Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
msvcp110.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_aspnet_regiis.ex_c7496913b9c4ddf6a8ea5944b8f620d91bfba12_edfe2fff_6d2334a9-d117-4c9d-a14b-c975bce9f6c7\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_aspnet_regiis.ex_c7496913b9c4ddf6a8ea5944b8f620d91bfba12_edfe2fff_73e42fea-b641-47b7-9191-6583a7169bb0\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_aspnet_regiis.ex_c7496913b9c4ddf6a8ea5944b8f620d91bfba12_edfe2fff_e6cff271-b88a-43cf-821c-19466915ba55\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER264A.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Oct 24 19:50:50 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2745.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2765.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2A03.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Oct 24 19:50:51 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2AA0.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2AE0.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBC16.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Oct 24 19:50:23 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC0CA.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC119.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\msvcp110.dll,GetGameData
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",GetGameData
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
|
|
|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\msvcp110.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 1244
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 1260
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 1268
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://95.217.125.57
|
unknown
|
|
|
|
http://95.217.125.57/
|
95.217.125.57
|
|
|
|
http://95.217.125.57/2f571d994666c8cb.php
|
|
||
|
http://95.217.125.57/b
|
unknown
|
||
|
http://95.217.125.57/~
|
unknown
|
||
|
http://95.217.125.57R/
|
unknown
|
||
|
http://95.217.125.57/jXl
|
unknown
|
||
|
http://95.217.125.57/R
|
unknown
|
||
|
http://95.217.125.57/1
|
unknown
|
||
|
http://95.217.125.57/IXK
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://95.217.125.57h
|
unknown
|
||
|
http://95.217.125.57/.
|
unknown
|
||
|
http://95.217.125.57/2=
|
unknown
|
||
|
http://95.217.125.57/Y
|
unknown
|
There are 5 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
95.217.125.57
|
unknown
|
Germany
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
ProgramId
|
||
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
FileId
|
||
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
LongPathHash
|
||
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
Name
|
||
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
OriginalFileName
|
||
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
Publisher
|
||
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
Version
|
||
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
BinFileVersion
|
||
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
BinaryType
|
||
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
ProductName
|
||
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
ProductVersion
|
||
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
LinkDate
|
||
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
BinProductVersion
|
||
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
Size
|
||
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
Language
|
||
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
IsOsComponent
|
||
|
\REGISTRY\A\{3721b53b-1291-730f-0807-7f557202b832}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 16 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3557000
|
heap
|
page read and write
|
|
|
|
740000
|
remote allocation
|
page execute and read and write
|
|
|
|
3000000
|
remote allocation
|
page execute and read and write
|
|
|
|
321A000
|
remote allocation
|
page execute and read and write
|
|
|
|
3517000
|
heap
|
page read and write
|
|
|
|
7DA000
|
remote allocation
|
page execute and read and write
|
|
|
|
3180000
|
remote allocation
|
page execute and read and write
|
|
|
|
309A000
|
remote allocation
|
page execute and read and write
|
|
|
|
3027000
|
heap
|
page read and write
|
|
|
|
1CE2F000
|
stack
|
page read and write
|
||
|
3062000
|
remote allocation
|
page execute and read and write
|
||
|
2D7F000
|
stack
|
page read and write
|
||
|
1D08D000
|
stack
|
page read and write
|
||
|
99C000
|
remote allocation
|
page readonly
|
||
|
98B000
|
heap
|
page read and write
|
||
|
7CF000
|
remote allocation
|
page execute and read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
C3B000
|
stack
|
page read and write
|
||
|
1D5DF000
|
stack
|
page read and write
|
||
|
37DF000
|
stack
|
page read and write
|
||
|
1D2DF000
|
stack
|
page read and write
|
||
|
C4F000
|
stack
|
page read and write
|
||
|
1D760000
|
heap
|
page read and write
|
||
|
3416000
|
heap
|
page read and write
|
||
|
1C74E000
|
stack
|
page read and write
|
||
|
3550000
|
heap
|
page read and write
|
||
|
3465000
|
heap
|
page read and write
|
||
|
1D75E000
|
stack
|
page read and write
|
||
|
1CE9E000
|
stack
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
34F0000
|
heap
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
3205000
|
remote allocation
|
page execute and read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
93E000
|
stack
|
page read and write
|
||
|
A4F000
|
stack
|
page read and write
|
||
|
1D171000
|
heap
|
page read and write
|
||
|
70B000
|
stack
|
page read and write
|
||
|
98A000
|
remote allocation
|
page execute and read and write
|
||
|
D0F000
|
stack
|
page read and write
|
||
|
389E000
|
stack
|
page read and write
|
||
|
315E000
|
stack
|
page read and write
|
||
|
C7C000
|
stack
|
page read and write
|
||
|
1D65E000
|
stack
|
page read and write
|
||
|
306F000
|
heap
|
page read and write
|
||
|
33FE000
|
stack
|
page read and write
|
||
|
2E65000
|
heap
|
page read and write
|
||
|
2DAF000
|
stack
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
324A000
|
remote allocation
|
page execute and read and write
|
||
|
1CF9F000
|
stack
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
478E000
|
stack
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
305A000
|
remote allocation
|
page execute and read and write
|
||
|
302B000
|
remote allocation
|
page execute and read and write
|
||
|
3430000
|
heap
|
page readonly
|
||
|
B60000
|
heap
|
page read and write
|
||
|
ACF000
|
stack
|
page read and write
|
||
|
37DF000
|
stack
|
page read and write
|
||
|
1D60E000
|
stack
|
page read and write
|
||
|
1CBCF000
|
stack
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
98F000
|
heap
|
page read and write
|
||
|
3557000
|
heap
|
page read and write
|
||
|
1D901000
|
heap
|
page read and write
|
||
|
2E67000
|
heap
|
page read and write
|
||
|
1D04D000
|
stack
|
page read and write
|
||
|
3088000
|
remote allocation
|
page execute and read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
3460000
|
heap
|
page read and write
|
||
|
1D2F0000
|
heap
|
page read and write
|
||
|
308F000
|
remote allocation
|
page execute and read and write
|
||
|
15B000
|
stack
|
page read and write
|
||
|
7A2000
|
remote allocation
|
page execute and read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
79A000
|
remote allocation
|
page execute and read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
1DA00000
|
trusted library allocation
|
page read and write
|
||
|
38DE000
|
stack
|
page read and write
|
||
|
36D0000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
2C7C000
|
stack
|
page read and write
|
||
|
1CC0D000
|
stack
|
page read and write
|
||
|
2680000
|
heap
|
page read and write
|
||
|
2FC3000
|
heap
|
page read and write
|
||
|
1D1DE000
|
stack
|
page read and write
|
||
|
1D46F000
|
stack
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
480E000
|
stack
|
page read and write
|
||
|
1CACE000
|
stack
|
page read and write
|
||
|
305C000
|
stack
|
page read and write
|
||
|
76B000
|
remote allocation
|
page execute and read and write
|
||
|
36D3000
|
heap
|
page read and write
|
||
|
321F000
|
stack
|
page read and write
|
||
|
369D000
|
stack
|
page read and write
|
||
|
3417000
|
heap
|
page read and write
|
||
|
3085000
|
remote allocation
|
page execute and read and write
|
||
|
1D170000
|
heap
|
page read and write
|
||
|
1D5AF000
|
stack
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
35AF000
|
heap
|
page read and write
|
||
|
1D4AD000
|
stack
|
page read and write
|
||
|
4910000
|
heap
|
page read and write
|
||
|
7C5000
|
remote allocation
|
page execute and read and write
|
||
|
1CD0C000
|
stack
|
page read and write
|
||
|
3467000
|
heap
|
page read and write
|
||
|
A8E000
|
stack
|
page read and write
|
||
|
31AB000
|
remote allocation
|
page execute and read and write
|
||
|
2E5A000
|
heap
|
page read and write
|
||
|
A6A000
|
heap
|
page read and write
|
||
|
47CF000
|
stack
|
page read and write
|
||
|
D4F000
|
stack
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
359C000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
1D46D000
|
stack
|
page read and write
|
||
|
1D36E000
|
stack
|
page read and write
|
||
|
1D4DE000
|
stack
|
page read and write
|
||
|
3053000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
34AE000
|
stack
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
1D70F000
|
stack
|
page read and write
|
||
|
1D18D000
|
stack
|
page read and write
|
||
|
1D8AF000
|
stack
|
page read and write
|
||
|
53A000
|
heap
|
page read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
1D7AE000
|
stack
|
page read and write
|
||
|
3208000
|
remote allocation
|
page execute and read and write
|
||
|
B9F000
|
stack
|
page read and write
|
||
|
484F000
|
stack
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
2DF0000
|
heap
|
page readonly
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
31DA000
|
remote allocation
|
page execute and read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
33CA000
|
remote allocation
|
page execute and read and write
|
||
|
325C000
|
remote allocation
|
page readonly
|
||
|
38F0000
|
heap
|
page read and write
|
||
|
3068000
|
heap
|
page read and write
|
||
|
320F000
|
remote allocation
|
page execute and read and write
|
||
|
3084000
|
heap
|
page read and write
|
||
|
301E000
|
remote allocation
|
page readonly
|
||
|
355D000
|
heap
|
page read and write
|
||
|
8FC000
|
stack
|
page read and write
|
||
|
1D26F000
|
stack
|
page read and write
|
||
|
1CFEE000
|
stack
|
page read and write
|
||
|
385E000
|
stack
|
page read and write
|
||
|
3155000
|
stack
|
page read and write
|
||
|
351F000
|
stack
|
page read and write
|
||
|
1D270000
|
trusted library allocation
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
319E000
|
remote allocation
|
page readonly
|
||
|
1D0EE000
|
stack
|
page read and write
|
||
|
2F9E000
|
stack
|
page read and write
|
||
|
74C000
|
stack
|
page read and write
|
||
|
3360000
|
heap
|
page readonly
|
||
|
1CE4E000
|
stack
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
2DA5000
|
stack
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
52C000
|
stack
|
page read and write
|
||
|
3596000
|
heap
|
page read and write
|
||
|
1CD4E000
|
stack
|
page read and write
|
||
|
A7C000
|
heap
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
75E000
|
remote allocation
|
page readonly
|
||
|
590000
|
heap
|
page read and write
|
||
|
356D000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
31E2000
|
remote allocation
|
page execute and read and write
|
||
|
2CAC000
|
stack
|
page read and write
|
||
|
7C8000
|
remote allocation
|
page execute and read and write
|
||
|
381E000
|
stack
|
page read and write
|
||
|
2D75000
|
stack
|
page read and write
|
||
|
38F3000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
1D761000
|
heap
|
page read and write
|
||
|
33AE000
|
stack
|
page read and write
|
||
|
1D900000
|
heap
|
page read and write
|
||
|
33DC000
|
remote allocation
|
page readonly
|
||
|
3510000
|
heap
|
page read and write
|
||
|
1D36E000
|
stack
|
page read and write
|
||
|
1D860000
|
trusted library allocation
|
page read and write
|
There are 184 hidden memdumps, click here to show them.