Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
4wauxstb.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_5feb8dbdac39ae1a7256d1fc87637b91e032d0d8_7522e4b5_fe35a70d-95da-4053-a65d-1baee6f97000\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c3a120e38c8a924168df415827e44f45cab79cd2_7522e4b5_f3e55f13-f12d-4fe0-900c-a383a4c7827a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8F94.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Sep 27 08:48:30 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER910C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER916B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A52.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Sep 27 08:48:33 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9BCA.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9BEA.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\4wauxstb.dll"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\4wauxstb.dll",#1
|
||
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\4wauxstb.dll,#50
|
||
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\4wauxstb.dll",#1
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 596
|
||
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\4wauxstb.dll",#50
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 596
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://upx.sf.net
|
unknown
|
||
http://ak.results.myway.com/mw_eula.html0
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
198.187.3.20.in-addr.arpa
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProgramId
|
||
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
FileId
|
||
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LowerCaseLongPath
|
||
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LongPathHash
|
||
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Name
|
||
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
OriginalFileName
|
||
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Publisher
|
||
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Version
|
||
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinFileVersion
|
||
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinaryType
|
||
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductName
|
||
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductVersion
|
||
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LinkDate
|
||
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinProductVersion
|
||
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageFullName
|
||
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Size
|
||
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Language
|
||
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
IsOsComponent
|
||
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Usn
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 12 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
53A000
|
heap
|
page read and write
|
||
66E000
|
stack
|
page read and write
|
||
F4F000
|
stack
|
page read and write
|
||
2E5F000
|
stack
|
page read and write
|
||
AD0000
|
heap
|
page read and write
|
||
B8E000
|
stack
|
page read and write
|
||
5B5000
|
heap
|
page read and write
|
||
A70000
|
heap
|
page read and write
|
||
1090000
|
heap
|
page read and write
|
||
10004000
|
unkown
|
page readonly
|
||
A41000
|
stack
|
page read and write
|
||
480000
|
heap
|
page read and write
|
||
58E000
|
stack
|
page read and write
|
||
8EA000
|
heap
|
page read and write
|
||
540000
|
heap
|
page read and write
|
||
A3B000
|
stack
|
page read and write
|
||
B7F000
|
stack
|
page read and write
|
||
590000
|
heap
|
page read and write
|
||
150000
|
heap
|
page read and write
|
||
A20000
|
heap
|
page read and write
|
||
8FD000
|
stack
|
page read and write
|
||
5BE000
|
heap
|
page read and write
|
||
BCF000
|
stack
|
page read and write
|
||
10002000
|
unkown
|
page readonly
|
||
1C9000
|
stack
|
page read and write
|
||
8B4000
|
heap
|
page read and write
|
||
10004000
|
unkown
|
page readonly
|
||
53F000
|
stack
|
page read and write
|
||
5D2000
|
heap
|
page read and write
|
||
10001000
|
unkown
|
page execute read
|
||
140000
|
heap
|
page read and write
|
||
5DD000
|
stack
|
page read and write
|
||
C10000
|
heap
|
page read and write
|
||
C3B000
|
heap
|
page read and write
|
||
C1A000
|
heap
|
page read and write
|
||
B40000
|
heap
|
page read and write
|
||
AE0000
|
heap
|
page read and write
|
||
7F0000
|
heap
|
page read and write
|
||
10002000
|
unkown
|
page readonly
|
||
10001000
|
unkown
|
page execute read
|
||
5D5000
|
heap
|
page read and write
|
||
9B000
|
stack
|
page read and write
|
||
940000
|
heap
|
page read and write
|
||
10003000
|
unkown
|
page read and write
|
||
B90000
|
heap
|
page read and write
|
||
1CE000
|
stack
|
page read and write
|
||
10000000
|
unkown
|
page readonly
|
||
530000
|
heap
|
page read and write
|
||
8E6000
|
heap
|
page read and write
|
||
5DD000
|
heap
|
page read and write
|
||
5B9000
|
heap
|
page read and write
|
||
10000000
|
unkown
|
page readonly
|
||
5C0000
|
heap
|
page read and write
|
||
5B4000
|
heap
|
page read and write
|
||
10003000
|
unkown
|
page read and write
|
||
C3F000
|
heap
|
page read and write
|
||
5AD000
|
heap
|
page read and write
|
||
6E0000
|
heap
|
page read and write
|
||
43C000
|
stack
|
page read and write
|
||
1D0000
|
heap
|
page read and write
|
||
5DD000
|
heap
|
page read and write
|
||
5B1000
|
heap
|
page read and write
|
||
800000
|
heap
|
page read and write
|
||
BBE000
|
stack
|
page read and write
|
||
2F80000
|
heap
|
page read and write
|
||
A6E000
|
stack
|
page read and write
|
||
C30000
|
heap
|
page read and write
|
||
79F000
|
stack
|
page read and write
|
||
6AF000
|
stack
|
page read and write
|
||
59A000
|
heap
|
page read and write
|
||
8E0000
|
heap
|
page read and write
|
||
5B1000
|
heap
|
page read and write
|
||
4FD000
|
stack
|
page read and write
|
||
C4D000
|
heap
|
page read and write
|
||
A1000
|
stack
|
page read and write
|
||
8B0000
|
heap
|
page read and write
|
||
C0E000
|
stack
|
page read and write
|
||
5CF0000
|
trusted library allocation
|
page read and write
|
||
50F000
|
stack
|
page read and write
|
||
470000
|
heap
|
page read and write
|
||
48A0000
|
heap
|
page read and write
|
||
5BD000
|
heap
|
page read and write
|
||
5DD000
|
heap
|
page read and write
|
There are 73 hidden memdumps, click here to show them.