Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fil_4ae1b8f93a1c042e2414641401d156f19dc19b3_d75f6fa5_d9c7960c-7b33-4c11-89b0-f4abeeebb822\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fil_4ae1b8f93a1c042e2414641401d156f19dc19b3_d75f6fa5_ddd5b7b4-0d9e-491c-be0f-54ed85a4510c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER88DD.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Oct 2 16:46:53 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER894C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER897C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9E1B.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Oct 2 16:46:58 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9E6A.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9E9A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\file.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\file.dll,Java_sun_tracing_dtrace_JVM_activate0
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",#1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\file.dll,Java_sun_tracing_dtrace_JVM_defineClass0
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 2836 -s 328
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\file.dll,Java_sun_tracing_dtrace_JVM_dispose0
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_sun_tracing_dtrace_JVM_activate0
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_sun_tracing_dtrace_JVM_defineClass0
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_sun_tracing_dtrace_JVM_dispose0
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_sun_tracing_dtrace_JVM_isSupported0
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_sun_tracing_dtrace_JVM_isEnabled0
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 3500 -s 324
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{fb568cfe-d8fc-aae1-2902-5dcee967ef16}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1AF61D70000
|
heap
|
page read and write
|
||
|
1F553F98000
|
heap
|
page read and write
|
||
|
1E587C30000
|
heap
|
page read and write
|
||
|
150E8720000
|
heap
|
page read and write
|
||
|
1E587CE0000
|
heap
|
page read and write
|
||
|
17FF87E000
|
stack
|
page read and write
|
||
|
7FF8BFAB6000
|
unkown
|
page readonly
|
||
|
13D2B73E000
|
heap
|
page read and write
|
||
|
17FF54C000
|
stack
|
page read and write
|
||
|
20DD21D0000
|
heap
|
page read and write
|
||
|
1F50CE15000
|
heap
|
page read and write
|
||
|
13D2D300000
|
heap
|
page read and write
|
||
|
1F554090000
|
heap
|
page read and write
|
||
|
1B960F30000
|
heap
|
page read and write
|
||
|
564370F000
|
stack
|
page read and write
|
||
|
1BB535B0000
|
heap
|
page read and write
|
||
|
13D2B710000
|
heap
|
page read and write
|
||
|
1F95A8D5000
|
heap
|
page read and write
|
||
|
1BB533C0000
|
heap
|
page read and write
|
||
|
90A089C000
|
stack
|
page read and write
|
||
|
1E587F45000
|
heap
|
page read and write
|
||
|
13D2B9F0000
|
heap
|
page read and write
|
||
|
1B960D58000
|
heap
|
page read and write
|
||
|
1B906FE000
|
stack
|
page read and write
|
||
|
46D0BEC000
|
stack
|
page read and write
|
||
|
20DD1EDC000
|
heap
|
page read and write
|
||
|
BF7A52C000
|
stack
|
page read and write
|
||
|
A5068FF000
|
stack
|
page read and write
|
||
|
1B960E50000
|
heap
|
page read and write
|
||
|
946AFE000
|
stack
|
page read and write
|
||
|
1AF61F30000
|
heap
|
page read and write
|
||
|
15419DF000
|
stack
|
page read and write
|
||
|
20DD1E30000
|
heap
|
page read and write
|
||
|
1F50CB88000
|
heap
|
page read and write
|
||
|
1E587C20000
|
heap
|
page read and write
|
||
|
1AF62175000
|
heap
|
page read and write
|
||
|
1F554265000
|
heap
|
page read and write
|
||
|
1F95A8D0000
|
heap
|
page read and write
|
||
|
1BB536A0000
|
heap
|
page read and write
|
||
|
1F95A630000
|
heap
|
page read and write
|
||
|
150E8440000
|
heap
|
page read and write
|
||
|
A50697F000
|
stack
|
page read and write
|
||
|
7FF8BFAB6000
|
unkown
|
page readonly
|
||
|
150E8620000
|
heap
|
page read and write
|
||
|
150E87C0000
|
heap
|
page read and write
|
||
|
13D2B9F5000
|
heap
|
page read and write
|
||
|
1E587F40000
|
heap
|
page read and write
|
||
|
1F5540B0000
|
heap
|
page read and write
|
||
|
1F50CB40000
|
heap
|
page read and write
|
||
|
1541C7F000
|
stack
|
page read and write
|
||
|
1F95A880000
|
heap
|
page read and write
|
||
|
7FF8BFAB1000
|
unkown
|
page execute read
|
||
|
7FF8BFAB3000
|
unkown
|
page readonly
|
||
|
13D2B900000
|
heap
|
page read and write
|
||
|
1F50CB80000
|
heap
|
page read and write
|
||
|
BF7A5AE000
|
stack
|
page read and write
|
||
|
1BB53735000
|
heap
|
page read and write
|
||
|
564368C000
|
stack
|
page read and write
|
||
|
1F95A600000
|
heap
|
page read and write
|
||
|
20DD1ED7000
|
heap
|
page read and write
|
||
|
BF7A87E000
|
stack
|
page read and write
|
||
|
1F50CA60000
|
heap
|
page read and write
|
||
|
1B9038C000
|
stack
|
page read and write
|
||
|
1F95A638000
|
heap
|
page read and write
|
||
|
1E587CE8000
|
heap
|
page read and write
|
||
|
150E87C5000
|
heap
|
page read and write
|
||
|
154195C000
|
stack
|
page read and write
|
||
|
1BB533B0000
|
heap
|
page read and write
|
||
|
1F95A5D0000
|
heap
|
page read and write
|
||
|
1AF63A90000
|
heap
|
page read and write
|
||
|
13D2B738000
|
heap
|
page read and write
|
||
|
1E589860000
|
heap
|
page read and write
|
||
|
295973C000
|
stack
|
page read and write
|
||
|
1B9067F000
|
stack
|
page read and write
|
||
|
2959A7F000
|
stack
|
page read and write
|
||
|
1F5541A0000
|
heap
|
page read and write
|
||
|
46D0EFF000
|
stack
|
page read and write
|
||
|
1BB533E0000
|
heap
|
page read and write
|
||
|
1F50CE10000
|
heap
|
page read and write
|
||
|
7FF8BFAB3000
|
unkown
|
page readonly
|
||
|
1AF61E70000
|
heap
|
page read and write
|
||
|
1F50CD00000
|
heap
|
page read and write
|
||
|
90A099E000
|
stack
|
page read and write
|
||
|
1F50CB60000
|
heap
|
page read and write
|
||
|
946B7E000
|
stack
|
page read and write
|
||
|
1B960D6F000
|
heap
|
page read and write
|
||
|
13D2B730000
|
heap
|
page read and write
|
||
|
1B960D50000
|
heap
|
page read and write
|
||
|
1E587C50000
|
heap
|
page read and write
|
||
|
46D0FFE000
|
stack
|
page read and write
|
||
|
1F95A5E0000
|
heap
|
page read and write
|
||
|
17FF5CE000
|
stack
|
page read and write
|
||
|
13D2B920000
|
heap
|
page read and write
|
||
|
20DD1ECD000
|
heap
|
page read and write
|
||
|
1AF62170000
|
heap
|
page read and write
|
||
|
1AF61E50000
|
heap
|
page read and write
|
||
|
7FF8BFAB0000
|
unkown
|
page readonly
|
||
|
20DD1EC0000
|
heap
|
page read and write
|
||
|
150E8528000
|
heap
|
page read and write
|
||
|
29597BF000
|
stack
|
page read and write
|
||
|
946A7C000
|
stack
|
page read and write
|
||
|
A50687C000
|
stack
|
page read and write
|
||
|
150E8520000
|
heap
|
page read and write
|
||
|
1B960D5F000
|
heap
|
page read and write
|
||
|
1F553EB0000
|
heap
|
page read and write
|
||
|
1BB533E8000
|
heap
|
page read and write
|
||
|
1B961040000
|
heap
|
page read and write
|
||
|
1BB53730000
|
heap
|
page read and write
|
||
|
1B961045000
|
heap
|
page read and write
|
||
|
90A091F000
|
stack
|
page read and write
|
||
|
1AF61F38000
|
heap
|
page read and write
|
||
|
20DD1E40000
|
heap
|
page read and write
|
||
|
1B962900000
|
heap
|
page read and write
|
||
|
7FF8BFAB0000
|
unkown
|
page readonly
|
||
|
7FF8BFAB1000
|
unkown
|
page execute read
|
||
|
1F554260000
|
heap
|
page read and write
|
||
|
1F553F90000
|
heap
|
page read and write
|
||
|
20DD1E70000
|
heap
|
page read and write
|
||
|
1B960F50000
|
heap
|
page read and write
|
||
|
150E8640000
|
heap
|
page read and write
|
There are 110 hidden memdumps, click here to show them.