Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
4wauxstb.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_5feb8dbdac39ae1a7256d1fc87637b91e032d0d8_7522e4b5_fe35a70d-95da-4053-a65d-1baee6f97000\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c3a120e38c8a924168df415827e44f45cab79cd2_7522e4b5_f3e55f13-f12d-4fe0-900c-a383a4c7827a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8F94.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Sep 27 08:48:30 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER910C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER916B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A52.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Sep 27 08:48:33 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9BCA.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9BEA.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\4wauxstb.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\4wauxstb.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\4wauxstb.dll,#50
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\4wauxstb.dll",#1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 596
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\4wauxstb.dll",#50
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 596
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
||
|
http://ak.results.myway.com/mw_eula.html0
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
198.187.3.20.in-addr.arpa
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProgramId
|
||
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
FileId
|
||
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LongPathHash
|
||
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Name
|
||
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
OriginalFileName
|
||
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Publisher
|
||
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Version
|
||
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinFileVersion
|
||
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinaryType
|
||
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductName
|
||
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductVersion
|
||
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LinkDate
|
||
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinProductVersion
|
||
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Size
|
||
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Language
|
||
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
IsOsComponent
|
||
|
\REGISTRY\A\{23da3cd7-2013-c93a-7e54-c1186c7855ef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
53A000
|
heap
|
page read and write
|
||
|
66E000
|
stack
|
page read and write
|
||
|
F4F000
|
stack
|
page read and write
|
||
|
2E5F000
|
stack
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
B8E000
|
stack
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
10004000
|
unkown
|
page readonly
|
||
|
A41000
|
stack
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
58E000
|
stack
|
page read and write
|
||
|
8EA000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
A3B000
|
stack
|
page read and write
|
||
|
B7F000
|
stack
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
8FD000
|
stack
|
page read and write
|
||
|
5BE000
|
heap
|
page read and write
|
||
|
BCF000
|
stack
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
1C9000
|
stack
|
page read and write
|
||
|
8B4000
|
heap
|
page read and write
|
||
|
10004000
|
unkown
|
page readonly
|
||
|
53F000
|
stack
|
page read and write
|
||
|
5D2000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
140000
|
heap
|
page read and write
|
||
|
5DD000
|
stack
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
C3B000
|
heap
|
page read and write
|
||
|
C1A000
|
heap
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
10003000
|
unkown
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
1CE000
|
stack
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
530000
|
heap
|
page read and write
|
||
|
8E6000
|
heap
|
page read and write
|
||
|
5DD000
|
heap
|
page read and write
|
||
|
5B9000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
5B4000
|
heap
|
page read and write
|
||
|
10003000
|
unkown
|
page read and write
|
||
|
C3F000
|
heap
|
page read and write
|
||
|
5AD000
|
heap
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
43C000
|
stack
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
5DD000
|
heap
|
page read and write
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
A6E000
|
stack
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
79F000
|
stack
|
page read and write
|
||
|
6AF000
|
stack
|
page read and write
|
||
|
59A000
|
heap
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
4FD000
|
stack
|
page read and write
|
||
|
C4D000
|
heap
|
page read and write
|
||
|
A1000
|
stack
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
5CF0000
|
trusted library allocation
|
page read and write
|
||
|
50F000
|
stack
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
48A0000
|
heap
|
page read and write
|
||
|
5BD000
|
heap
|
page read and write
|
||
|
5DD000
|
heap
|
page read and write
|
There are 73 hidden memdumps, click here to show them.