Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\resharpen
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe
|
"C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://account.dyn.com/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
http://ip-api.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ip-api.com
|
208.95.112.1
|
|
|
|
198.187.3.20.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
502000
|
system
|
page execute and read and write
|
|
|
|
4240000
|
direct allocation
|
page read and write
|
|
|
|
4AB000
|
unkown
|
page readonly
|
||
|
482D000
|
direct allocation
|
page read and write
|
||
|
4683000
|
direct allocation
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
3D9A000
|
heap
|
page read and write
|
||
|
24D2000
|
trusted library allocation
|
page read and write
|
||
|
24C0000
|
trusted library allocation
|
page read and write
|
||
|
2450000
|
heap
|
page execute and read and write
|
||
|
24CE000
|
trusted library allocation
|
page read and write
|
||
|
B08000
|
trusted library allocation
|
page read and write
|
||
|
2606000
|
trusted library allocation
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
AFE000
|
stack
|
page read and write
|
||
|
2614000
|
trusted library allocation
|
page read and write
|
||
|
9A4000
|
heap
|
page read and write
|
||
|
24DE000
|
trusted library allocation
|
page read and write
|
||
|
4560000
|
direct allocation
|
page read and write
|
||
|
5BCE000
|
stack
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
5804000
|
heap
|
page read and write
|
||
|
3E09000
|
heap
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
970000
|
trusted library allocation
|
page read and write
|
||
|
5C00000
|
trusted library allocation
|
page read and write
|
||
|
4683000
|
direct allocation
|
page read and write
|
||
|
489E000
|
direct allocation
|
page read and write
|
||
|
558000
|
heap
|
page read and write
|
||
|
CCA000
|
heap
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
5BF0000
|
trusted library allocation
|
page read and write
|
||
|
263C000
|
trusted library allocation
|
page read and write
|
||
|
61F000
|
heap
|
page read and write
|
||
|
489E000
|
direct allocation
|
page read and write
|
||
|
3529000
|
trusted library allocation
|
page read and write
|
||
|
57A000
|
heap
|
page read and write
|
||
|
952000
|
trusted library allocation
|
page read and write
|
||
|
3D76000
|
heap
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
3E41000
|
heap
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
489E000
|
direct allocation
|
page read and write
|
||
|
24E1000
|
trusted library allocation
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
482D000
|
direct allocation
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
3BDC000
|
heap
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
940000
|
trusted library allocation
|
page read and write
|
||
|
25EC000
|
trusted library allocation
|
page read and write
|
||
|
500000
|
system
|
page execute and read and write
|
||
|
CC7000
|
heap
|
page read and write
|
||
|
2610000
|
trusted library allocation
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
579C000
|
heap
|
page read and write
|
||
|
57B0000
|
heap
|
page read and write
|
||
|
489E000
|
direct allocation
|
page read and write
|
||
|
3C40000
|
heap
|
page read and write
|
||
|
3549000
|
trusted library allocation
|
page read and write
|
||
|
4683000
|
direct allocation
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
25FE000
|
trusted library allocation
|
page read and write
|
||
|
2636000
|
trusted library allocation
|
page read and write
|
||
|
482D000
|
direct allocation
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
9D5000
|
heap
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
585000
|
heap
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
4560000
|
direct allocation
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
946000
|
trusted library allocation
|
page execute and read and write
|
||
|
4683000
|
direct allocation
|
page read and write
|
||
|
4DAE000
|
stack
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
5BE7000
|
trusted library allocation
|
page read and write
|
||
|
93E000
|
stack
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
2500000
|
trusted library allocation
|
page read and write
|
||
|
4A60000
|
trusted library allocation
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
3CDF000
|
heap
|
page read and write
|
||
|
C8E000
|
heap
|
page read and write
|
||
|
A8E000
|
stack
|
page read and write
|
||
|
3F34000
|
heap
|
page read and write
|
||
|
4683000
|
direct allocation
|
page read and write
|
||
|
4B20000
|
heap
|
page execute and read and write
|
||
|
8AF000
|
stack
|
page read and write
|
||
|
5BD7000
|
trusted library allocation
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
5BE0000
|
trusted library allocation
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
4829000
|
direct allocation
|
page read and write
|
||
|
920000
|
trusted library allocation
|
page read and write
|
||
|
5BD0000
|
trusted library allocation
|
page read and write
|
||
|
507E000
|
stack
|
page read and write
|
||
|
3CF8000
|
heap
|
page read and write
|
||
|
24E6000
|
trusted library allocation
|
page read and write
|
||
|
249C000
|
stack
|
page read and write
|
||
|
CC7000
|
heap
|
page read and write
|
||
|
4829000
|
direct allocation
|
page read and write
|
||
|
4EED000
|
stack
|
page read and write
|
||
|
5E9000
|
heap
|
page read and write
|
||
|
4829000
|
direct allocation
|
page read and write
|
||
|
4829000
|
direct allocation
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
4FEE000
|
stack
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
2510000
|
heap
|
page read and write
|
||
|
42F8000
|
heap
|
page read and write
|
||
|
5030000
|
heap
|
page read and write
|
||
|
580E000
|
heap
|
page read and write
|
||
|
8B4000
|
stack
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
5C10000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
89F000
|
stack
|
page read and write
|
||
|
5ACE000
|
stack
|
page read and write
|
||
|
489E000
|
direct allocation
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
AB6000
|
heap
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
3521000
|
trusted library allocation
|
page read and write
|
||
|
3E00000
|
heap
|
page read and write
|
||
|
4683000
|
direct allocation
|
page read and write
|
||
|
3C8F000
|
heap
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
923000
|
trusted library allocation
|
page execute and read and write
|
||
|
39D5000
|
heap
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
92D000
|
trusted library allocation
|
page execute and read and write
|
||
|
930000
|
trusted library allocation
|
page read and write
|
||
|
C8A000
|
heap
|
page read and write
|
||
|
4F8000
|
stack
|
page read and write
|
||
|
4ACC000
|
stack
|
page read and write
|
||
|
3B41000
|
heap
|
page read and write
|
||
|
2596000
|
trusted library allocation
|
page read and write
|
||
|
3E3E000
|
heap
|
page read and write
|
||
|
CBB000
|
heap
|
page read and write
|
||
|
980000
|
trusted library allocation
|
page execute and read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
482000
|
unkown
|
page readonly
|
||
|
BA6000
|
heap
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
4560000
|
direct allocation
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
4829000
|
direct allocation
|
page read and write
|
||
|
4A83000
|
heap
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
4C6E000
|
stack
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
4D6E000
|
stack
|
page read and write
|
||
|
5CA0000
|
trusted library allocation
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
5790000
|
heap
|
page read and write
|
||
|
4EAE000
|
stack
|
page read and write
|
||
|
2628000
|
trusted library allocation
|
page read and write
|
||
|
5C6000
|
heap
|
page read and write
|
||
|
3DB2000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
9A0000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
57C6000
|
heap
|
page read and write
|
||
|
8FE000
|
stack
|
page read and write
|
||
|
35CE000
|
stack
|
page read and write
|
||
|
3E8D000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4560000
|
direct allocation
|
page read and write
|
||
|
2623000
|
trusted library allocation
|
page read and write
|
||
|
5C90000
|
heap
|
page read and write
|
||
|
4829000
|
direct allocation
|
page read and write
|
||
|
3F15000
|
heap
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
482000
|
unkown
|
page readonly
|
||
|
910000
|
trusted library allocation
|
page read and write
|
||
|
358C000
|
trusted library allocation
|
page read and write
|
||
|
2555000
|
trusted library allocation
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
94A000
|
trusted library allocation
|
page execute and read and write
|
||
|
482D000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4683000
|
direct allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
2616000
|
trusted library allocation
|
page read and write
|
||
|
4A80000
|
heap
|
page read and write
|
||
|
482D000
|
direct allocation
|
page read and write
|
||
|
244E000
|
stack
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
924000
|
trusted library allocation
|
page read and write
|
||
|
3F09000
|
heap
|
page read and write
|
||
|
482D000
|
direct allocation
|
page read and write
|
||
|
3E09000
|
heap
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
43F6000
|
heap
|
page read and write
|
||
|
93D000
|
trusted library allocation
|
page execute and read and write
|
||
|
39CF000
|
stack
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
3E84000
|
heap
|
page read and write
|
||
|
24ED000
|
trusted library allocation
|
page read and write
|
||
|
4C2C000
|
stack
|
page read and write
|
||
|
4560000
|
direct allocation
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
942000
|
trusted library allocation
|
page read and write
|
||
|
4560000
|
direct allocation
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
3CEE000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
3D33000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
4829000
|
direct allocation
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
50D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E5000
|
heap
|
page read and write
|
||
|
990000
|
trusted library allocation
|
page read and write
|
||
|
4960000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
461E000
|
stack
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
490000
|
unkown
|
page read and write
|
||
|
424A000
|
heap
|
page read and write
|
||
|
A4E000
|
stack
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
3B40000
|
heap
|
page read and write
|
||
|
147E000
|
stack
|
page read and write
|
||
|
3E09000
|
heap
|
page read and write
|
||
|
3DBC000
|
heap
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
5F60000
|
heap
|
page read and write
|
||
|
50BE000
|
stack
|
page read and write
|
||
|
CBE000
|
heap
|
page read and write
|
||
|
187F000
|
stack
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
957000
|
trusted library allocation
|
page execute and read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
489E000
|
direct allocation
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
24CB000
|
trusted library allocation
|
page read and write
|
||
|
4A7000
|
unkown
|
page read and write
|
||
|
1AA000
|
stack
|
page read and write
|
||
|
4560000
|
direct allocation
|
page read and write
|
||
|
3F34000
|
heap
|
page read and write
|
||
|
24A0000
|
heap
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
7F630000
|
trusted library allocation
|
page execute and read and write
|
||
|
3BBD000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
3F11000
|
heap
|
page execute and read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
588000
|
heap
|
page read and write
|
||
|
50C0000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
25E6000
|
trusted library allocation
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
3E40000
|
heap
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
489E000
|
direct allocation
|
page read and write
|
||
|
2521000
|
trusted library allocation
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
490000
|
unkown
|
page write copy
|
||
|
3E8E000
|
heap
|
page read and write
|
||
|
482D000
|
direct allocation
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
3DF6000
|
heap
|
page read and write
|
||
|
24DA000
|
trusted library allocation
|
page read and write
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
95B000
|
trusted library allocation
|
page execute and read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
3CF3000
|
heap
|
page read and write
|
||
|
CB6000
|
heap
|
page read and write
|
||
|
3E8E000
|
heap
|
page read and write
|
There are 288 hidden memdumps, click here to show them.