Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
db_Usr.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_db__1b87ef64a16ad462376f2db4ab981261bef3b791_c73d58ab_b2f3ca5e-b9ba-4fcb-873e-24a2179dcc68\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_db__2f24483d5cae89ea74bb89d749f146a03c193cde_c73d58ab_2446f0af-ab7b-41de-b85f-917e3e32776e\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_db__2f24483d5cae89ea74bb89d749f146a03c193cde_c73d58ab_9f936d4a-ed4d-4bd6-86dd-a6521ac0b55c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_db__2f24483d5cae89ea74bb89d749f146a03c193cde_c73d58ab_f7d2f3ff-f520-43dc-8b1d-015fa9db15e6\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER119B.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 25 20:04:01 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER11D9.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 25 20:04:01 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1238.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1267.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER12C6.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1304.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2B0E.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 25 20:04:07 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2BAC.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C49.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3ACE.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 25 20:04:11 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3C94.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D12.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\db_Usr.dll,GetAnalyzerInterfaceByType
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\db_Usr.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\db_Usr.dll,GetAnalyzerTypes
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\db_Usr.dll,GetConfiguratorInterfaceByType
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\db_Usr.dll",GetAnalyzerInterfaceByType
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\db_Usr.dll",GetAnalyzerTypes
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\db_Usr.dll",GetConfiguratorInterfaceByType
|
|
|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\db_Usr.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\db_Usr.dll",#1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 2956 -s 332
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 4068 -s 316
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6180 -s 328
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 3496 -s 328
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.219.221.136
|
unknown
|
Sweden
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{8286b274-b65a-51ac-8b1e-e808d3197a98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
59E14FF000
|
stack
|
page read and write
|
||
|
FFC90FF000
|
stack
|
page read and write
|
||
|
1FB369F0000
|
heap
|
page read and write
|
||
|
180053000
|
unkown
|
page read and write
|
||
|
18005B000
|
unkown
|
page readonly
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
20644E58000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
18005B000
|
unkown
|
page readonly
|
||
|
972C4FF000
|
stack
|
page read and write
|
||
|
180061000
|
unkown
|
page readonly
|
||
|
180053000
|
unkown
|
page read and write
|
||
|
180054000
|
unkown
|
page write copy
|
||
|
DCB2EFC000
|
stack
|
page read and write
|
||
|
195B4460000
|
direct allocation
|
page execute and read and write
|
||
|
180058000
|
unkown
|
page read and write
|
||
|
2D900538000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
20C5A6D0000
|
heap
|
page read and write
|
||
|
18005B000
|
unkown
|
page readonly
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
18127B68000
|
heap
|
page read and write
|
||
|
180058000
|
unkown
|
page read and write
|
||
|
18127D55000
|
heap
|
page read and write
|
||
|
180061000
|
unkown
|
page readonly
|
||
|
1FB36818000
|
heap
|
page read and write
|
||
|
18127D50000
|
heap
|
page read and write
|
||
|
1FB36AA0000
|
heap
|
page read and write
|
||
|
18003B000
|
unkown
|
page readonly
|
||
|
8EAB5BF000
|
stack
|
page read and write
|
||
|
195B41D0000
|
heap
|
page read and write
|
||
|
2425D5B0000
|
heap
|
page read and write
|
||
|
180058000
|
unkown
|
page read and write
|
||
|
180053000
|
unkown
|
page read and write
|
||
|
321047F000
|
stack
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
59E157F000
|
stack
|
page read and write
|
||
|
18003B000
|
unkown
|
page readonly
|
||
|
2A2C0E20000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
DCB2FFF000
|
stack
|
page read and write
|
||
|
FFC91FF000
|
stack
|
page read and write
|
||
|
195B44D5000
|
heap
|
page read and write
|
||
|
180061000
|
unkown
|
page readonly
|
||
|
180058000
|
unkown
|
page read and write
|
||
|
2425D3C8000
|
heap
|
page read and write
|
||
|
18003B000
|
unkown
|
page readonly
|
||
|
2D900350000
|
heap
|
page read and write
|
||
|
1FB36A10000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
18127B60000
|
heap
|
page read and write
|
||
|
2A2C1030000
|
heap
|
page read and write
|
||
|
20C5C1A0000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
180061000
|
unkown
|
page readonly
|
||
|
18005B000
|
unkown
|
page readonly
|
||
|
1FB382F0000
|
heap
|
page read and write
|
||
|
20644DC0000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
180053000
|
unkown
|
page read and write
|
||
|
20644CB0000
|
heap
|
page read and write
|
||
|
180061000
|
unkown
|
page readonly
|
||
|
32101CC000
|
stack
|
page read and write
|
||
|
1FB36AA5000
|
heap
|
page read and write
|
||
|
20644D90000
|
heap
|
page read and write
|
||
|
FFC8D7C000
|
stack
|
page read and write
|
||
|
18005B000
|
unkown
|
page readonly
|
||
|
2A2C1125000
|
heap
|
page read and write
|
||
|
180053000
|
unkown
|
page read and write
|
||
|
20646710000
|
remote allocation
|
page read and write
|
||
|
18127C80000
|
heap
|
page read and write
|
||
|
DCB2F7E000
|
stack
|
page read and write
|
||
|
59E147C000
|
stack
|
page read and write
|
||
|
195B4320000
|
heap
|
page read and write
|
||
|
18003B000
|
unkown
|
page readonly
|
||
|
180054000
|
unkown
|
page write copy
|
||
|
8EAB53C000
|
stack
|
page read and write
|
||
|
1FB36810000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
2A2C2A00000
|
heap
|
page read and write
|
||
|
2425D745000
|
heap
|
page read and write
|
||
|
18003B000
|
unkown
|
page readonly
|
||
|
20644DC5000
|
heap
|
page read and write
|
||
|
180054000
|
unkown
|
page write copy
|
||
|
180061000
|
unkown
|
page readonly
|
||
|
20C5A6F0000
|
heap
|
page read and write
|
||
|
18127A80000
|
heap
|
page read and write
|
||
|
180058000
|
unkown
|
page read and write
|
||
|
180053000
|
unkown
|
page read and write
|
||
|
195B432F000
|
heap
|
page read and write
|
||
|
2D900520000
|
heap
|
page read and write
|
||
|
180054000
|
unkown
|
page write copy
|
||
|
20C5A5F0000
|
heap
|
page read and write
|
||
|
180061000
|
unkown
|
page readonly
|
||
|
2A2C0F30000
|
heap
|
page read and write
|
||
|
20C5A8E0000
|
heap
|
page read and write
|
||
|
2A2C0F38000
|
heap
|
page read and write
|
||
|
181296B0000
|
heap
|
page read and write
|
||
|
972C47F000
|
stack
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
2425D740000
|
heap
|
page read and write
|
||
|
2D900430000
|
heap
|
page read and write
|
||
|
180058000
|
unkown
|
page read and write
|
||
|
1FB36910000
|
heap
|
page read and write
|
||
|
20644E50000
|
heap
|
page read and write
|
||
|
FF6B58C000
|
stack
|
page read and write
|
||
|
2425D3C0000
|
heap
|
page read and write
|
||
|
18003B000
|
unkown
|
page readonly
|
||
|
18005B000
|
unkown
|
page readonly
|
||
|
2A2C1120000
|
heap
|
page read and write
|
||
|
8EAB87F000
|
stack
|
page read and write
|
||
|
180054000
|
unkown
|
page write copy
|
||
|
2425D6A0000
|
heap
|
page read and write
|
||
|
20C5A6F8000
|
heap
|
page read and write
|
||
|
195B5E20000
|
heap
|
page read and write
|
||
|
180053000
|
unkown
|
page read and write
|
||
|
195B4328000
|
heap
|
page read and write
|
||
|
20644DD0000
|
heap
|
page read and write
|
||
|
2425D590000
|
heap
|
page read and write
|
||
|
180054000
|
unkown
|
page write copy
|
||
|
195B42B0000
|
heap
|
page read and write
|
||
|
195B44D0000
|
heap
|
page read and write
|
||
|
20646780000
|
heap
|
page read and write
|
||
|
18003B000
|
unkown
|
page readonly
|
||
|
2425D3B0000
|
heap
|
page read and write
|
||
|
18127C60000
|
heap
|
page read and write
|
||
|
20C5A8E5000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
195B42D0000
|
heap
|
page read and write
|
||
|
20C5A870000
|
direct allocation
|
page execute and read and write
|
||
|
2A2C0F3F000
|
heap
|
page read and write
|
||
|
18005B000
|
unkown
|
page readonly
|
||
|
2D9007F0000
|
heap
|
page read and write
|
||
|
972C1FC000
|
stack
|
page read and write
|
||
|
32104FF000
|
stack
|
page read and write
|
||
|
2D900470000
|
heap
|
page read and write
|
||
|
180058000
|
unkown
|
page read and write
|
||
|
2D90052D000
|
heap
|
page read and write
|
||
|
20C5A7F0000
|
heap
|
page read and write
|
||
|
7A7467C000
|
stack
|
page read and write
|
||
|
2A2C0F00000
|
heap
|
page read and write
|
||
|
180054000
|
unkown
|
page write copy
|
There are 134 hidden memdumps, click here to show them.