Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
HEATEXCHANGER-PDF.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_HEATEXCHANGER-PD_ec9db82188bfd47b4ee296545b4bc3ad7550_48574fd9_563e9c03-a463-43bd-b1db-3ae7d27a7a43\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER496C.tmp.dmp
|
Mini DuMP crash report, 16 streams, Mon May 27 10:30:33 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4E30.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4EAE.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\HEATEXCHANGER-PDF.exe
|
"C:\Users\user\Desktop\HEATEXCHANGER-PDF.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5656 -s 1060
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://r3.o.lencr.org0
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://r3.i.lencr.org/0m
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://x1.c.lencr.org/0
|
unknown
|
||
|
http://x1.i.lencr.org/0
|
unknown
|
||
|
http://mail.oripam.xyz
|
unknown
|
||
|
http://oripam.xyz
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
oripam.xyz
|
185.56.136.50
|
|
|
|
mail.oripam.xyz
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.56.136.50
|
oripam.xyz
|
Malta
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{a75f0c4b-4286-c91f-a919-51680a016729}\Root\InventoryApplicationFile\heatexchanger-pd|cb1b9d6ef7174278
|
ProgramId
|
||
|
\REGISTRY\A\{a75f0c4b-4286-c91f-a919-51680a016729}\Root\InventoryApplicationFile\heatexchanger-pd|cb1b9d6ef7174278
|
FileId
|
||
|
\REGISTRY\A\{a75f0c4b-4286-c91f-a919-51680a016729}\Root\InventoryApplicationFile\heatexchanger-pd|cb1b9d6ef7174278
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{a75f0c4b-4286-c91f-a919-51680a016729}\Root\InventoryApplicationFile\heatexchanger-pd|cb1b9d6ef7174278
|
LongPathHash
|
||
|
\REGISTRY\A\{a75f0c4b-4286-c91f-a919-51680a016729}\Root\InventoryApplicationFile\heatexchanger-pd|cb1b9d6ef7174278
|
Name
|
||
|
\REGISTRY\A\{a75f0c4b-4286-c91f-a919-51680a016729}\Root\InventoryApplicationFile\heatexchanger-pd|cb1b9d6ef7174278
|
OriginalFileName
|
||
|
\REGISTRY\A\{a75f0c4b-4286-c91f-a919-51680a016729}\Root\InventoryApplicationFile\heatexchanger-pd|cb1b9d6ef7174278
|
Publisher
|
||
|
\REGISTRY\A\{a75f0c4b-4286-c91f-a919-51680a016729}\Root\InventoryApplicationFile\heatexchanger-pd|cb1b9d6ef7174278
|
Version
|
||
|
\REGISTRY\A\{a75f0c4b-4286-c91f-a919-51680a016729}\Root\InventoryApplicationFile\heatexchanger-pd|cb1b9d6ef7174278
|
BinFileVersion
|
||
|
\REGISTRY\A\{a75f0c4b-4286-c91f-a919-51680a016729}\Root\InventoryApplicationFile\heatexchanger-pd|cb1b9d6ef7174278
|
BinaryType
|
||
|
\REGISTRY\A\{a75f0c4b-4286-c91f-a919-51680a016729}\Root\InventoryApplicationFile\heatexchanger-pd|cb1b9d6ef7174278
|
ProductName
|
||
|
\REGISTRY\A\{a75f0c4b-4286-c91f-a919-51680a016729}\Root\InventoryApplicationFile\heatexchanger-pd|cb1b9d6ef7174278
|
ProductVersion
|
||
|
\REGISTRY\A\{a75f0c4b-4286-c91f-a919-51680a016729}\Root\InventoryApplicationFile\heatexchanger-pd|cb1b9d6ef7174278
|
LinkDate
|
||
|
\REGISTRY\A\{a75f0c4b-4286-c91f-a919-51680a016729}\Root\InventoryApplicationFile\heatexchanger-pd|cb1b9d6ef7174278
|
BinProductVersion
|
||
|
\REGISTRY\A\{a75f0c4b-4286-c91f-a919-51680a016729}\Root\InventoryApplicationFile\heatexchanger-pd|cb1b9d6ef7174278
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{a75f0c4b-4286-c91f-a919-51680a016729}\Root\InventoryApplicationFile\heatexchanger-pd|cb1b9d6ef7174278
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{a75f0c4b-4286-c91f-a919-51680a016729}\Root\InventoryApplicationFile\heatexchanger-pd|cb1b9d6ef7174278
|
Size
|
||
|
\REGISTRY\A\{a75f0c4b-4286-c91f-a919-51680a016729}\Root\InventoryApplicationFile\heatexchanger-pd|cb1b9d6ef7174278
|
Language
|
||
|
\REGISTRY\A\{a75f0c4b-4286-c91f-a919-51680a016729}\Root\InventoryApplicationFile\heatexchanger-pd|cb1b9d6ef7174278
|
Usn
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2EA1000
|
trusted library allocation
|
page read and write
|
|
|
|
23F0EF4D000
|
trusted library allocation
|
page read and write
|
|
|
|
2F19000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
23F1EB82000
|
trusted library allocation
|
page read and write
|
|
|
|
2EEE000
|
trusted library allocation
|
page read and write
|
|
|
|
7FF848ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849039000
|
trusted library allocation
|
page read and write
|
||
|
53AD000
|
trusted library allocation
|
page read and write
|
||
|
539E000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
4EA8000
|
trusted library allocation
|
page read and write
|
||
|
11D1000
|
heap
|
page read and write
|
||
|
7FF848EC6000
|
trusted library allocation
|
page read and write
|
||
|
23F0D240000
|
heap
|
page execute and read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F07000
|
trusted library allocation
|
page read and write
|
||
|
1136000
|
heap
|
page read and write
|
||
|
7FF849070000
|
trusted library allocation
|
page read and write
|
||
|
453AEFE000
|
stack
|
page read and write
|
||
|
6204000
|
heap
|
page read and write
|
||
|
14A2000
|
trusted library allocation
|
page read and write
|
||
|
6200000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
11C1000
|
heap
|
page read and write
|
||
|
5384000
|
trusted library allocation
|
page read and write
|
||
|
2F14000
|
trusted library allocation
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
5BA0000
|
trusted library allocation
|
page read and write
|
||
|
6208000
|
heap
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
54B0000
|
heap
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
23F0D2A0000
|
heap
|
page read and write
|
||
|
53FC000
|
stack
|
page read and write
|
||
|
7FF8490A0000
|
trusted library allocation
|
page read and write
|
||
|
63D7000
|
trusted library allocation
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
5BA6000
|
trusted library allocation
|
page read and write
|
||
|
7FF849050000
|
trusted library allocation
|
page read and write
|
||
|
5648000
|
trusted library allocation
|
page read and write
|
||
|
23F0D295000
|
heap
|
page read and write
|
||
|
5BFE000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
23F1EB71000
|
trusted library allocation
|
page read and write
|
||
|
23F0D210000
|
trusted library allocation
|
page read and write
|
||
|
23F0CEF2000
|
unkown
|
page readonly
|
||
|
7FF849090000
|
trusted library allocation
|
page read and write
|
||
|
23F0D223000
|
trusted library allocation
|
page read and write
|
||
|
579C000
|
stack
|
page read and write
|
||
|
23F0CF90000
|
heap
|
page read and write
|
||
|
1363000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
5BB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B20000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
23F0D05B000
|
heap
|
page read and write
|
||
|
5640000
|
trusted library allocation
|
page read and write
|
||
|
15C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
23F0CFF0000
|
heap
|
page read and write
|
||
|
14AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
23F0EB10000
|
heap
|
page execute and read and write
|
||
|
1496000
|
trusted library allocation
|
page execute and read and write
|
||
|
1492000
|
trusted library allocation
|
page read and write
|
||
|
453AFFE000
|
stack
|
page read and write
|
||
|
23F273C0000
|
heap
|
page read and write
|
||
|
23F0CFB0000
|
heap
|
page read and write
|
||
|
15BC000
|
stack
|
page read and write
|
||
|
5690000
|
heap
|
page execute and read and write
|
||
|
23F0D220000
|
trusted library allocation
|
page read and write
|
||
|
53B2000
|
trusted library allocation
|
page read and write
|
||
|
119B000
|
heap
|
page read and write
|
||
|
627F000
|
heap
|
page read and write
|
||
|
111F000
|
heap
|
page read and write
|
||
|
6220000
|
heap
|
page read and write
|
||
|
53A1000
|
trusted library allocation
|
page read and write
|
||
|
7FF849080000
|
trusted library allocation
|
page read and write
|
||
|
23F273D0000
|
heap
|
page read and write
|
||
|
23F0D01D000
|
heap
|
page read and write
|
||
|
1138000
|
heap
|
page read and write
|
||
|
1364000
|
trusted library allocation
|
page read and write
|
||
|
698E000
|
stack
|
page read and write
|
||
|
5670000
|
trusted library allocation
|
page read and write
|
||
|
23F27424000
|
heap
|
page read and write
|
||
|
453B4FE000
|
stack
|
page read and write
|
||
|
453B2FE000
|
stack
|
page read and write
|
||
|
23F0D072000
|
heap
|
page read and write
|
||
|
599E000
|
stack
|
page read and write
|
||
|
453B3FE000
|
stack
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
23F0D2A5000
|
heap
|
page read and write
|
||
|
23F0D1F0000
|
trusted library allocation
|
page read and write
|
||
|
23F274C0000
|
trusted library section
|
page read and write
|
||
|
F95000
|
heap
|
page read and write
|
||
|
23F0D05D000
|
heap
|
page read and write
|
||
|
7FF848E3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
538B000
|
trusted library allocation
|
page read and write
|
||
|
1480000
|
trusted library allocation
|
page read and write
|
||
|
2F20000
|
trusted library allocation
|
page read and write
|
||
|
6B10000
|
heap
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
1350000
|
trusted library allocation
|
page read and write
|
||
|
567C000
|
trusted library allocation
|
page read and write
|
||
|
2E9E000
|
stack
|
page read and write
|
||
|
112B000
|
heap
|
page read and write
|
||
|
5C3E000
|
stack
|
page read and write
|
||
|
7FF84905A000
|
trusted library allocation
|
page read and write
|
||
|
23F0CF80000
|
heap
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
23F0CEF0000
|
unkown
|
page readonly
|
||
|
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
55FE000
|
stack
|
page read and write
|
||
|
620A000
|
heap
|
page read and write
|
||
|
1530000
|
trusted library allocation
|
page read and write
|
||
|
23F0EB71000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E34000
|
trusted library allocation
|
page read and write
|
||
|
453B0FE000
|
stack
|
page read and write
|
||
|
7FF848E22000
|
trusted library allocation
|
page read and write
|
||
|
6263000
|
heap
|
page read and write
|
||
|
545E000
|
stack
|
page read and write
|
||
|
54C0000
|
heap
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
5380000
|
trusted library allocation
|
page read and write
|
||
|
3F0A000
|
trusted library allocation
|
page read and write
|
||
|
136D000
|
trusted library allocation
|
page execute and read and write
|
||
|
589F000
|
stack
|
page read and write
|
||
|
14A0000
|
trusted library allocation
|
page read and write
|
||
|
14A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
6AD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
149A000
|
trusted library allocation
|
page execute and read and write
|
||
|
23F27431000
|
heap
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EEC000
|
trusted library allocation
|
page read and write
|
||
|
3EC9000
|
trusted library allocation
|
page read and write
|
||
|
23F0EB60000
|
heap
|
page read and write
|
||
|
7FF849096000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E29000
|
trusted library allocation
|
page read and write
|
||
|
15F0000
|
heap
|
page read and write
|
||
|
7FF848E3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
23F0D250000
|
trusted library section
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849035000
|
trusted library allocation
|
page read and write
|
||
|
23F0CEFC000
|
unkown
|
page readonly
|
||
|
1360000
|
trusted library allocation
|
page read and write
|
||
|
23F26BA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF4ECF40000
|
trusted library allocation
|
page execute and read and write
|
||
|
E39000
|
stack
|
page read and write
|
||
|
658D000
|
stack
|
page read and write
|
||
|
5C40000
|
trusted library allocation
|
page execute and read and write
|
||
|
14A5000
|
trusted library allocation
|
page execute and read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
1520000
|
trusted library allocation
|
page read and write
|
||
|
23F27426000
|
heap
|
page read and write
|
||
|
5386000
|
trusted library allocation
|
page read and write
|
||
|
148D000
|
trusted library allocation
|
page execute and read and write
|
||
|
23F0D030000
|
heap
|
page read and write
|
||
|
5A9F000
|
stack
|
page read and write
|
||
|
23F0D033000
|
heap
|
page read and write
|
||
|
63E0000
|
trusted library allocation
|
page read and write
|
||
|
23F0D290000
|
heap
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
539A000
|
trusted library allocation
|
page read and write
|
||
|
453B5FD000
|
stack
|
page read and write
|
||
|
638D000
|
stack
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
453ABE3000
|
stack
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
503D000
|
stack
|
page read and write
|
||
|
15D0000
|
trusted library allocation
|
page read and write
|
||
|
23F0CFFC000
|
heap
|
page read and write
|
||
|
23F1EB78000
|
trusted library allocation
|
page read and write
|
||
|
23F273D5000
|
heap
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page read and write
|
||
|
53A6000
|
trusted library allocation
|
page read and write
|
||
|
3EA1000
|
trusted library allocation
|
page read and write
|
||
|
1108000
|
heap
|
page read and write
|
||
|
54B3000
|
heap
|
page read and write
|
||
|
63D0000
|
trusted library allocation
|
page read and write
|
||
|
23F1EB7D000
|
trusted library allocation
|
page read and write
|
||
|
5392000
|
trusted library allocation
|
page read and write
|
||
|
11CE000
|
heap
|
page read and write
|
||
|
538E000
|
trusted library allocation
|
page read and write
|
||
|
1490000
|
trusted library allocation
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
1510000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848ECC000
|
trusted library allocation
|
page execute and read and write
|
||
|
F39000
|
stack
|
page read and write
|
||
|
5680000
|
trusted library allocation
|
page read and write
|
||
|
688E000
|
stack
|
page read and write
|
||
|
1540000
|
heap
|
page execute and read and write
|
||
|
453B1FC000
|
stack
|
page read and write
|
||
|
1570000
|
heap
|
page read and write
|
||
|
7F5D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
23F0EC3B000
|
trusted library allocation
|
page read and write
|
||
|
6251000
|
heap
|
page read and write
|
||
|
549E000
|
stack
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
23F273E1000
|
heap
|
page read and write
|
||
|
23F0CFD0000
|
heap
|
page read and write
|
||
|
6AF0000
|
heap
|
page read and write
|
||
|
7FF848FF5000
|
trusted library allocation
|
page read and write
|
||
|
150E000
|
stack
|
page read and write
|
There are 198 hidden memdumps, click here to show them.