Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DHL04AWB01173903102023PDF.scr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Slbemaalsflyvningers\Chirming.scr
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsbBACD.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nseB51F.tmp
|
data
|
dropped
|
||
|
C:\Users\user\Nonhieratical\Apicad\Outjinx\Nonnavigableness\Competed\Coccosteid.Udr
|
data
|
dropped
|
||
|
C:\Users\user\Nonhieratical\Clavichordist\benenders\Actionfilm\Sortsrenheden\TableTextServiceYi.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Nonhieratical\Clavichordist\benenders\Actionfilm\Sortsrenheden\Z_Custom2.ini
|
Generic INItialization configuration [allData0]
|
dropped
|
||
|
C:\Users\user\Nonhieratical\Clavichordist\benenders\Actionfilm\Sortsrenheden\msado25.tlb
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\Nonhieratical\Counts\Convolution\Dottily\ArtDeco_brown_22.bmp
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=3], baseline, precision 8, 110x110, components 3
|
dropped
|
||
|
C:\Users\user\Nonhieratical\Counts\Convolution\Dottily\Iconology.Ess
|
ASCII text, with very long lines (57606), with no line terminators
|
dropped
|
||
|
C:\Users\user\Nonhieratical\Extracorpuscular\APM_DefConvertor.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\Nonhieratical\Thonny\Yderligheders\Samtalernes\Sikkerhedsventilen\ContactsApi.dll
|
PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\Nonhieratical\Thonny\Yderligheders\Samtalernes\Sikkerhedsventilen\Sports-Wallpapers-1.jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x786,
components 3
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\DHL04AWB01173903102023PDF.scr.exe
|
C:\Users\user\Desktop\DHL04AWB01173903102023PDF.scr.exe
|
|
|
|
C:\Users\user\Desktop\DHL04AWB01173903102023PDF.scr.exe
|
C:\Users\user\Desktop\DHL04AWB01173903102023PDF.scr.exe
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://cdn.discordapp.com/attachments/503469199062990850/1085873812794523729/NxXRtUXfgqSkIuV181.bin
|
162.159.129.233
|
||
|
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://www.nero.com
|
unknown
|
||
|
https://cdn.discordapp.com/t
|
unknown
|
||
|
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
|
unknown
|
||
|
http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
|
unknown
|
||
|
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
|
unknown
|
||
|
https://cdn.discordapp.com/
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
|
unknown
|
||
|
http://www.gopher.ftp://ftp.
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
There are 5 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
milliondollar23.duckdns.org
|
79.134.225.111
|
|
|
|
cdn.discordapp.com
|
162.159.129.233
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
79.134.225.111
|
milliondollar23.duckdns.org
|
Switzerland
|
|
|
|
162.159.129.233
|
cdn.discordapp.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
|
Postkassernes
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Goodtemperedness\Rendets
|
Skramles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Undisguisedness\Landboeres\Usseligt
|
Servicearbejde
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-TUJMU2
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-TUJMU2
|
licence
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6C55000
|
direct allocation
|
page execute and read and write
|
|
|
|
4772000
|
heap
|
page read and write
|
|
|
|
1F545C00000
|
heap
|
page read and write
|
||
|
1D0000
|
unclassified section
|
page readonly
|
||
|
2477B86B000
|
heap
|
page read and write
|
||
|
2477B85F000
|
heap
|
page read and write
|
||
|
18B71A5E000
|
heap
|
page read and write
|
||
|
4720000
|
heap
|
page read and write
|
||
|
1F545232000
|
heap
|
page read and write
|
||
|
2477B802000
|
heap
|
page read and write
|
||
|
1F545120000
|
heap
|
page read and write
|
||
|
230E000
|
stack
|
page read and write
|
||
|
BC8587E000
|
stack
|
page read and write
|
||
|
5690000
|
direct allocation
|
page execute and read and write
|
||
|
434000
|
unkown
|
page read and write
|
||
|
44E000
|
unkown
|
page readonly
|
||
|
257E1CF7000
|
heap
|
page read and write
|
||
|
357D000
|
stack
|
page read and write
|
||
|
257E1CC0000
|
heap
|
page read and write
|
||
|
2530000
|
heap
|
page read and write
|
||
|
4E90000
|
trusted library allocation
|
page read and write
|
||
|
DED489C000
|
stack
|
page read and write
|
||
|
1F545200000
|
heap
|
page read and write
|
||
|
532000
|
heap
|
page read and write
|
||
|
257E1E90000
|
heap
|
page read and write
|
||
|
3481C000
|
stack
|
page read and write
|
||
|
52C000
|
heap
|
page read and write
|
||
|
2477B86E000
|
heap
|
page read and write
|
||
|
257E1D25000
|
heap
|
page read and write
|
||
|
2220000
|
heap
|
page read and write
|
||
|
29FF000
|
heap
|
page read and write
|
||
|
257E1D15000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
2477B6E0000
|
heap
|
page read and write
|
||
|
2477B848000
|
heap
|
page read and write
|
||
|
8055000
|
direct allocation
|
page execute and read and write
|
||
|
2477B800000
|
heap
|
page read and write
|
||
|
476B000
|
heap
|
page read and write
|
||
|
10003000
|
unkown
|
page readonly
|
||
|
5EA000
|
unkown
|
page execute read
|
||
|
2995000
|
heap
|
page read and write
|
||
|
44E000
|
unkown
|
page readonly
|
||
|
2477B680000
|
heap
|
page read and write
|
||
|
1F545A70000
|
heap
|
page readonly
|
||
|
257E1CC9000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
18B71A51000
|
heap
|
page read and write
|
||
|
257E1D25000
|
heap
|
page read and write
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
257E1BB0000
|
heap
|
page read and write
|
||
|
5EC000
|
unkown
|
page execute read
|
||
|
3499C000
|
stack
|
page read and write
|
||
|
298F000
|
heap
|
page read and write
|
||
|
2520000
|
trusted library section
|
page read and write
|
||
|
4C2F07B000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
18B71A74000
|
heap
|
page read and write
|
||
|
70F1C7B000
|
stack
|
page read and write
|
||
|
A2F000
|
stack
|
page read and write
|
||
|
18B71A2A000
|
heap
|
page read and write
|
||
|
534000
|
heap
|
page read and write
|
||
|
47E7000
|
heap
|
page read and write
|
||
|
33FC0000
|
direct allocation
|
page read and write
|
||
|
2477B855000
|
heap
|
page read and write
|
||
|
18B71A7B000
|
heap
|
page read and write
|
||
|
18B72202000
|
trusted library allocation
|
page read and write
|
||
|
3710000
|
direct allocation
|
page read and write
|
||
|
1F545C15000
|
heap
|
page read and write
|
||
|
2477B82A000
|
heap
|
page read and write
|
||
|
7AF000
|
stack
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
526000
|
heap
|
page read and write
|
||
|
626000
|
unkown
|
page execute read
|
||
|
5EE000
|
unkown
|
page execute read
|
||
|
401000
|
unkown
|
page execute read
|
||
|
30000
|
heap
|
page read and write
|
||
|
34650000
|
remote allocation
|
page read and write
|
||
|
2477BA00000
|
heap
|
page read and write
|
||
|
2477B86E000
|
heap
|
page read and write
|
||
|
2477B7E0000
|
unclassified section
|
page readonly
|
||
|
34BDF000
|
stack
|
page read and write
|
||
|
4EE000
|
heap
|
page read and write
|
||
|
34650000
|
remote allocation
|
page read and write
|
||
|
522000
|
heap
|
page read and write
|
||
|
2477B83E000
|
heap
|
page read and write
|
||
|
257E1D18000
|
heap
|
page read and write
|
||
|
18B71830000
|
heap
|
page read and write
|
||
|
46AE000
|
stack
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
5F2000
|
unkown
|
page execute read
|
||
|
401000
|
unkown
|
page execute read
|
||
|
346CF000
|
stack
|
page read and write
|
||
|
257E2040000
|
heap
|
page read and write
|
||
|
BC852FC000
|
stack
|
page read and write
|
||
|
1F54523E000
|
heap
|
page read and write
|
||
|
1F545257000
|
heap
|
page read and write
|
||
|
3580000
|
heap
|
page read and write
|
||
|
18B71A13000
|
heap
|
page read and write
|
||
|
2477B825000
|
heap
|
page read and write
|
||
|
7655000
|
direct allocation
|
page execute and read and write
|
||
|
1F545150000
|
unclassified section
|
page readonly
|
||
|
18B71A41000
|
heap
|
page read and write
|
||
|
10005000
|
unkown
|
page readonly
|
||
|
98000
|
stack
|
page read and write
|
||
|
4728000
|
heap
|
page read and write
|
||
|
2477B863000
|
heap
|
page read and write
|
||
|
2477B87D000
|
heap
|
page read and write
|
||
|
3625000
|
remote allocation
|
page execute and read and write
|
||
|
1660000
|
remote allocation
|
page execute and read and write
|
||
|
70F1D7F000
|
unkown
|
page read and write
|
||
|
533000
|
heap
|
page read and write
|
||
|
1F545170000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
257E1CFD000
|
heap
|
page read and write
|
||
|
47EB000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
20000
|
unclassified section
|
page readonly
|
||
|
20000
|
unclassified section
|
page readonly
|
||
|
1F5451F0000
|
trusted library allocation
|
page read and write
|
||
|
297F000
|
stack
|
page read and write
|
||
|
257E1D11000
|
heap
|
page read and write
|
||
|
257E1D13000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
31E4000
|
heap
|
page read and write
|
||
|
448000
|
unkown
|
page read and write
|
||
|
22CE000
|
stack
|
page read and write
|
||
|
18B71A02000
|
heap
|
page read and write
|
||
|
2477B813000
|
heap
|
page read and write
|
||
|
5F0000
|
unkown
|
page execute read
|
||
|
1F545235000
|
heap
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
1E5000
|
heap
|
page read and write
|
||
|
2477B85B000
|
heap
|
page read and write
|
||
|
3451E000
|
stack
|
page read and write
|
||
|
3590000
|
heap
|
page read and write
|
||
|
34000000
|
heap
|
page read and write
|
||
|
47A3000
|
heap
|
page read and write
|
||
|
6150000
|
trusted library allocation
|
page read and write
|
||
|
33D61000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
18B71A60000
|
heap
|
page read and write
|
||
|
426000
|
unkown
|
page read and write
|
||
|
257E1CFE000
|
heap
|
page read and write
|
||
|
1825000
|
remote allocation
|
page execute and read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
44C000
|
unkown
|
page read and write
|
||
|
8EE000
|
stack
|
page read and write
|
||
|
18B71A73000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
33D60000
|
heap
|
page read and write
|
||
|
70F1FFF000
|
stack
|
page read and write
|
||
|
4DE000
|
stack
|
page read and write
|
||
|
55A000
|
heap
|
page read and write
|
||
|
BC8597E000
|
stack
|
page read and write
|
||
|
18B71A6B000
|
heap
|
page read and write
|
||
|
523000
|
heap
|
page read and write
|
||
|
1F545160000
|
unclassified section
|
page readonly
|
||
|
2477BFF0000
|
trusted library allocation
|
page read and write
|
||
|
3471E000
|
stack
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
536000
|
heap
|
page read and write
|
||
|
257E1C20000
|
heap
|
page read and write
|
||
|
47E7000
|
heap
|
page read and write
|
||
|
1F545C02000
|
heap
|
page read and write
|
||
|
3468E000
|
stack
|
page read and write
|
||
|
478D000
|
heap
|
page read and write
|
||
|
2368000
|
heap
|
page read and write
|
||
|
47FB000
|
heap
|
page read and write
|
||
|
1F5450C0000
|
heap
|
page read and write
|
||
|
53F000
|
heap
|
page read and write
|
||
|
18B71950000
|
heap
|
page read and write
|
||
|
46EF000
|
stack
|
page read and write
|
||
|
257E1D18000
|
heap
|
page read and write
|
||
|
257E1CF1000
|
heap
|
page read and write
|
||
|
257E1D25000
|
heap
|
page read and write
|
||
|
18B719A0000
|
trusted library allocation
|
page read and write
|
||
|
18B71930000
|
unclassified section
|
page readonly
|
||
|
3455F000
|
stack
|
page read and write
|
||
|
1D0000
|
unclassified section
|
page readonly
|
||
|
347C000
|
stack
|
page read and write
|
||
|
257E1D26000
|
heap
|
page read and write
|
||
|
649000
|
unkown
|
page execute read
|
||
|
5E8000
|
unkown
|
page execute read
|
||
|
257E1D0E000
|
heap
|
page read and write
|
||
|
92E000
|
stack
|
page read and write
|
||
|
34ADC000
|
stack
|
page read and write
|
||
|
33F30000
|
heap
|
page read and write
|
||
|
553000
|
heap
|
page read and write
|
||
|
2477B840000
|
heap
|
page read and write
|
||
|
BC85A7A000
|
stack
|
page read and write
|
||
|
10020000
|
trusted library allocation
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
555000
|
heap
|
page read and write
|
||
|
1F545202000
|
heap
|
page read and write
|
||
|
1E5000
|
heap
|
page read and write
|
||
|
5855000
|
direct allocation
|
page execute and read and write
|
||
|
47A3000
|
heap
|
page read and write
|
||
|
1F545302000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
61D7000
|
trusted library allocation
|
page read and write
|
||
|
10059000
|
trusted library allocation
|
page read and write
|
||
|
2477B902000
|
heap
|
page read and write
|
||
|
42C000
|
unkown
|
page read and write
|
||
|
18B717C0000
|
heap
|
page read and write
|
||
|
34C1E000
|
stack
|
page read and write
|
||
|
4EA000
|
heap
|
page read and write
|
||
|
1F5451C0000
|
trusted library allocation
|
page read and write
|
||
|
18B71A47000
|
heap
|
page read and write
|
||
|
48A0000
|
heap
|
page read and write
|
||
|
34D1F000
|
stack
|
page read and write
|
||
|
34650000
|
remote allocation
|
page read and write
|
||
|
257E1D18000
|
heap
|
page read and write
|
||
|
18B71940000
|
unclassified section
|
page readonly
|
||
|
4B20000
|
heap
|
page read and write
|
||
|
257E1CF8000
|
heap
|
page read and write
|
||
|
257E2045000
|
heap
|
page read and write
|
||
|
3485E000
|
stack
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
6255000
|
direct allocation
|
page execute and read and write
|
||
|
479E000
|
heap
|
page read and write
|
||
|
47F7000
|
heap
|
page read and write
|
||
|
2225000
|
remote allocation
|
page execute and read and write
|
||
|
2534000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
2C25000
|
remote allocation
|
page execute and read and write
|
||
|
2510000
|
trusted library section
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
33EE0000
|
direct allocation
|
page read and write
|
||
|
2477C202000
|
trusted library allocation
|
page read and write
|
||
|
18B71A80000
|
heap
|
page read and write
|
||
|
9E000
|
stack
|
page read and write
|
||
|
4797000
|
heap
|
page read and write
|
||
|
70F1E7F000
|
unkown
|
page read and write
|
||
|
19F000
|
stack
|
page read and write
|
||
|
18B71A27000
|
heap
|
page read and write
|
||
|
55D000
|
heap
|
page read and write
|
||
|
33EA0000
|
direct allocation
|
page read and write
|
||
|
29EC000
|
heap
|
page read and write
|
||
|
246E000
|
stack
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
421000
|
unkown
|
page read and write
|
||
|
2477B7F0000
|
unclassified section
|
page readonly
|
||
|
4C2F2FC000
|
stack
|
page read and write
|
||
|
34A9F000
|
stack
|
page read and write
|
||
|
2477B839000
|
heap
|
page read and write
|
||
|
44E000
|
unkown
|
page readonly
|
||
|
1F545213000
|
heap
|
page read and write
|
||
|
2477B867000
|
heap
|
page read and write
|
||
|
2477B831000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4025000
|
remote allocation
|
page execute and read and write
|
||
|
18B71B02000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2500000
|
trusted library section
|
page read and write
|
||
|
18B71A7C000
|
heap
|
page read and write
|
||
|
3495F000
|
stack
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
18B71A00000
|
heap
|
page read and write
|
||
|
3750000
|
direct allocation
|
page read and write
|
There are 251 hidden memdumps, click here to show them.