Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
AWB DHL#40882993049403.pdf.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AWB DHL#40882993049403.pdf.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\AWB DHL#40882993049403.pdf.exe
|
"C:\Users\user\Desktop\AWB DHL#40882993049403.pdf.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://mail.elektronikkutu.com
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://www.chiark.greenend.org.uk/~sgtatham/putty/0
|
unknown
|
||
|
http://mx-out05.natrohost.com
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
http://ip-api.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mx-out05.natrohost.com
|
94.73.188.44
|
|
|
|
ip-api.com
|
208.95.112.1
|
|
|
|
mail.elektronikkutu.com
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
|
|
|
94.73.188.44
|
mx-out05.natrohost.com
|
Turkey
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3151000
|
trusted library allocation
|
page read and write
|
|
|
|
3184000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
317E000
|
trusted library allocation
|
page read and write
|
|
|
|
3F01000
|
trusted library allocation
|
page read and write
|
|
|
|
5440000
|
trusted library allocation
|
page read and write
|
||
|
56F0000
|
heap
|
page read and write
|
||
|
5621000
|
trusted library allocation
|
page read and write
|
||
|
1720000
|
trusted library allocation
|
page read and write
|
||
|
2EFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F62000
|
trusted library allocation
|
page read and write
|
||
|
6B4B000
|
trusted library allocation
|
page read and write
|
||
|
57FD000
|
stack
|
page read and write
|
||
|
7E80000
|
trusted library allocation
|
page execute and read and write
|
||
|
1443000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B7E000
|
stack
|
page read and write
|
||
|
BEA000
|
stack
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
134E000
|
stack
|
page read and write
|
||
|
FC9000
|
stack
|
page read and write
|
||
|
5412000
|
trusted library allocation
|
page read and write
|
||
|
1460000
|
trusted library allocation
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
569B000
|
stack
|
page read and write
|
||
|
6A40000
|
trusted library allocation
|
page execute and read and write
|
||
|
1462000
|
trusted library allocation
|
page read and write
|
||
|
ECA000
|
stack
|
page read and write
|
||
|
61C0000
|
heap
|
page read and write
|
||
|
4823000
|
trusted library allocation
|
page read and write
|
||
|
1440000
|
trusted library allocation
|
page read and write
|
||
|
64BE000
|
stack
|
page read and write
|
||
|
560E000
|
trusted library allocation
|
page read and write
|
||
|
2EBE000
|
trusted library allocation
|
page read and write
|
||
|
5355000
|
trusted library allocation
|
page read and write
|
||
|
2D20000
|
trusted library allocation
|
page read and write
|
||
|
15BE000
|
stack
|
page read and write
|
||
|
6500000
|
trusted library allocation
|
page read and write
|
||
|
687F000
|
stack
|
page read and write
|
||
|
2EF2000
|
trusted library allocation
|
page read and write
|
||
|
5810000
|
heap
|
page read and write
|
||
|
53D2000
|
trusted library allocation
|
page read and write
|
||
|
57D0000
|
heap
|
page read and write
|
||
|
2F05000
|
trusted library allocation
|
page execute and read and write
|
||
|
622F000
|
heap
|
page read and write
|
||
|
EF7000
|
stack
|
page read and write
|
||
|
147B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1480000
|
heap
|
page read and write
|
||
|
6202000
|
heap
|
page read and write
|
||
|
2F01000
|
trusted library allocation
|
page read and write
|
||
|
5830000
|
heap
|
page read and write
|
||
|
10CA000
|
heap
|
page read and write
|
||
|
1472000
|
trusted library allocation
|
page read and write
|
||
|
96DE000
|
stack
|
page read and write
|
||
|
14A7000
|
heap
|
page read and write
|
||
|
5D80000
|
heap
|
page read and write
|
||
|
5612000
|
trusted library allocation
|
page read and write
|
||
|
1488000
|
heap
|
page read and write
|
||
|
140E000
|
stack
|
page read and write
|
||
|
6552000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page execute and read and write
|
||
|
1453000
|
trusted library allocation
|
page read and write
|
||
|
63FF000
|
stack
|
page read and write
|
||
|
6B30000
|
trusted library allocation
|
page read and write
|
||
|
57AC000
|
stack
|
page read and write
|
||
|
FDE000
|
stack
|
page read and write
|
||
|
62FE000
|
stack
|
page read and write
|
||
|
144D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F00000
|
trusted library allocation
|
page read and write
|
||
|
2F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
5650000
|
heap
|
page execute and read and write
|
||
|
7C7E000
|
stack
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
52BD000
|
stack
|
page read and write
|
||
|
6CEE000
|
stack
|
page read and write
|
||
|
1716000
|
heap
|
page read and write
|
||
|
109B000
|
heap
|
page read and write
|
||
|
4189000
|
trusted library allocation
|
page read and write
|
||
|
5650000
|
heap
|
page read and write
|
||
|
318C000
|
trusted library allocation
|
page read and write
|
||
|
104E000
|
heap
|
page read and write
|
||
|
2FE0000
|
trusted library allocation
|
page read and write
|
||
|
145D000
|
trusted library allocation
|
page execute and read and write
|
||
|
64C0000
|
trusted library section
|
page read and write
|
||
|
112E000
|
heap
|
page read and write
|
||
|
53E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5470000
|
heap
|
page read and write
|
||
|
2F0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
A372000
|
trusted library allocation
|
page read and write
|
||
|
14FA000
|
heap
|
page read and write
|
||
|
4149000
|
trusted library allocation
|
page read and write
|
||
|
3192000
|
trusted library allocation
|
page read and write
|
||
|
1450000
|
trusted library allocation
|
page read and write
|
||
|
14AA000
|
heap
|
page read and write
|
||
|
84DE000
|
stack
|
page read and write
|
||
|
68BE000
|
stack
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
2F07000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B2E000
|
stack
|
page read and write
|
||
|
56F5000
|
heap
|
page read and write
|
||
|
14B5000
|
heap
|
page read and write
|
||
|
2F9E000
|
stack
|
page read and write
|
||
|
6D6E000
|
stack
|
page read and write
|
||
|
1069000
|
heap
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
57D4000
|
heap
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
5428000
|
trusted library allocation
|
page read and write
|
||
|
5448000
|
trusted library allocation
|
page read and write
|
||
|
53C0000
|
heap
|
page read and write
|
||
|
5450000
|
trusted library allocation
|
page read and write
|
||
|
3154000
|
trusted library allocation
|
page read and write
|
||
|
172D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E90000
|
trusted library allocation
|
page read and write
|
||
|
7ECE000
|
stack
|
page read and write
|
||
|
6236000
|
heap
|
page read and write
|
||
|
1547000
|
heap
|
page read and write
|
||
|
3121000
|
trusted library allocation
|
page read and write
|
||
|
53F0000
|
trusted library allocation
|
page read and write
|
||
|
5460000
|
trusted library allocation
|
page read and write
|
||
|
2F40000
|
trusted library allocation
|
page read and write
|
||
|
5620000
|
trusted library section
|
page readonly
|
||
|
2F20000
|
trusted library allocation
|
page read and write
|
||
|
5632000
|
trusted library allocation
|
page read and write
|
||
|
317A000
|
trusted library allocation
|
page read and write
|
||
|
5340000
|
trusted library allocation
|
page read and write
|
||
|
328F000
|
trusted library allocation
|
page read and write
|
||
|
5FE0000
|
heap
|
page read and write
|
||
|
1477000
|
trusted library allocation
|
page execute and read and write
|
||
|
69E7000
|
trusted library allocation
|
page read and write
|
||
|
3198000
|
trusted library allocation
|
page read and write
|
||
|
562D000
|
trusted library allocation
|
page read and write
|
||
|
5435000
|
trusted library allocation
|
page read and write
|
||
|
56A0000
|
heap
|
page read and write
|
||
|
647F000
|
stack
|
page read and write
|
||
|
5A1E000
|
stack
|
page read and write
|
||
|
5415000
|
trusted library allocation
|
page read and write
|
||
|
56B0000
|
trusted library allocation
|
page read and write
|
||
|
5630000
|
heap
|
page read and write
|
||
|
2D10000
|
trusted library allocation
|
page read and write
|
||
|
56D0000
|
trusted library allocation
|
page read and write
|
||
|
64E0000
|
trusted library section
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
4FFB000
|
stack
|
page read and write
|
||
|
98DE000
|
stack
|
page read and write
|
||
|
2EF0000
|
heap
|
page execute and read and write
|
||
|
658F000
|
heap
|
page read and write
|
||
|
A60000
|
unkown
|
page readonly
|
||
|
56C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
2EED000
|
trusted library allocation
|
page execute and read and write
|
||
|
1521000
|
heap
|
page read and write
|
||
|
1730000
|
heap
|
page read and write
|
||
|
130E000
|
stack
|
page read and write
|
||
|
69E0000
|
trusted library allocation
|
page read and write
|
||
|
69C0000
|
trusted library allocation
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
2EAB000
|
trusted library allocation
|
page read and write
|
||
|
2C8E000
|
stack
|
page read and write
|
||
|
6ED0000
|
trusted library allocation
|
page read and write
|
||
|
7B3E000
|
stack
|
page read and write
|
||
|
1490000
|
trusted library allocation
|
page read and write
|
||
|
7F080000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D7D000
|
stack
|
page read and write
|
||
|
1700000
|
trusted library allocation
|
page read and write
|
||
|
58DC000
|
stack
|
page read and write
|
||
|
14B8000
|
heap
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
1558000
|
heap
|
page read and write
|
||
|
2EE0000
|
trusted library allocation
|
page read and write
|
||
|
53F4000
|
trusted library allocation
|
page read and write
|
||
|
1466000
|
trusted library allocation
|
page execute and read and write
|
||
|
543F000
|
trusted library allocation
|
page read and write
|
||
|
6540000
|
heap
|
page read and write
|
||
|
1085000
|
heap
|
page read and write
|
||
|
59DD000
|
stack
|
page read and write
|
||
|
149E000
|
heap
|
page read and write
|
||
|
2D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EC1000
|
trusted library allocation
|
page read and write
|
||
|
F95000
|
heap
|
page read and write
|
||
|
8560000
|
trusted library section
|
page read and write
|
||
|
5473000
|
heap
|
page read and write
|
||
|
2EF0000
|
trusted library allocation
|
page read and write
|
||
|
1444000
|
trusted library allocation
|
page read and write
|
||
|
69BE000
|
stack
|
page read and write
|
||
|
2E4E000
|
stack
|
page read and write
|
||
|
6EE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
855E000
|
stack
|
page read and write
|
||
|
7F0E000
|
stack
|
page read and write
|
||
|
5600000
|
trusted library allocation
|
page read and write
|
||
|
6F00000
|
heap
|
page read and write
|
||
|
5A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
1430000
|
trusted library allocation
|
page read and write
|
||
|
2ECD000
|
trusted library allocation
|
page read and write
|
||
|
6A2D000
|
stack
|
page read and write
|
||
|
2FDC000
|
stack
|
page read and write
|
||
|
2EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1710000
|
heap
|
page read and write
|
||
|
319C000
|
trusted library allocation
|
page read and write
|
||
|
5626000
|
trusted library allocation
|
page read and write
|
||
|
2F02000
|
trusted library allocation
|
page read and write
|
||
|
560B000
|
trusted library allocation
|
page read and write
|
||
|
6EF0000
|
heap
|
page read and write
|
||
|
3000000
|
trusted library allocation
|
page read and write
|
||
|
16BE000
|
stack
|
page read and write
|
||
|
6AEF000
|
stack
|
page read and write
|
||
|
5410000
|
trusted library allocation
|
page read and write
|
||
|
6B40000
|
trusted library allocation
|
page read and write
|
||
|
101D000
|
stack
|
page read and write
|
||
|
6A30000
|
trusted library allocation
|
page read and write
|
||
|
5760000
|
heap
|
page execute and read and write
|
||
|
561E000
|
trusted library allocation
|
page read and write
|
||
|
5430000
|
trusted library allocation
|
page read and write
|
||
|
6D2E000
|
stack
|
page read and write
|
||
|
16C0000
|
heap
|
page read and write
|
||
|
2E8C000
|
stack
|
page read and write
|
||
|
2FF4000
|
trusted library allocation
|
page read and write
|
||
|
2F4D000
|
trusted library allocation
|
page read and write
|
||
|
1723000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EE0000
|
trusted library allocation
|
page read and write
|
||
|
541D000
|
trusted library allocation
|
page read and write
|
||
|
1077000
|
heap
|
page read and write
|
||
|
5350000
|
trusted library allocation
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
5419000
|
trusted library allocation
|
page read and write
|
||
|
97DE000
|
stack
|
page read and write
|
||
|
1082000
|
heap
|
page read and write
|
||
|
A62000
|
unkown
|
page readonly
|
||
|
145E000
|
stack
|
page read and write
|
||
|
311F000
|
stack
|
page read and write
|
||
|
69C8000
|
trusted library allocation
|
page read and write
|
||
|
6DAE000
|
stack
|
page read and write
|
||
|
2EA0000
|
trusted library allocation
|
page read and write
|
||
|
1724000
|
trusted library allocation
|
page read and write
|
||
|
6A50000
|
trusted library allocation
|
page execute and read and write
|
||
|
5800000
|
heap
|
page read and write
|
||
|
5640000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
6508000
|
trusted library allocation
|
page read and write
|
||
|
2FF0000
|
trusted library allocation
|
page read and write
|
||
|
6EAD000
|
stack
|
page read and write
|
||
|
851E000
|
stack
|
page read and write
|
||
|
1470000
|
trusted library allocation
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
69DD000
|
trusted library allocation
|
page read and write
|
||
|
4121000
|
trusted library allocation
|
page read and write
|
||
|
621A000
|
heap
|
page read and write
|
||
|
2D00000
|
trusted library section
|
page read and write
|
||
|
5380000
|
trusted library allocation
|
page read and write
|
||
|
543A000
|
trusted library allocation
|
page read and write
|
||
|
69D0000
|
trusted library allocation
|
page read and write
|
||
|
5128000
|
trusted library allocation
|
page read and write
|
||
|
317C000
|
trusted library allocation
|
page read and write
|
||
|
6A37000
|
trusted library allocation
|
page read and write
|
||
|
146A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F160000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EC6000
|
trusted library allocation
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
643E000
|
stack
|
page read and write
|
||
|
64F0000
|
trusted library allocation
|
page read and write
|
||
|
1355000
|
heap
|
page read and write
|
There are 252 hidden memdumps, click here to show them.