FF8A8F08000
|
unkown
|
page read and write
|
||
|
7FF8A8F31000
|
unkown
|
page readonly
|
||
|
2634FDA0000
|
heap
|
page read and write
|
||
|
1A447338000
|
heap
|
page read and write
|
||
|
9E6933E000
|
stack
|
page read and write
|
||
|
17B463B0000
|
heap
|
page read and write
|
||
|
F36DF0C000
|
stack
|
page read and write
|
||
|
5E5D77F000
|
stack
|
page read and write
|
||
|
C3B30FE000
|
stack
|
page read and write
|
||
|
2634FD70000
|
heap
|
page read and write
|
||
|
25E9DEDD000
|
heap
|
page read and write
|
||
|
2C63D0B8000
|
heap
|
page read and write
|
||
|
22132F30000
|
heap
|
page read and write
|
||
|
F36DF8F000
|
stack
|
page read and write
|
||
|
17B462B0000
|
heap
|
page read and write
|
||
|
2A6BC640000
|
heap
|
page read and write
|
||
|
7FF8A8F1F000
|
unkown
|
page readonly
|
||
|
221332D0000
|
heap
|
page read and write
|
||
|
1A447310000
|
heap
|
page read and write
|
||
|
7FF8A8ED3000
|
unkown
|
page readonly
|
||
|
2851B7F000
|
stack
|
page read and write
|
||
|
5E5D6FF000
|
stack
|
page read and write
|
||
|
1A448E70000
|
heap
|
page read and write
|
||
|
68C8EFF000
|
stack
|
page read and write
|
||
|
F36E27F000
|
stack
|
page read and write
|
||
|
17B47E90000
|
heap
|
page read and write
|
||
|
7FF8A8ED3000
|
unkown
|
page readonly
|
||
|
142B2290000
|
heap
|
page read and write
|
||
|
26350045000
|
heap
|
page read and write
|
||
|
9E692BC000
|
stack
|
page read and write
|
||
|
7FF8A8DF0000
|
unkown
|
page readonly
|
||
|
11872F50000
|
heap
|
page read and write
|
||
|
2C63CEF0000
|
heap
|
page read and write
|
||
|
17B464B0000
|
heap
|
page read and write
|
||
|
2C63D0B0000
|
heap
|
page read and write
|
||
|
25E9DFE0000
|
heap
|
page read and write
|
||
|
2634FDE0000
|
heap
|
page read and write
|
||
|
142B07C0000
|
heap
|
page read and write
|
||
|
25E9DDD0000
|
heap
|
page read and write
|
||
|
25E9DEE9000
|
heap
|
page read and write
|
||
|
2A6BAE80000
|
heap
|
page read and write
|
||
|
288FABF0000
|
heap
|
page read and write
|
||
|
22132FE0000
|
heap
|
page read and write
|
||
|
C3B307E000
|
stack
|
page read and write
|
||
|
A7DE11C000
|
stack
|
page read and write
|
There are 156 hidden memdumps, click here to show them.