Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PZeeiI8aEf.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_PZe_ced3c48b2bf601fe68be5aa72dcd4dc5c33715c_8bd14101_6a66bfd5-96c7-4879-8057-4d049a2f0f2a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_PZe_ced3c48b2bf601fe68be5aa72dcd4dc5c33715c_8bd14101_cb449d0a-b869-4457-bac0-a3e7e6dc8378\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4514.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sun Nov 24 10:33:22 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4592.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER45C1.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER502F.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sun Nov 24 10:33:24 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER508E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER50ED.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\PZeeiI8aEf.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\PZeeiI8aEf.dll",#1
|
||
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\PZeeiI8aEf.dll
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\PZeeiI8aEf.dll,DllCanUnloadNow
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\PZeeiI8aEf.dll",#1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\PZeeiI8aEf.dll,DllGetClassObject
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7772 -s 428
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\PZeeiI8aEf.dll",DllCanUnloadNow
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\PZeeiI8aEf.dll",DllGetClassObject
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 8008 -s 428
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{1c2ede8f-5320-be92-4395-d0c8ee22076c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1000FF000
|
stack
|
page read and write
|
||
|
2BC010E0000
|
heap
|
page read and write
|
||
|
3A0CF8F000
|
stack
|
page read and write
|
||
|
D82F8FE000
|
stack
|
page read and write
|
||
|
187237C0000
|
heap
|
page read and write
|
||
|
1DFEE7F0000
|
heap
|
page read and write
|
||
|
47B000
|
stack
|
page read and write
|
||
|
200B1560000
|
heap
|
page read and write
|
||
|
187237C5000
|
heap
|
page read and write
|
||
|
DA26CFE000
|
stack
|
page read and write
|
||
|
200F000
|
stack
|
page read and write
|
||
|
7FF8F7FE6000
|
unkown
|
page read and write
|
||
|
187235F0000
|
heap
|
page read and write
|
||
|
10017E000
|
stack
|
page read and write
|
||
|
1691B4A0000
|
heap
|
page read and write
|
||
|
200B15A8000
|
heap
|
page read and write
|
||
|
2BF42F20000
|
heap
|
page read and write
|
||
|
2BC00E30000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
2BC00F70000
|
heap
|
page read and write
|
||
|
2BF42F58000
|
heap
|
page read and write
|
||
|
2BF42DF0000
|
heap
|
page read and write
|
||
|
7FF8F7FD2000
|
unkown
|
page readonly
|
||
|
687000
|
heap
|
page read and write
|
||
|
200B1805000
|
heap
|
page read and write
|
||
|
D82F87C000
|
stack
|
page read and write
|
||
|
10007C000
|
stack
|
page read and write
|
||
|
1DFEE7C0000
|
heap
|
page read and write
|
||
|
7FF8F7FE6000
|
unkown
|
page read and write
|
||
|
635000
|
heap
|
page read and write
|
||
|
D92699E000
|
stack
|
page read and write
|
||
|
D926CFF000
|
stack
|
page read and write
|
||
|
1691CB70000
|
heap
|
page read and write
|
||
|
1DFEE870000
|
heap
|
page read and write
|
||
|
2BF42EF0000
|
heap
|
page read and write
|
||
|
2BC00F30000
|
heap
|
page read and write
|
||
|
3A0D27F000
|
stack
|
page read and write
|
||
|
2BF42ED0000
|
heap
|
page read and write
|
||
|
1DFEE898000
|
heap
|
page read and write
|
||
|
2BC02A40000
|
heap
|
page read and write
|
||
|
1691B1E8000
|
heap
|
page read and write
|
||
|
7FF8F7FD2000
|
unkown
|
page readonly
|
||
|
2BF42F4D000
|
heap
|
page read and write
|
||
|
67B000
|
heap
|
page read and write
|
||
|
7FF8F7FE9000
|
unkown
|
page readonly
|
||
|
DA26BFF000
|
stack
|
page read and write
|
||
|
7FF8F7FE9000
|
unkown
|
page readonly
|
||
|
187234F0000
|
heap
|
page read and write
|
||
|
2BF42EF0000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
D82F97F000
|
stack
|
page read and write
|
||
|
200B15A0000
|
heap
|
page read and write
|
||
|
1691B4A5000
|
heap
|
page read and write
|
||
|
1DC1FFF000
|
stack
|
page read and write
|
||
|
200B1800000
|
heap
|
page read and write
|
||
|
1691B140000
|
heap
|
page read and write
|
||
|
1691B120000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
D926C7F000
|
stack
|
page read and write
|
||
|
DA26AFB000
|
stack
|
page read and write
|
||
|
200B1540000
|
heap
|
page read and write
|
||
|
DA26DFF000
|
stack
|
page read and write
|
||
|
7FF8F7FA0000
|
unkown
|
page readonly
|
||
|
200B30F0000
|
heap
|
page read and write
|
||
|
1F8F000
|
stack
|
page read and write
|
||
|
18723610000
|
heap
|
page read and write
|
||
|
679000
|
heap
|
page read and write
|
||
|
1691B040000
|
heap
|
page read and write
|
||
|
2BC00F10000
|
heap
|
page read and write
|
||
|
3A0CE8C000
|
stack
|
page read and write
|
||
|
1DC1E7C000
|
stack
|
page read and write
|
||
|
1DC1F7F000
|
stack
|
page read and write
|
||
|
2BF431D0000
|
heap
|
page read and write
|
||
|
1DC1EFF000
|
stack
|
page read and write
|
||
|
2BF42F40000
|
heap
|
page read and write
|
||
|
2BC00F8C000
|
heap
|
page read and write
|
||
|
1DFF02D0000
|
heap
|
page read and write
|
||
|
1DFEE890000
|
heap
|
page read and write
|
||
|
200B1460000
|
heap
|
page read and write
|
||
|
18725140000
|
heap
|
page read and write
|
||
|
187235D0000
|
heap
|
page read and write
|
||
|
18723618000
|
heap
|
page read and write
|
||
|
7FF8F7FA1000
|
unkown
|
page execute read
|
||
|
3A0CF0F000
|
stack
|
page read and write
|
||
|
1DFEE875000
|
heap
|
page read and write
|
||
|
7FF8F7FA0000
|
unkown
|
page readonly
|
||
|
630000
|
heap
|
page read and write
|
||
|
2BC010E5000
|
heap
|
page read and write
|
||
|
D92691C000
|
stack
|
page read and write
|
||
|
1DFEE7D0000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
2BC00F78000
|
heap
|
page read and write
|
||
|
1691B1E0000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
7FF8F7FA1000
|
unkown
|
page execute read
|
||
|
200B15AE000
|
heap
|
page read and write
|
There are 86 hidden memdumps, click here to show them.