Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fil_4bdbc898aa41e69a58d6ca0b49de377bd76f77_d75f6fa5_76820721-d08e-48f8-b510-448c0ca67010\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER36CC.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Oct 2 17:01:53 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER395E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER39CC.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\file.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
|
||
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\file.dll
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\file.dll,CheckMozJavaPlugins
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",#1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\file.dll,DllCanUnloadNow
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\file.dll,DllGetClassObject
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6664 -s 348
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
15.164.165.52.in-addr.arpa
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{d625298d-89d5-045f-a78f-5a0ba660725c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
There are 14 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
24454770000
|
heap
|
page read and write
|
||
|
C0AECF7000
|
stack
|
page read and write
|
||
|
24454850000
|
heap
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
264CA9F0000
|
heap
|
page read and write
|
||
|
E76000
|
stack
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
7FFD9DFC3000
|
unkown
|
page readonly
|
||
|
FF9000
|
heap
|
page read and write
|
||
|
7FFD9DFE0000
|
unkown
|
page read and write
|
||
|
E433557000
|
stack
|
page read and write
|
||
|
251392A0000
|
heap
|
page read and write
|
||
|
246E8EF0000
|
heap
|
page read and write
|
||
|
251396B0000
|
heap
|
page read and write
|
||
|
246E9225000
|
heap
|
page read and write
|
||
|
E78000
|
stack
|
page read and write
|
||
|
FFB000
|
heap
|
page read and write
|
||
|
C70859E000
|
stack
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
9EB1FCF000
|
stack
|
page read and write
|
||
|
246E9220000
|
heap
|
page read and write
|
||
|
F9743E9000
|
stack
|
page read and write
|
||
|
246E9200000
|
heap
|
page read and write
|
||
|
9EB227F000
|
stack
|
page read and write
|
||
|
25139280000
|
heap
|
page read and write
|
||
|
F9743E7000
|
stack
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
264C90D5000
|
heap
|
page read and write
|
||
|
24456290000
|
heap
|
page read and write
|
||
|
E433559000
|
stack
|
page read and write
|
||
|
2B5E9118000
|
heap
|
page read and write
|
||
|
25139308000
|
heap
|
page read and write
|
||
|
244548D8000
|
heap
|
page read and write
|
||
|
7FFD9DF90000
|
unkown
|
page readonly
|
||
|
7FFD9DF91000
|
unkown
|
page execute read
|
||
|
1007000
|
heap
|
page read and write
|
||
|
1019000
|
heap
|
page read and write
|
||
|
244548ED000
|
heap
|
page read and write
|
||
|
244548D0000
|
heap
|
page read and write
|
||
|
24454880000
|
heap
|
page read and write
|
||
|
7FFD9DFE3000
|
unkown
|
page readonly
|
||
|
251396B5000
|
heap
|
page read and write
|
||
|
2513AE90000
|
heap
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
2B5E9109000
|
heap
|
page read and write
|
||
|
246E9010000
|
heap
|
page read and write
|
||
|
C70851C000
|
stack
|
page read and write
|
||
|
C0AECFC000
|
stack
|
page read and write
|
||
|
C708519000
|
stack
|
page read and write
|
||
|
C708517000
|
stack
|
page read and write
|
||
|
1012000
|
heap
|
page read and write
|
||
|
24454885000
|
heap
|
page read and write
|
||
|
264C8D20000
|
heap
|
page read and write
|
||
|
2B5E9127000
|
heap
|
page read and write
|
||
|
2B5E90A0000
|
heap
|
page read and write
|
||
|
246E8FF0000
|
heap
|
page read and write
|
||
|
E43355C000
|
stack
|
page read and write
|
||
|
F9743EC000
|
stack
|
page read and write
|
||
|
246E9018000
|
heap
|
page read and write
|
||
|
E43387F000
|
stack
|
page read and write
|
||
|
246E8FD0000
|
heap
|
page read and write
|
||
|
C70887F000
|
stack
|
page read and write
|
||
|
E7B000
|
stack
|
page read and write
|
||
|
264C90D0000
|
heap
|
page read and write
|
||
|
24454890000
|
heap
|
page read and write
|
||
|
E4335DE000
|
stack
|
page read and write
|
||
|
1225000
|
heap
|
page read and write
|
||
|
25139300000
|
heap
|
page read and write
|
||
|
264C8DE0000
|
heap
|
page read and write
|
||
|
9EB1F4F000
|
stack
|
page read and write
|
||
|
117F000
|
stack
|
page read and write
|
||
|
9EB1F47000
|
stack
|
page read and write
|
||
|
264C8D40000
|
heap
|
page read and write
|
||
|
264C8D10000
|
heap
|
page read and write
|
||
|
25139270000
|
heap
|
page read and write
|
||
|
2B5E9090000
|
heap
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
F97467F000
|
stack
|
page read and write
|
||
|
C0AECF9000
|
stack
|
page read and write
|
||
|
2B5E910D000
|
heap
|
page read and write
|
||
|
264C8DE8000
|
heap
|
page read and write
|
||
|
2B5EABC0000
|
heap
|
page read and write
|
||
|
2B5E90D0000
|
heap
|
page read and write
|
||
|
2B5E9100000
|
heap
|
page read and write
|
There are 74 hidden memdumps, click here to show them.