Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
SecuriteInfo.com.Trojan.Packed.16045.13418.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_40dfe4f969cbf4fc5de74dcb1b6270e6cee73c1c_7522e4b5_2f2b4a1c-35c5-4358-b8f2-1e2fbbb9e370\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_40dfe4f969cbf4fc5de74dcb1b6270e6cee73c1c_7522e4b5_3445b430-5404-4f1d-ab9e-1623049dd6e3\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_40dfe4f969cbf4fc5de74dcb1b6270e6cee73c1c_7522e4b5_d1103713-8ae5-4de5-a329-aea6d2e3fe56\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_8b99f381882e05a5abb1913aaf1cb4446d926b3_7522e4b5_0a457b11-ee37-4a85-8ac3-689d30f730fc\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_8b99f381882e05a5abb1913aaf1cb4446d926b3_7522e4b5_71784623-12fc-4600-a3bb-ceea5991a9f6\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2B37.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Sep 28 18:36:17 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2B66.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Sep 28 18:36:17 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C42.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C51.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C62.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C72.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3691.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Sep 28 18:36:20 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER372F.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER376E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4249.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Sep 28 18:36:23 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER42A7.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Sep 28 18:36:23 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4306.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4336.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER43E1.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4411.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 12 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed.16045.13418.dll"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed.16045.13418.dll",#1
|
||
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed.16045.13418.dll,SetDllPathA
|
||
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed.16045.13418.dll",#1
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 620
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 612
|
||
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed.16045.13418.dll,SetDllPathW
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 612
|
||
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed.16045.13418.dll",SetDllPathA
|
||
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed.16045.13418.dll",SetDllPathW
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 612
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 612
|
There are 3 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://upx.sf.net
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProgramId
|
||
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
FileId
|
||
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LowerCaseLongPath
|
||
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LongPathHash
|
||
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Name
|
||
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
OriginalFileName
|
||
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Publisher
|
||
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Version
|
||
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinFileVersion
|
||
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinaryType
|
||
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductName
|
||
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductVersion
|
||
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LinkDate
|
||
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinProductVersion
|
||
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageFullName
|
||
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Size
|
||
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Language
|
||
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
IsOsComponent
|
||
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Usn
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
There are 18 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
3490000
|
heap
|
page read and write
|
||
4F40000
|
heap
|
page read and write
|
||
BCF000
|
stack
|
page read and write
|
||
8A0000
|
heap
|
page read and write
|
||
4BDF000
|
stack
|
page read and write
|
||
339E000
|
stack
|
page read and write
|
||
10009000
|
unkown
|
page read and write
|
||
3260000
|
heap
|
page read and write
|
||
2FBB000
|
stack
|
page read and write
|
||
10007000
|
unkown
|
page readonly
|
||
4D8E000
|
stack
|
page read and write
|
||
ACE000
|
heap
|
page read and write
|
||
35AA000
|
heap
|
page read and write
|
||
48E000
|
stack
|
page read and write
|
||
BEF000
|
stack
|
page read and write
|
||
10001000
|
unkown
|
page execute read
|
||
31F0000
|
heap
|
page read and write
|
||
15B000
|
stack
|
page read and write
|
||
BD0000
|
heap
|
page read and write
|
||
7B0000
|
heap
|
page read and write
|
||
4DCF000
|
stack
|
page read and write
|
||
3240000
|
heap
|
page read and write
|
||
355E000
|
stack
|
page read and write
|
||
10007000
|
unkown
|
page readonly
|
||
1030000
|
heap
|
page read and write
|
||
8D0000
|
heap
|
page read and write
|
||
67E000
|
heap
|
page read and write
|
||
32C0000
|
heap
|
page read and write
|
||
4C1E000
|
stack
|
page read and write
|
||
ABA000
|
heap
|
page read and write
|
||
A3E000
|
stack
|
page read and write
|
||
33B0000
|
heap
|
page read and write
|
||
890000
|
heap
|
page read and write
|
||
35A0000
|
heap
|
page read and write
|
||
10000000
|
unkown
|
page readonly
|
||
10001000
|
unkown
|
page execute read
|
||
10000000
|
unkown
|
page readonly
|
||
2E60000
|
heap
|
page read and write
|
||
6ED000
|
stack
|
page read and write
|
||
349A000
|
heap
|
page read and write
|
||
1000E000
|
unkown
|
page readonly
|
||
400000
|
heap
|
page read and write
|
||
359F000
|
stack
|
page read and write
|
||
750000
|
heap
|
page read and write
|
||
10000000
|
unkown
|
page readonly
|
||
10000000
|
unkown
|
page readonly
|
||
10007000
|
unkown
|
page readonly
|
||
4C5E000
|
stack
|
page read and write
|
||
33CE000
|
heap
|
page read and write
|
||
2FFC000
|
stack
|
page read and write
|
||
D90000
|
heap
|
page read and write
|
||
760000
|
heap
|
page read and write
|
||
10009000
|
unkown
|
page read and write
|
||
2FCC000
|
stack
|
page read and write
|
||
30AC000
|
stack
|
page read and write
|
||
10001000
|
unkown
|
page execute read
|
||
3340000
|
heap
|
page read and write
|
||
10009000
|
unkown
|
page read and write
|
||
66A000
|
heap
|
page read and write
|
||
3280000
|
heap
|
page read and write
|
||
33BE000
|
stack
|
page read and write
|
||
7DE000
|
stack
|
page read and write
|
||
A7E000
|
stack
|
page read and write
|
||
DA7000
|
heap
|
page read and write
|
||
10007000
|
unkown
|
page readonly
|
||
D1D000
|
stack
|
page read and write
|
||
3230000
|
heap
|
page read and write
|
||
19C000
|
stack
|
page read and write
|
||
D9F000
|
heap
|
page read and write
|
||
3510000
|
heap
|
page read and write
|
||
C6F000
|
stack
|
page read and write
|
||
35BE000
|
heap
|
page read and write
|
||
5EB000
|
stack
|
page read and write
|
||
10009000
|
unkown
|
page read and write
|
||
340F000
|
stack
|
page read and write
|
||
DAD000
|
heap
|
page read and write
|
||
410000
|
heap
|
page read and write
|
||
34AE000
|
heap
|
page read and write
|
||
10007000
|
unkown
|
page readonly
|
||
4B0000
|
heap
|
page read and write
|
||
7FF000
|
stack
|
page read and write
|
||
10001000
|
unkown
|
page execute read
|
||
C1D000
|
stack
|
page read and write
|
||
5CF000
|
stack
|
page read and write
|
||
1000E000
|
unkown
|
page readonly
|
||
1000E000
|
unkown
|
page readonly
|
||
C2E000
|
stack
|
page read and write
|
||
10000000
|
unkown
|
page readonly
|
||
3580000
|
heap
|
page read and write
|
||
83C000
|
stack
|
page read and write
|
||
10001000
|
unkown
|
page execute read
|
||
9FE000
|
stack
|
page read and write
|
||
7AE000
|
stack
|
page read and write
|
||
1000E000
|
unkown
|
page readonly
|
||
4670000
|
heap
|
page read and write
|
||
D9B000
|
heap
|
page read and write
|
||
34EF000
|
stack
|
page read and write
|
||
33BA000
|
heap
|
page read and write
|
||
840000
|
heap
|
page read and write
|
||
1000E000
|
unkown
|
page readonly
|
||
AB0000
|
heap
|
page read and write
|
||
326E000
|
stack
|
page read and write
|
||
10007000
|
unkown
|
page readonly
|
||
10009000
|
unkown
|
page read and write
|
||
2F8B000
|
stack
|
page read and write
|
||
660000
|
heap
|
page read and write
|
||
306B000
|
stack
|
page read and write
|
||
10009000
|
unkown
|
page read and write
|
||
10001000
|
unkown
|
page execute read
|
||
3110000
|
heap
|
page read and write
|
||
3480000
|
heap
|
page read and write
|
||
1000E000
|
unkown
|
page readonly
|
||
33C0000
|
heap
|
page read and write
|
||
10000000
|
unkown
|
page readonly
|
||
5EC000
|
stack
|
page read and write
|
||
34D0000
|
heap
|
page read and write
|
||
32A0000
|
heap
|
page read and write
|
There are 107 hidden memdumps, click here to show them.