Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DHL Receipt 004673321.pdf.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_DHL Receipt 0046_911b9e89922c235ef4e82c3c139b3fb9135432f_68ab9102_70a48827-f773-4bb6-b935-f81c6f14a8e7\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC932.tmp.dmp
|
Mini DuMP crash report, 16 streams, Thu Apr 18 19:19:32 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCA8B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCAAB.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\DHL Receipt 004673321.pdf.exe
|
"C:\Users\user\Desktop\DHL Receipt 004673321.pdf.exe"
|
|
|
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 2964 -s 1000
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{87e42d5c-fb6b-f450-58e7-3e756b0752a7}\Root\InventoryApplicationFile\dhl receipt 0046|94062bddc5dab652
|
ProgramId
|
||
|
\REGISTRY\A\{87e42d5c-fb6b-f450-58e7-3e756b0752a7}\Root\InventoryApplicationFile\dhl receipt 0046|94062bddc5dab652
|
FileId
|
||
|
\REGISTRY\A\{87e42d5c-fb6b-f450-58e7-3e756b0752a7}\Root\InventoryApplicationFile\dhl receipt 0046|94062bddc5dab652
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{87e42d5c-fb6b-f450-58e7-3e756b0752a7}\Root\InventoryApplicationFile\dhl receipt 0046|94062bddc5dab652
|
LongPathHash
|
||
|
\REGISTRY\A\{87e42d5c-fb6b-f450-58e7-3e756b0752a7}\Root\InventoryApplicationFile\dhl receipt 0046|94062bddc5dab652
|
Name
|
||
|
\REGISTRY\A\{87e42d5c-fb6b-f450-58e7-3e756b0752a7}\Root\InventoryApplicationFile\dhl receipt 0046|94062bddc5dab652
|
OriginalFileName
|
||
|
\REGISTRY\A\{87e42d5c-fb6b-f450-58e7-3e756b0752a7}\Root\InventoryApplicationFile\dhl receipt 0046|94062bddc5dab652
|
Publisher
|
||
|
\REGISTRY\A\{87e42d5c-fb6b-f450-58e7-3e756b0752a7}\Root\InventoryApplicationFile\dhl receipt 0046|94062bddc5dab652
|
Version
|
||
|
\REGISTRY\A\{87e42d5c-fb6b-f450-58e7-3e756b0752a7}\Root\InventoryApplicationFile\dhl receipt 0046|94062bddc5dab652
|
BinFileVersion
|
||
|
\REGISTRY\A\{87e42d5c-fb6b-f450-58e7-3e756b0752a7}\Root\InventoryApplicationFile\dhl receipt 0046|94062bddc5dab652
|
BinaryType
|
||
|
\REGISTRY\A\{87e42d5c-fb6b-f450-58e7-3e756b0752a7}\Root\InventoryApplicationFile\dhl receipt 0046|94062bddc5dab652
|
ProductName
|
||
|
\REGISTRY\A\{87e42d5c-fb6b-f450-58e7-3e756b0752a7}\Root\InventoryApplicationFile\dhl receipt 0046|94062bddc5dab652
|
ProductVersion
|
||
|
\REGISTRY\A\{87e42d5c-fb6b-f450-58e7-3e756b0752a7}\Root\InventoryApplicationFile\dhl receipt 0046|94062bddc5dab652
|
LinkDate
|
||
|
\REGISTRY\A\{87e42d5c-fb6b-f450-58e7-3e756b0752a7}\Root\InventoryApplicationFile\dhl receipt 0046|94062bddc5dab652
|
BinProductVersion
|
||
|
\REGISTRY\A\{87e42d5c-fb6b-f450-58e7-3e756b0752a7}\Root\InventoryApplicationFile\dhl receipt 0046|94062bddc5dab652
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{87e42d5c-fb6b-f450-58e7-3e756b0752a7}\Root\InventoryApplicationFile\dhl receipt 0046|94062bddc5dab652
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{87e42d5c-fb6b-f450-58e7-3e756b0752a7}\Root\InventoryApplicationFile\dhl receipt 0046|94062bddc5dab652
|
Size
|
||
|
\REGISTRY\A\{87e42d5c-fb6b-f450-58e7-3e756b0752a7}\Root\InventoryApplicationFile\dhl receipt 0046|94062bddc5dab652
|
Language
|
||
|
\REGISTRY\A\{87e42d5c-fb6b-f450-58e7-3e756b0752a7}\Root\InventoryApplicationFile\dhl receipt 0046|94062bddc5dab652
|
Usn
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
20D40F4000
|
stack
|
page read and write
|
||
|
17F6FC5D000
|
heap
|
page read and write
|
||
|
17F6FA22000
|
unkown
|
page readonly
|
||
|
17F6FDA0000
|
heap
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
17F6FA20000
|
unkown
|
page readonly
|
||
|
17F6FC2F000
|
heap
|
page read and write
|
||
|
17F6FC1B000
|
heap
|
page read and write
|
||
|
7FF848E04000
|
trusted library allocation
|
page read and write
|
||
|
17F00001000
|
trusted library allocation
|
page read and write
|
||
|
17F6FCAD000
|
heap
|
page read and write
|
||
|
17F6FD15000
|
heap
|
page read and write
|
||
|
7FF4703E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
17F1009B000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
17F6FDB3000
|
trusted library allocation
|
page read and write
|
||
|
17F6FD20000
|
heap
|
page read and write
|
||
|
20D43FE000
|
stack
|
page read and write
|
||
|
7FF848DF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
20D45FD000
|
stack
|
page read and write
|
||
|
20D47FE000
|
stack
|
page read and write
|
||
|
7FF848DF4000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
17F100A5000
|
trusted library allocation
|
page read and write
|
||
|
17F6FEA5000
|
heap
|
page read and write
|
||
|
20D41FE000
|
stack
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
17F6FA55000
|
unkown
|
page readonly
|
||
|
20D46FE000
|
stack
|
page read and write
|
||
|
17F6FBD0000
|
heap
|
page read and write
|
||
|
20D44FF000
|
stack
|
page read and write
|
||
|
17F7165B000
|
heap
|
page read and write
|
||
|
17F10067000
|
trusted library allocation
|
page read and write
|
||
|
17F10003000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
17F6FBFC000
|
heap
|
page read and write
|
||
|
17F6FD10000
|
heap
|
page read and write
|
||
|
17F6FA60000
|
unkown
|
page readonly
|
||
|
17F6FAF0000
|
heap
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
17F71820000
|
heap
|
page execute and read and write
|
||
|
20D42FE000
|
stack
|
page read and write
|
||
|
20D48FE000
|
stack
|
page read and write
|
||
|
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
17F10008000
|
trusted library allocation
|
page read and write
|
||
|
17F6FCF0000
|
heap
|
page read and write
|
||
|
17F100A7000
|
trusted library allocation
|
page read and write
|
||
|
17F6FC22000
|
heap
|
page read and write
|
||
|
7FF848EAC000
|
trusted library allocation
|
page execute and read and write
|
||
|
17F6FC32000
|
heap
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
17F6FD90000
|
trusted library allocation
|
page read and write
|
||
|
17F6FEA0000
|
heap
|
page read and write
|
||
|
17F10001000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
17F72090000
|
heap
|
page execute and read and write
|
||
|
17F6FDB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E1B000
|
trusted library allocation
|
page execute and read and write
|
||
|
17F6FCBE000
|
heap
|
page read and write
|
||
|
17F6FD70000
|
trusted library allocation
|
page read and write
|
||
|
17F6FBF0000
|
heap
|
page read and write
|
There are 52 hidden memdumps, click here to show them.