Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
rPaymentAdvice-PDF.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rPaymentAdvice-P_7067ea40173c6bca932f69650b72adac4cc52d8_897d0994_fa2abc5b-2323-451c-b16b-90c9e3ef8be0\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER183.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1C2.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFFAD.tmp.dmp
|
Mini DuMP crash report, 16 streams, Tue Jun 11 17:47:10 2024, 0x1205a4 type
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\rPaymentAdvice-PDF.exe
|
"C:\Users\user\Desktop\rPaymentAdvice-PDF.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
|
|
|
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 3620 -s 1152
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://r3.o.lencr.org0
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://mail.motek.ro
|
unknown
|
||
|
http://motek.ro
|
unknown
|
||
|
http://x1.c.lencr.org/0
|
unknown
|
||
|
http://x1.i.lencr.org/0
|
unknown
|
||
|
http://r3.i.lencr.org/0
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
motek.ro
|
212.146.84.76
|
|
|
|
mail.motek.ro
|
unknown
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
212.146.84.76
|
motek.ro
|
Romania
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{d14f91d3-7955-cc26-4494-dcc74e61390d}\Root\InventoryApplicationFile\rpaymentadvice-p|2bfeb6be1cdfc83d
|
ProgramId
|
||
|
\REGISTRY\A\{d14f91d3-7955-cc26-4494-dcc74e61390d}\Root\InventoryApplicationFile\rpaymentadvice-p|2bfeb6be1cdfc83d
|
FileId
|
||
|
\REGISTRY\A\{d14f91d3-7955-cc26-4494-dcc74e61390d}\Root\InventoryApplicationFile\rpaymentadvice-p|2bfeb6be1cdfc83d
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{d14f91d3-7955-cc26-4494-dcc74e61390d}\Root\InventoryApplicationFile\rpaymentadvice-p|2bfeb6be1cdfc83d
|
LongPathHash
|
||
|
\REGISTRY\A\{d14f91d3-7955-cc26-4494-dcc74e61390d}\Root\InventoryApplicationFile\rpaymentadvice-p|2bfeb6be1cdfc83d
|
Name
|
||
|
\REGISTRY\A\{d14f91d3-7955-cc26-4494-dcc74e61390d}\Root\InventoryApplicationFile\rpaymentadvice-p|2bfeb6be1cdfc83d
|
OriginalFileName
|
||
|
\REGISTRY\A\{d14f91d3-7955-cc26-4494-dcc74e61390d}\Root\InventoryApplicationFile\rpaymentadvice-p|2bfeb6be1cdfc83d
|
Publisher
|
||
|
\REGISTRY\A\{d14f91d3-7955-cc26-4494-dcc74e61390d}\Root\InventoryApplicationFile\rpaymentadvice-p|2bfeb6be1cdfc83d
|
Version
|
||
|
\REGISTRY\A\{d14f91d3-7955-cc26-4494-dcc74e61390d}\Root\InventoryApplicationFile\rpaymentadvice-p|2bfeb6be1cdfc83d
|
BinFileVersion
|
||
|
\REGISTRY\A\{d14f91d3-7955-cc26-4494-dcc74e61390d}\Root\InventoryApplicationFile\rpaymentadvice-p|2bfeb6be1cdfc83d
|
BinaryType
|
||
|
\REGISTRY\A\{d14f91d3-7955-cc26-4494-dcc74e61390d}\Root\InventoryApplicationFile\rpaymentadvice-p|2bfeb6be1cdfc83d
|
ProductName
|
||
|
\REGISTRY\A\{d14f91d3-7955-cc26-4494-dcc74e61390d}\Root\InventoryApplicationFile\rpaymentadvice-p|2bfeb6be1cdfc83d
|
ProductVersion
|
||
|
\REGISTRY\A\{d14f91d3-7955-cc26-4494-dcc74e61390d}\Root\InventoryApplicationFile\rpaymentadvice-p|2bfeb6be1cdfc83d
|
LinkDate
|
||
|
\REGISTRY\A\{d14f91d3-7955-cc26-4494-dcc74e61390d}\Root\InventoryApplicationFile\rpaymentadvice-p|2bfeb6be1cdfc83d
|
BinProductVersion
|
||
|
\REGISTRY\A\{d14f91d3-7955-cc26-4494-dcc74e61390d}\Root\InventoryApplicationFile\rpaymentadvice-p|2bfeb6be1cdfc83d
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{d14f91d3-7955-cc26-4494-dcc74e61390d}\Root\InventoryApplicationFile\rpaymentadvice-p|2bfeb6be1cdfc83d
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{d14f91d3-7955-cc26-4494-dcc74e61390d}\Root\InventoryApplicationFile\rpaymentadvice-p|2bfeb6be1cdfc83d
|
Size
|
||
|
\REGISTRY\A\{d14f91d3-7955-cc26-4494-dcc74e61390d}\Root\InventoryApplicationFile\rpaymentadvice-p|2bfeb6be1cdfc83d
|
Language
|
||
|
\REGISTRY\A\{d14f91d3-7955-cc26-4494-dcc74e61390d}\Root\InventoryApplicationFile\rpaymentadvice-p|2bfeb6be1cdfc83d
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
There are 13 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
24E00385000
|
trusted library allocation
|
page read and write
|
|
|
|
2BE1000
|
trusted library allocation
|
page read and write
|
|
|
|
2C59000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
24E10C79000
|
trusted library allocation
|
page read and write
|
|
|
|
24E1028F000
|
trusted library allocation
|
page read and write
|
|
|
|
623E000
|
stack
|
page read and write
|
||
|
B947EFD000
|
stack
|
page read and write
|
||
|
615E000
|
stack
|
page read and write
|
||
|
24E6C520000
|
trusted library allocation
|
page read and write
|
||
|
24E6C2A0000
|
heap
|
page read and write
|
||
|
24E6C570000
|
heap
|
page read and write
|
||
|
7FFD34560000
|
trusted library allocation
|
page read and write
|
||
|
51B3000
|
heap
|
page read and write
|
||
|
50D2000
|
trusted library allocation
|
page read and write
|
||
|
FFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34562000
|
trusted library allocation
|
page read and write
|
||
|
E78000
|
heap
|
page read and write
|
||
|
2C47000
|
trusted library allocation
|
page read and write
|
||
|
E5F000
|
heap
|
page read and write
|
||
|
24E6E7A0000
|
heap
|
page read and write
|
||
|
573C000
|
trusted library allocation
|
page read and write
|
||
|
24E6C310000
|
heap
|
page read and write
|
||
|
2A4E000
|
stack
|
page read and write
|
||
|
24E6C382000
|
heap
|
page read and write
|
||
|
7FFD34580000
|
trusted library allocation
|
page read and write
|
||
|
B9481FF000
|
stack
|
page read and write
|
||
|
6247000
|
trusted library allocation
|
page read and write
|
||
|
516C000
|
stack
|
page read and write
|
||
|
24E10008000
|
trusted library allocation
|
page read and write
|
||
|
5260000
|
heap
|
page execute and read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
5760000
|
trusted library allocation
|
page execute and read and write
|
||
|
E76000
|
heap
|
page read and write
|
||
|
5E1E000
|
stack
|
page read and write
|
||
|
B9483FD000
|
stack
|
page read and write
|
||
|
24E6C33A000
|
heap
|
page read and write
|
||
|
523E000
|
stack
|
page read and write
|
||
|
50C4000
|
trusted library allocation
|
page read and write
|
||
|
29DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5750000
|
trusted library allocation
|
page read and write
|
||
|
29CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
29C0000
|
trusted library allocation
|
page read and write
|
||
|
2A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
24E6C5E5000
|
heap
|
page read and write
|
||
|
7FFD34720000
|
trusted library allocation
|
page execute and read and write
|
||
|
24E6C290000
|
heap
|
page read and write
|
||
|
2BBF000
|
stack
|
page read and write
|
||
|
50C6000
|
trusted library allocation
|
page read and write
|
||
|
24E6C7A0000
|
heap
|
page read and write
|
||
|
7FFD34584000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3458B000
|
trusted library allocation
|
page execute and read and write
|
||
|
29D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BD0000
|
heap
|
page execute and read and write
|
||
|
EC1000
|
heap
|
page read and write
|
||
|
CF8000
|
stack
|
page read and write
|
||
|
2C55000
|
trusted library allocation
|
page read and write
|
||
|
5F22000
|
heap
|
page read and write
|
||
|
556F000
|
stack
|
page read and write
|
||
|
29E2000
|
trusted library allocation
|
page read and write
|
||
|
2AA0000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
24E6E7D0000
|
heap
|
page read and write
|
||
|
3C09000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
51A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3457D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF45A550000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34760000
|
trusted library allocation
|
page read and write
|
||
|
5740000
|
trusted library allocation
|
page read and write
|
||
|
B947DFE000
|
stack
|
page read and write
|
||
|
24E6FA7B000
|
heap
|
page read and write
|
||
|
E84000
|
heap
|
page read and write
|
||
|
5100000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
29EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
E6B000
|
heap
|
page read and write
|
||
|
51A8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34680000
|
trusted library allocation
|
page execute and read and write
|
||
|
24E6FA1C000
|
heap
|
page read and write
|
||
|
5F40000
|
heap
|
page read and write
|
||
|
FF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
24E6EA00000
|
heap
|
page read and write
|
||
|
7FFD34772000
|
trusted library allocation
|
page read and write
|
||
|
61FF000
|
stack
|
page read and write
|
||
|
24E6E7C0000
|
heap
|
page execute and read and write
|
||
|
7FFD3458D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D7D000
|
stack
|
page read and write
|
||
|
24E6E803000
|
heap
|
page read and write
|
||
|
7FFD34730000
|
trusted library allocation
|
page read and write
|
||
|
24E6C37C000
|
heap
|
page read and write
|
||
|
24E6E6A0000
|
heap
|
page read and write
|
||
|
24E6EA05000
|
heap
|
page read and write
|
||
|
FF4000
|
trusted library allocation
|
page read and write
|
||
|
56AD000
|
stack
|
page read and write
|
||
|
ED7000
|
heap
|
page read and write
|
||
|
24E6FCC0000
|
trusted library section
|
page read and write
|
||
|
566E000
|
stack
|
page read and write
|
||
|
E05000
|
heap
|
page read and write
|
||
|
24E6C37A000
|
heap
|
page read and write
|
||
|
29E5000
|
trusted library allocation
|
page execute and read and write
|
||
|
24E6C5C0000
|
heap
|
page read and write
|
||
|
50F2000
|
trusted library allocation
|
page read and write
|
||
|
B9480FE000
|
stack
|
page read and write
|
||
|
50E1000
|
trusted library allocation
|
page read and write
|
||
|
24E6C5E0000
|
heap
|
page read and write
|
||
|
24E6FA10000
|
heap
|
page read and write
|
||
|
7FFD34620000
|
trusted library allocation
|
page execute and read and write
|
||
|
6160000
|
trusted library allocation
|
page execute and read and write
|
||
|
50DE000
|
trusted library allocation
|
page read and write
|
||
|
24E6C2E0000
|
heap
|
page read and write
|
||
|
3C46000
|
trusted library allocation
|
page read and write
|
||
|
2A8C000
|
stack
|
page read and write
|
||
|
24E6FA17000
|
heap
|
page read and write
|
||
|
7FFD3461C000
|
trusted library allocation
|
page execute and read and write
|
||
|
69D0000
|
heap
|
page read and write
|
||
|
5270000
|
heap
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
24E6C2C0000
|
heap
|
page read and write
|
||
|
50ED000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34770000
|
trusted library allocation
|
page read and write
|
||
|
B9482FF000
|
stack
|
page read and write
|
||
|
24E6DEF0000
|
trusted library allocation
|
page read and write
|
||
|
673E000
|
stack
|
page read and write
|
||
|
7FFD34570000
|
trusted library allocation
|
page read and write
|
||
|
69B0000
|
heap
|
page read and write
|
||
|
5F26000
|
heap
|
page read and write
|
||
|
24E6C7A5000
|
heap
|
page read and write
|
||
|
2BC0000
|
trusted library allocation
|
page read and write
|
||
|
24E6E800000
|
heap
|
page read and write
|
||
|
51B0000
|
heap
|
page read and write
|
||
|
2C61000
|
trusted library allocation
|
page read and write
|
||
|
6980000
|
trusted library allocation
|
page read and write
|
||
|
6250000
|
trusted library allocation
|
page read and write
|
||
|
63FD000
|
stack
|
page read and write
|
||
|
9A9000
|
stack
|
page read and write
|
||
|
29D0000
|
trusted library allocation
|
page read and write
|
||
|
ECF000
|
heap
|
page read and write
|
||
|
7FFD345BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
24E10001000
|
trusted library allocation
|
page read and write
|
||
|
5F20000
|
heap
|
page read and write
|
||
|
7FFD34710000
|
trusted library allocation
|
page read and write
|
||
|
3BE1000
|
trusted library allocation
|
page read and write
|
||
|
E48000
|
heap
|
page read and write
|
||
|
24E6C202000
|
unkown
|
page readonly
|
||
|
7FFD34563000
|
trusted library allocation
|
page execute and read and write
|
||
|
50E6000
|
trusted library allocation
|
page read and write
|
||
|
E7D000
|
heap
|
page read and write
|
||
|
4BE8000
|
trusted library allocation
|
page read and write
|
||
|
F0D000
|
heap
|
page read and write
|
||
|
51FE000
|
stack
|
page read and write
|
||
|
683F000
|
stack
|
page read and write
|
||
|
50DA000
|
trusted library allocation
|
page read and write
|
||
|
24E6E690000
|
heap
|
page read and write
|
||
|
24E6E890000
|
heap
|
page read and write
|
||
|
FEDF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24E6C530000
|
trusted library allocation
|
page read and write
|
||
|
24E6C200000
|
unkown
|
page readonly
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
5F4E000
|
heap
|
page read and write
|
||
|
7FFD34750000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3456D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34564000
|
trusted library allocation
|
page read and write
|
||
|
B947FFD000
|
stack
|
page read and write
|
||
|
24E00001000
|
trusted library allocation
|
page read and write
|
||
|
EE7000
|
heap
|
page read and write
|
||
|
24E10011000
|
trusted library allocation
|
page read and write
|
||
|
5110000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34616000
|
trusted library allocation
|
page read and write
|
||
|
69C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
B9477A1000
|
stack
|
page read and write
|
||
|
6240000
|
trusted library allocation
|
page read and write
|
||
|
24E6C351000
|
heap
|
page read and write
|
||
|
29E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
24E6C5B0000
|
heap
|
page read and write
|
||
|
24E6C31C000
|
heap
|
page read and write
|
||
|
24E6C533000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34610000
|
trusted library allocation
|
page read and write
|
||
|
24E6FA21000
|
heap
|
page read and write
|
||
|
24E6C34F000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
24E6C387000
|
heap
|
page read and write
|
||
|
24E000D3000
|
trusted library allocation
|
page read and write
|
||
|
24E6C5B9000
|
heap
|
page read and write
|
||
|
B947CFF000
|
stack
|
page read and write
|
||
|
24E6FA1A000
|
heap
|
page read and write
|
||
|
7FFD34646000
|
trusted library allocation
|
page execute and read and write
|
||
|
5730000
|
trusted library allocation
|
page read and write
|
||
|
2A00000
|
trusted library allocation
|
page read and write
|
||
|
50C0000
|
trusted library allocation
|
page read and write
|
||
|
FF0000
|
trusted library allocation
|
page read and write
|
||
|
B947AFF000
|
stack
|
page read and write
|
||
|
24E6DEB0000
|
heap
|
page execute and read and write
|
||
|
546C000
|
stack
|
page read and write
|
||
|
24E6C5A0000
|
trusted library section
|
page readonly
|
||
|
24E00077000
|
trusted library allocation
|
page read and write
|
||
|
50CB000
|
trusted library allocation
|
page read and write
|
||
|
29D2000
|
trusted library allocation
|
page read and write
|
||
|
29E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3471B000
|
trusted library allocation
|
page read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
7FFD34572000
|
trusted library allocation
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
7FFD34700000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34780000
|
trusted library allocation
|
page execute and read and write
|
||
|
50CE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34742000
|
trusted library allocation
|
page read and write
|
||
|
B947BFE000
|
stack
|
page read and write
|
||
|
5F7B000
|
heap
|
page read and write
|
||
|
24E6C500000
|
trusted library allocation
|
page read and write
|
||
|
5756000
|
trusted library allocation
|
page read and write
|
There are 202 hidden memdumps, click here to show them.