Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
UIxMarketPlugin.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_6a4b12cc5ab5a864a1114bf7acfd58aabbffc_7522e4b5_2ed9bbc9-d9dc-40e8-8bc1-c2b2b18dc67e\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_6a4b12cc5ab5a864a1114bf7acfd58aabbffc_7522e4b5_6d591dea-2ba8-4815-b033-90e29eb221c5\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_f4a2262f4d43d5b9ac2196a348f57232fa6b6712_7522e4b5_4a8c2699-ff11-4fe9-b765-eff75ae06606\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_f4a2262f4d43d5b9ac2196a348f57232fa6b6712_7522e4b5_881e2de0-372e-410d-9f8d-be4be5931c9d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1C48.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Apr 20 09:35:00 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1C67.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Apr 20 09:35:00 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E8B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1ED9.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1F28.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1F76.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER26A8.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Apr 20 09:35:02 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2716.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER27D3.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3E85.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Apr 20 09:35:08 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3EE4.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3F14.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\UIxMarketPlugin.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\UIxMarketPlugin.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\UIxMarketPlugin.dll,MarketCreate
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\UIxMarketPlugin.dll",#1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 664
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 672
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\UIxMarketPlugin.dll,MarketRelease
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 664
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\UIxMarketPlugin.dll,_Finalize@0
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\UIxMarketPlugin.dll",MarketCreate
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\UIxMarketPlugin.dll",MarketRelease
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\UIxMarketPlugin.dll",_Finalize@0
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\UIxMarketPlugin.dll",_Initialize@4
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 664
|
There are 5 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProgramId
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
FileId
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LongPathHash
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Name
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
OriginalFileName
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Publisher
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Version
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinFileVersion
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinaryType
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductName
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductVersion
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LinkDate
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinProductVersion
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Size
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Language
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
IsOsComponent
|
||
|
\REGISTRY\A\{edf5fc96-a67f-f995-f15e-b06eaa9e8c20}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800EC2355F6C
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
There are 15 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2B60000
|
heap
|
page read and write
|
||
|
2AFE000
|
stack
|
page read and write
|
||
|
346E000
|
stack
|
page read and write
|
||
|
166B000
|
heap
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
61E000
|
stack
|
page read and write
|
||
|
5030000
|
heap
|
page read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
65F000
|
stack
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
45B0000
|
heap
|
page read and write
|
||
|
34BA000
|
heap
|
page read and write
|
||
|
6CCA3000
|
unkown
|
page read and write
|
||
|
4244000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
448F000
|
stack
|
page read and write
|
||
|
3E9E000
|
stack
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
48A0000
|
heap
|
page read and write
|
||
|
61B000
|
stack
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
6CCAA000
|
unkown
|
page read and write
|
||
|
4DA000
|
heap
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
4FB7000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
450F000
|
stack
|
page read and write
|
||
|
4F00000
|
remote allocation
|
page read and write
|
||
|
329C000
|
stack
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
4210000
|
heap
|
page read and write
|
||
|
4240000
|
heap
|
page read and write
|
||
|
4E50000
|
heap
|
page read and write
|
||
|
323C000
|
stack
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
6CCA3000
|
unkown
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
4FB0000
|
heap
|
page read and write
|
||
|
4590000
|
heap
|
page read and write
|
||
|
2D76000
|
heap
|
page read and write
|
||
|
6CB40000
|
unkown
|
page readonly
|
||
|
27FE000
|
stack
|
page read and write
|
||
|
362F000
|
stack
|
page read and write
|
||
|
6CCB1000
|
unkown
|
page readonly
|
||
|
142E000
|
stack
|
page read and write
|
||
|
6CB40000
|
unkown
|
page readonly
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
6CB41000
|
unkown
|
page execute read
|
||
|
4AA0000
|
heap
|
page read and write
|
||
|
146E000
|
stack
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
34AF000
|
stack
|
page read and write
|
||
|
2BD7000
|
heap
|
page read and write
|
||
|
1660000
|
heap
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
6CCB1000
|
unkown
|
page readonly
|
||
|
1694000
|
heap
|
page read and write
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
4800000
|
heap
|
page read and write
|
||
|
166F000
|
heap
|
page read and write
|
||
|
325B000
|
stack
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
15B000
|
stack
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
2C7C000
|
stack
|
page read and write
|
||
|
6CC5F000
|
unkown
|
page readonly
|
||
|
6CB40000
|
unkown
|
page readonly
|
||
|
47C000
|
stack
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
42EE000
|
stack
|
page read and write
|
||
|
65C000
|
stack
|
page read and write
|
||
|
4DF0000
|
heap
|
page read and write
|
||
|
16AE000
|
heap
|
page read and write
|
||
|
3527000
|
heap
|
page read and write
|
||
|
6CCB1000
|
unkown
|
page readonly
|
||
|
47AE000
|
stack
|
page read and write
|
||
|
26FE000
|
stack
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
185F000
|
stack
|
page read and write
|
||
|
6CCAA000
|
unkown
|
page read and write
|
||
|
41C0000
|
heap
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
3524000
|
heap
|
page read and write
|
||
|
6CCA3000
|
unkown
|
page read and write
|
||
|
410F000
|
stack
|
page read and write
|
||
|
3710000
|
heap
|
page read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
3237000
|
heap
|
page read and write
|
||
|
6CB40000
|
unkown
|
page readonly
|
||
|
19C000
|
stack
|
page read and write
|
||
|
41D0000
|
heap
|
page read and write
|
||
|
3EDF000
|
stack
|
page read and write
|
||
|
2747000
|
heap
|
page read and write
|
||
|
3520000
|
heap
|
page read and write
|
||
|
2ABF000
|
stack
|
page read and write
|
||
|
34AE000
|
stack
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
4FB4000
|
heap
|
page read and write
|
||
|
2FDB000
|
stack
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
6CC5F000
|
unkown
|
page readonly
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
F9B000
|
stack
|
page read and write
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
2CEA000
|
heap
|
page read and write
|
||
|
6CCA3000
|
unkown
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
4970000
|
heap
|
page read and write
|
||
|
43B000
|
stack
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
34EF000
|
stack
|
page read and write
|
||
|
4977000
|
heap
|
page read and write
|
||
|
6CCB1000
|
unkown
|
page readonly
|
||
|
4247000
|
heap
|
page read and write
|
||
|
26E0000
|
heap
|
page read and write
|
||
|
4010000
|
heap
|
page read and write
|
||
|
16AE000
|
heap
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
278C000
|
stack
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
3540000
|
heap
|
page read and write
|
||
|
14C0000
|
heap
|
page read and write
|
||
|
2820000
|
heap
|
page read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
4620000
|
heap
|
page read and write
|
||
|
6CB40000
|
unkown
|
page readonly
|
||
|
2D4A000
|
heap
|
page read and write
|
||
|
6CCAA000
|
unkown
|
page read and write
|
||
|
3F54000
|
heap
|
page read and write
|
||
|
4974000
|
heap
|
page read and write
|
||
|
6CCA3000
|
unkown
|
page read and write
|
||
|
3BB000
|
stack
|
page read and write
|
||
|
2740000
|
heap
|
page read and write
|
||
|
3F57000
|
heap
|
page read and write
|
||
|
6CB41000
|
unkown
|
page execute read
|
||
|
346F000
|
stack
|
page read and write
|
||
|
4200000
|
heap
|
page read and write
|
||
|
3F50000
|
heap
|
page read and write
|
||
|
6CC5F000
|
unkown
|
page readonly
|
||
|
6CB41000
|
unkown
|
page execute read
|
||
|
283A000
|
heap
|
page read and write
|
||
|
2D5A000
|
heap
|
page read and write
|
||
|
2A3E000
|
stack
|
page read and write
|
||
|
1678000
|
heap
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
35EE000
|
stack
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
2BD4000
|
heap
|
page read and write
|
||
|
6CCAA000
|
unkown
|
page read and write
|
||
|
6CCB1000
|
unkown
|
page readonly
|
||
|
273F000
|
stack
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
340E000
|
stack
|
page read and write
|
||
|
405F000
|
stack
|
page read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
432F000
|
stack
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
6CC5F000
|
unkown
|
page readonly
|
||
|
3420000
|
heap
|
page read and write
|
||
|
44CE000
|
stack
|
page read and write
|
||
|
3FC000
|
stack
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
2856000
|
heap
|
page read and write
|
||
|
6CCAA000
|
unkown
|
page read and write
|
||
|
3F1E000
|
stack
|
page read and write
|
||
|
6CB41000
|
unkown
|
page execute read
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
15FF000
|
stack
|
page read and write
|
||
|
6CB41000
|
unkown
|
page execute read
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
3510000
|
heap
|
page read and write
|
||
|
6CC5F000
|
unkown
|
page readonly
|
||
|
274B000
|
stack
|
page read and write
|
||
|
2744000
|
heap
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
354A000
|
heap
|
page read and write
|
||
|
2820000
|
heap
|
page read and write
|
||
|
45D0000
|
heap
|
page read and write
|
||
|
47EF000
|
stack
|
page read and write
|
||
|
12FC000
|
stack
|
page read and write
|
||
|
2B5E000
|
stack
|
page read and write
|
||
|
3234000
|
heap
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
3700000
|
heap
|
page read and write
|
||
|
4F6000
|
heap
|
page read and write
|
||
|
282A000
|
heap
|
page read and write
|
||
|
2C3B000
|
stack
|
page read and write
|
||
|
2B3F000
|
stack
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
4597000
|
heap
|
page read and write
|
||
|
4594000
|
heap
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
There are 192 hidden memdumps, click here to show them.