Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
u9R1HA4M7B.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_u9R_ce3539d85b1c5ec68c954104cf626e03175e8a_93eaf31b_315cf41d-180d-42fe-9df9-a19be070e75b\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_u9R_ce3539d85b1c5ec68c954104cf626e03175e8a_93eaf31b_4d33789e-b009-45d7-956c-442afac19bec\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_u9R_ce3539d85b1c5ec68c954104cf626e03175e8a_93eaf31b_ab11d3bd-b6ac-4ab3-b71a-426236c34122\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_u9R_ce3539d85b1c5ec68c954104cf626e03175e8a_93eaf31b_b8be7178-c123-40e8-8433-717dd469d09c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB829.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 25 20:12:52 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB82A.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 25 20:12:52 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB8D6.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB904.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB915.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB963.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC2B8.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 25 20:12:54 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC2F7.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC337.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCEDD.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 25 20:12:57 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCF1D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCF5C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\u9R1HA4M7B.dll"
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\u9R1HA4M7B.dll,_CreateFrameInfo
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\u9R1HA4M7B.dll",#1
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\u9R1HA4M7B.dll,_CxxThrowException
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\u9R1HA4M7B.dll,_FindAndUnlinkFrame
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\u9R1HA4M7B.dll",#1
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 2336 -s 140
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6432 -s 232
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7296 -s 128
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7424 -s 236
|
There are 1 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://upx.sf.net
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
\REGISTRY\A\{91d27c8e-b4af-c2f6-e340-7762155bba0f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
233F4080000
|
heap
|
page read and write
|
||
7FFE14641000
|
unkown
|
page read and write
|
||
7FFE14646000
|
unkown
|
page write copy
|
||
2210A3A0000
|
heap
|
page read and write
|
||
2515E545000
|
heap
|
page read and write
|
||
2515E540000
|
heap
|
page read and write
|
||
7FFE14647000
|
unkown
|
page readonly
|
||
63606AD000
|
stack
|
page read and write
|
||
2515E558000
|
heap
|
page read and write
|
||
7FFE14647000
|
unkown
|
page readonly
|
||
7FFE14641000
|
unkown
|
page read and write
|
||
15E1A180000
|
heap
|
page read and write
|
||
7FFE14647000
|
unkown
|
page readonly
|
||
7FFE14631000
|
unkown
|
page execute and write copy
|
||
15E1A260000
|
heap
|
page read and write
|
||
7FFE14641000
|
unkown
|
page read and write
|
||
78A2FFF000
|
stack
|
page read and write
|
||
2515E500000
|
heap
|
page read and write
|
||
2210A360000
|
heap
|
page read and write
|
||
7FFE14641000
|
unkown
|
page read and write
|
||
93458FE000
|
stack
|
page read and write
|
||
2515E420000
|
heap
|
page read and write
|
||
20445580000
|
heap
|
page read and write
|
||
7FFE14647000
|
unkown
|
page readonly
|
||
934587D000
|
stack
|
page read and write
|
||
7FFE14630000
|
unkown
|
page readonly
|
||
7FFE14631000
|
unkown
|
page execute and write copy
|
||
7FFE14630000
|
unkown
|
page readonly
|
||
78A32FF000
|
stack
|
page read and write
|
||
190CD8F000
|
stack
|
page read and write
|
||
20445920000
|
heap
|
page read and write
|
||
7FFE14646000
|
unkown
|
page write copy
|
||
2210A230000
|
heap
|
page read and write
|
||
B189D7F000
|
stack
|
page read and write
|
||
233F4100000
|
heap
|
page read and write
|
||
204455A0000
|
heap
|
page read and write
|
||
636072E000
|
stack
|
page read and write
|
||
7FFE14641000
|
unkown
|
page read and write
|
||
2044564A000
|
heap
|
page read and write
|
||
15E1A320000
|
heap
|
page read and write
|
||
20445630000
|
heap
|
page read and write
|
||
2210A26F000
|
heap
|
page read and write
|
||
204454A0000
|
heap
|
page read and write
|
||
233F4107000
|
heap
|
page read and write
|
||
2210A3A5000
|
heap
|
page read and write
|
||
78A31FF000
|
stack
|
page read and write
|
||
7FFE14647000
|
unkown
|
page readonly
|
||
2210A260000
|
heap
|
page read and write
|
||
78A2EF9000
|
stack
|
page read and write
|
||
2210A150000
|
heap
|
page read and write
|
||
7FFE14631000
|
unkown
|
page execute and write copy
|
||
233F410E000
|
heap
|
page read and write
|
||
15E1A290000
|
heap
|
page read and write
|
||
7FFE14646000
|
unkown
|
page write copy
|
||
7FFE14646000
|
unkown
|
page write copy
|
||
2515E520000
|
heap
|
page read and write
|
||
233F4060000
|
heap
|
page read and write
|
||
15E1A2A0000
|
heap
|
page read and write
|
||
2210A267000
|
heap
|
page read and write
|
||
190D07E000
|
stack
|
page read and write
|
||
7FFE14631000
|
unkown
|
page execute and write copy
|
||
7FFE14631000
|
unkown
|
page execute and write copy
|
||
2044563D000
|
heap
|
page read and write
|
||
934597E000
|
stack
|
page read and write
|
||
233F40A5000
|
heap
|
page read and write
|
||
15E1A328000
|
heap
|
page read and write
|
||
B189CFE000
|
stack
|
page read and write
|
||
233F4050000
|
heap
|
page read and write
|
||
233F40A0000
|
heap
|
page read and write
|
||
63607AF000
|
stack
|
page read and write
|
||
190CD0D000
|
stack
|
page read and write
|
||
7FFE14646000
|
unkown
|
page write copy
|
||
7FFE14630000
|
unkown
|
page readonly
|
||
7FFE14630000
|
unkown
|
page readonly
|
||
7FFE14630000
|
unkown
|
page readonly
|
||
15E1A295000
|
heap
|
page read and write
|
||
B189C7D000
|
stack
|
page read and write
|
||
2515E550000
|
heap
|
page read and write
|
There are 68 hidden memdumps, click here to show them.