Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
SecuriteInfo.com.Win64.MalwareX-gen.25386.29459.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll64.exe_83d7658075697faf82dae1b6e36e235ee8a8d718_606702e6_22fcbf14-ec94-4383-beac-402187bc688a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Sec_b3df15ac964da365734eb0cc6046eff31cf5caf_b7084328_c92913f6-3767-4343-9511-395a78195274\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER453F.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Apr 23 22:28:01 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER45DC.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER460C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4F80.tmp.dmp
|
Mini DuMP crash report, 15 streams, Tue Apr 23 22:28:04 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4FCF.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER500F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.25386.29459.dll"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.25386.29459.dll",#1
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.25386.29459.dll",#1
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6352 -s 496
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 2060 -s 456
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://upx.sf.net
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
ProgramId
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
FileId
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
LowerCaseLongPath
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
LongPathHash
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
Name
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
OriginalFileName
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
Publisher
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
Version
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
BinFileVersion
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
BinaryType
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
ProductName
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
ProductVersion
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
LinkDate
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
BinProductVersion
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
AppxPackageFullName
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
Size
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
Language
|
||
\REGISTRY\A\{dfe03f77-4639-44f1-c262-53f6c2ffc52d}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
Usn
|
There are 29 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
7FFDFF1D1000
|
unkown
|
page execute read
|
||
1DEF7EE0000
|
heap
|
page read and write
|
||
7FFDFF2F3000
|
unkown
|
page read and write
|
||
7FFDFF303000
|
unkown
|
page readonly
|
||
2ACBD1B4000
|
heap
|
page read and write
|
||
1DEF7C9C000
|
heap
|
page read and write
|
||
7FFDFF2F7000
|
unkown
|
page readonly
|
||
2ACBEAE0000
|
heap
|
page read and write
|
||
CDFE5FB000
|
stack
|
page read and write
|
||
7FFDFF1D0000
|
unkown
|
page readonly
|
||
2ACBD17D000
|
heap
|
page read and write
|
||
1DEF7C83000
|
heap
|
page read and write
|
||
CEA907E000
|
stack
|
page read and write
|
||
1DEF7BB0000
|
heap
|
page read and write
|
||
2ACBEB00000
|
trusted library allocation
|
page read and write
|
||
2ACBEB00000
|
trusted library allocation
|
page read and write
|
||
2ACBD130000
|
heap
|
page read and write
|
||
1DEF7AB0000
|
heap
|
page read and write
|
||
1DEF7C80000
|
heap
|
page read and write
|
||
1DEF7C84000
|
heap
|
page read and write
|
||
7FFDFF2F7000
|
unkown
|
page readonly
|
||
2ACBEB00000
|
trusted library allocation
|
page read and write
|
||
1DEF7B90000
|
heap
|
page read and write
|
||
1DEF7C10000
|
trusted library allocation
|
page read and write
|
||
1DEFAD50000
|
heap
|
page read and write
|
||
CDFE9FF000
|
stack
|
page read and write
|
||
1DEF9500000
|
trusted library allocation
|
page read and write
|
||
7FFDFF2A7000
|
unkown
|
page readonly
|
||
7FFDFF1D1000
|
unkown
|
page execute read
|
||
1DEFAE53000
|
heap
|
page read and write
|
||
2ACBD1BE000
|
heap
|
page read and write
|
||
CEA8DAE000
|
stack
|
page read and write
|
||
1DEF7EE5000
|
heap
|
page read and write
|
||
7FFDFF2F3000
|
unkown
|
page read and write
|
||
2ACBEB00000
|
trusted library allocation
|
page read and write
|
||
1DEF7C9C000
|
heap
|
page read and write
|
||
1DEF7C72000
|
heap
|
page read and write
|
||
1DEF7CA4000
|
heap
|
page read and write
|
||
2ACBD179000
|
heap
|
page read and write
|
||
1DEF7C10000
|
trusted library allocation
|
page read and write
|
||
1DEF7C84000
|
heap
|
page read and write
|
||
1DEF7C4E000
|
heap
|
page read and write
|
||
1DEF9500000
|
trusted library allocation
|
page read and write
|
||
1DEF7C76000
|
heap
|
page read and write
|
||
2ACBD170000
|
heap
|
page read and write
|
||
1DEF7C10000
|
trusted library allocation
|
page read and write
|
||
2ACBEBF0000
|
heap
|
page read and write
|
||
2ACBD1BD000
|
heap
|
page read and write
|
||
1DEFAE50000
|
heap
|
page read and write
|
||
2ACBD188000
|
heap
|
page read and write
|
||
1DEF9500000
|
trusted library allocation
|
page read and write
|
||
2ACBEB00000
|
trusted library allocation
|
page read and write
|
||
2ACBEB23000
|
heap
|
page read and write
|
||
1DEF7C10000
|
trusted library allocation
|
page read and write
|
||
CDFE8FF000
|
stack
|
page read and write
|
||
1DEF7C7A000
|
heap
|
page read and write
|
||
7FFDFF1D0000
|
unkown
|
page readonly
|
||
1DEF7C83000
|
heap
|
page read and write
|
||
2ACBEB20000
|
heap
|
page read and write
|
||
2ACBEB00000
|
trusted library allocation
|
page read and write
|
||
2ACBEB00000
|
trusted library allocation
|
page read and write
|
||
1DEF7C74000
|
heap
|
page read and write
|
||
1DEF7C9C000
|
heap
|
page read and write
|
||
2ACBD120000
|
heap
|
page read and write
|
||
1DEF7C77000
|
heap
|
page read and write
|
||
2ACBEB00000
|
trusted library allocation
|
page read and write
|
||
1DEF9500000
|
trusted library allocation
|
page read and write
|
||
1DEF7C10000
|
trusted library allocation
|
page read and write
|
||
2ACBEB50000
|
heap
|
page read and write
|
||
1DEF7C6D000
|
heap
|
page read and write
|
||
7FFDFF2A7000
|
unkown
|
page readonly
|
||
CEA8D2B000
|
stack
|
page read and write
|
||
2ACBEB00000
|
trusted library allocation
|
page read and write
|
||
1DEF7C40000
|
heap
|
page read and write
|
||
1DEF7C47000
|
heap
|
page read and write
|
||
7FFDFF303000
|
unkown
|
page readonly
|
||
2ACBEB00000
|
trusted library allocation
|
page read and write
|
||
1DEF9500000
|
trusted library allocation
|
page read and write
|
There are 68 hidden memdumps, click here to show them.