Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Purchase Order.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Purchase Order.e_9c9d8a936f78fc7233192adcce1af5ce3649f62_cf8f988c_d81421a5-7655-44c6-931c-fe982a34b843\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9980.tmp.dmp
|
Mini DuMP crash report, 15 streams, Fri Apr 5 09:52:04 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9AA9.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9ACA.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Purchase Order.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Purchase Order.exe
|
"C:\Users\user\Desktop\Purchase Order.exe"
|
|
|
|
C:\Users\user\Desktop\Purchase Order.exe
|
"C:\Users\user\Desktop\Purchase Order.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 1516
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
http://checkip.dyndns.org/
|
132.226.8.169
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://tempuri.org/DataSet1.xsdCEscolha
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
https://scratchdreams.tk
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
checkip.dyndns.org
|
unknown
|
|
|
|
checkip.dyndns.com
|
132.226.8.169
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
132.226.8.169
|
checkip.dyndns.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Purchase Order_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Purchase Order_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Purchase Order_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Purchase Order_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Purchase Order_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Purchase Order_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Purchase Order_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Purchase Order_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Purchase Order_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Purchase Order_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Purchase Order_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Purchase Order_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Purchase Order_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Purchase Order_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{db271118-31cd-95c7-aac9-accb13619682}\Root\InventoryApplicationFile\purchase order.e|6fa3ddd4ab677643
|
ProgramId
|
||
|
\REGISTRY\A\{db271118-31cd-95c7-aac9-accb13619682}\Root\InventoryApplicationFile\purchase order.e|6fa3ddd4ab677643
|
FileId
|
||
|
\REGISTRY\A\{db271118-31cd-95c7-aac9-accb13619682}\Root\InventoryApplicationFile\purchase order.e|6fa3ddd4ab677643
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{db271118-31cd-95c7-aac9-accb13619682}\Root\InventoryApplicationFile\purchase order.e|6fa3ddd4ab677643
|
LongPathHash
|
||
|
\REGISTRY\A\{db271118-31cd-95c7-aac9-accb13619682}\Root\InventoryApplicationFile\purchase order.e|6fa3ddd4ab677643
|
Name
|
||
|
\REGISTRY\A\{db271118-31cd-95c7-aac9-accb13619682}\Root\InventoryApplicationFile\purchase order.e|6fa3ddd4ab677643
|
OriginalFileName
|
||
|
\REGISTRY\A\{db271118-31cd-95c7-aac9-accb13619682}\Root\InventoryApplicationFile\purchase order.e|6fa3ddd4ab677643
|
Publisher
|
||
|
\REGISTRY\A\{db271118-31cd-95c7-aac9-accb13619682}\Root\InventoryApplicationFile\purchase order.e|6fa3ddd4ab677643
|
Version
|
||
|
\REGISTRY\A\{db271118-31cd-95c7-aac9-accb13619682}\Root\InventoryApplicationFile\purchase order.e|6fa3ddd4ab677643
|
BinFileVersion
|
||
|
\REGISTRY\A\{db271118-31cd-95c7-aac9-accb13619682}\Root\InventoryApplicationFile\purchase order.e|6fa3ddd4ab677643
|
BinaryType
|
||
|
\REGISTRY\A\{db271118-31cd-95c7-aac9-accb13619682}\Root\InventoryApplicationFile\purchase order.e|6fa3ddd4ab677643
|
ProductName
|
||
|
\REGISTRY\A\{db271118-31cd-95c7-aac9-accb13619682}\Root\InventoryApplicationFile\purchase order.e|6fa3ddd4ab677643
|
ProductVersion
|
||
|
\REGISTRY\A\{db271118-31cd-95c7-aac9-accb13619682}\Root\InventoryApplicationFile\purchase order.e|6fa3ddd4ab677643
|
LinkDate
|
||
|
\REGISTRY\A\{db271118-31cd-95c7-aac9-accb13619682}\Root\InventoryApplicationFile\purchase order.e|6fa3ddd4ab677643
|
BinProductVersion
|
||
|
\REGISTRY\A\{db271118-31cd-95c7-aac9-accb13619682}\Root\InventoryApplicationFile\purchase order.e|6fa3ddd4ab677643
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{db271118-31cd-95c7-aac9-accb13619682}\Root\InventoryApplicationFile\purchase order.e|6fa3ddd4ab677643
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{db271118-31cd-95c7-aac9-accb13619682}\Root\InventoryApplicationFile\purchase order.e|6fa3ddd4ab677643
|
Size
|
||
|
\REGISTRY\A\{db271118-31cd-95c7-aac9-accb13619682}\Root\InventoryApplicationFile\purchase order.e|6fa3ddd4ab677643
|
Language
|
||
|
\REGISTRY\A\{db271118-31cd-95c7-aac9-accb13619682}\Root\InventoryApplicationFile\purchase order.e|6fa3ddd4ab677643
|
Usn
|
There are 24 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2EF1000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
3C5E000
|
trusted library allocation
|
page read and write
|
|
|
|
6B20000
|
heap
|
page read and write
|
||
|
DEB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2ADC000
|
trusted library allocation
|
page read and write
|
||
|
4F80000
|
trusted library section
|
page readonly
|
||
|
59CE000
|
stack
|
page read and write
|
||
|
B1A000
|
heap
|
page read and write
|
||
|
147E000
|
stack
|
page read and write
|
||
|
AED000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A45000
|
trusted library allocation
|
page read and write
|
||
|
4E40000
|
heap
|
page read and write
|
||
|
10E0000
|
trusted library allocation
|
page read and write
|
||
|
2A40000
|
trusted library allocation
|
page read and write
|
||
|
129D000
|
heap
|
page read and write
|
||
|
1480000
|
heap
|
page read and write
|
||
|
5470000
|
heap
|
page read and write
|
||
|
5240000
|
trusted library allocation
|
page read and write
|
||
|
7142000
|
trusted library allocation
|
page read and write
|
||
|
BB6000
|
heap
|
page read and write
|
||
|
5460000
|
heap
|
page read and write
|
||
|
DE2000
|
trusted library allocation
|
page read and write
|
||
|
61AE000
|
stack
|
page read and write
|
||
|
B1E000
|
heap
|
page read and write
|
||
|
2CC4000
|
trusted library allocation
|
page read and write
|
||
|
761E000
|
stack
|
page read and write
|
||
|
AA5000
|
heap
|
page read and write
|
||
|
10DE000
|
stack
|
page read and write
|
||
|
BBB000
|
stack
|
page read and write
|
||
|
2F9E000
|
trusted library allocation
|
page read and write
|
||
|
B55000
|
heap
|
page read and write
|
||
|
598E000
|
stack
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
62AE000
|
stack
|
page read and write
|
||
|
9EAE000
|
stack
|
page read and write
|
||
|
56C0000
|
heap
|
page execute and read and write
|
||
|
10F7000
|
heap
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
E9B000
|
stack
|
page read and write
|
||
|
28DE000
|
stack
|
page read and write
|
||
|
1412000
|
trusted library allocation
|
page read and write
|
||
|
A6E000
|
stack
|
page read and write
|
||
|
5330000
|
heap
|
page read and write
|
||
|
DE7000
|
trusted library allocation
|
page execute and read and write
|
||
|
EF7000
|
stack
|
page read and write
|
||
|
121A000
|
heap
|
page read and write
|
||
|
E5E000
|
stack
|
page read and write
|
||
|
B00000
|
trusted library allocation
|
page read and write
|
||
|
4FB0000
|
heap
|
page read and write
|
||
|
AF0000
|
trusted library allocation
|
page read and write
|
||
|
EA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
12D7000
|
heap
|
page read and write
|
||
|
4E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
5340000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FA0000
|
heap
|
page read and write
|
||
|
2F96000
|
trusted library allocation
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
6D5E000
|
stack
|
page read and write
|
||
|
5070000
|
trusted library allocation
|
page read and write
|
||
|
3AD7000
|
trusted library allocation
|
page read and write
|
||
|
FDF000
|
stack
|
page read and write
|
||
|
AFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
9DAE000
|
stack
|
page read and write
|
||
|
B59000
|
heap
|
page read and write
|
||
|
2B02000
|
trusted library allocation
|
page read and write
|
||
|
EC0000
|
trusted library allocation
|
page read and write
|
||
|
60AE000
|
stack
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
13F0000
|
trusted library allocation
|
page read and write
|
||
|
292E000
|
stack
|
page read and write
|
||
|
AD0000
|
trusted library allocation
|
page read and write
|
||
|
28EE000
|
trusted library allocation
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
568E000
|
stack
|
page read and write
|
||
|
BBA000
|
heap
|
page read and write
|
||
|
11F8000
|
heap
|
page read and write
|
||
|
4E50000
|
trusted library allocation
|
page read and write
|
||
|
11D0000
|
trusted library allocation
|
page read and write
|
||
|
594E000
|
stack
|
page read and write
|
||
|
B4F000
|
heap
|
page read and write
|
||
|
86A000
|
stack
|
page read and write
|
||
|
3EF7000
|
trusted library allocation
|
page read and write
|
||
|
4DC0000
|
trusted library allocation
|
page read and write
|
||
|
141B000
|
trusted library allocation
|
page execute and read and write
|
||
|
28E5000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
trusted library allocation
|
page read and write
|
||
|
11E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A81000
|
trusted library allocation
|
page read and write
|
||
|
590E000
|
stack
|
page read and write
|
||
|
140A000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C5E000
|
stack
|
page read and write
|
||
|
4DC4000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
5350000
|
heap
|
page read and write
|
||
|
4DCB000
|
trusted library allocation
|
page read and write
|
||
|
11E4000
|
trusted library allocation
|
page read and write
|
||
|
5560000
|
trusted library allocation
|
page read and write
|
||
|
108E000
|
stack
|
page read and write
|
||
|
2A3C000
|
stack
|
page read and write
|
||
|
63EE000
|
stack
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
4E56000
|
trusted library allocation
|
page read and write
|
||
|
4DDE000
|
trusted library allocation
|
page read and write
|
||
|
6F37000
|
trusted library allocation
|
page read and write
|
||
|
BAD000
|
heap
|
page read and write
|
||
|
B44000
|
heap
|
page read and write
|
||
|
5250000
|
heap
|
page read and write
|
||
|
5D6000
|
unkown
|
page readonly
|
||
|
B37000
|
heap
|
page read and write
|
||
|
550000
|
unkown
|
page readonly
|
||
|
6E80000
|
trusted library section
|
page read and write
|
||
|
3B25000
|
trusted library allocation
|
page read and write
|
||
|
5355000
|
heap
|
page read and write
|
||
|
A2E000
|
stack
|
page read and write
|
||
|
AE0000
|
trusted library allocation
|
page read and write
|
||
|
62EE000
|
stack
|
page read and write
|
||
|
1640000
|
heap
|
page read and write
|
||
|
580E000
|
stack
|
page read and write
|
||
|
28E0000
|
trusted library allocation
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
DDE000
|
stack
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
11AF000
|
stack
|
page read and write
|
||
|
E00000
|
trusted library allocation
|
page read and write
|
||
|
3A89000
|
trusted library allocation
|
page read and write
|
||
|
1430000
|
trusted library allocation
|
page read and write
|
||
|
1417000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F7B000
|
stack
|
page read and write
|
||
|
3F19000
|
trusted library allocation
|
page read and write
|
||
|
1410000
|
trusted library allocation
|
page read and write
|
||
|
642E000
|
stack
|
page read and write
|
||
|
4DED000
|
trusted library allocation
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
6F00000
|
trusted library allocation
|
page read and write
|
||
|
4E00000
|
trusted library allocation
|
page read and write
|
||
|
1406000
|
trusted library allocation
|
page execute and read and write
|
||
|
10A5000
|
heap
|
page read and write
|
||
|
5080000
|
heap
|
page execute and read and write
|
||
|
2A70000
|
heap
|
page execute and read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
4FEE000
|
stack
|
page read and write
|
||
|
1620000
|
trusted library allocation
|
page execute and read and write
|
||
|
13EE000
|
stack
|
page read and write
|
||
|
AE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
652E000
|
stack
|
page read and write
|
||
|
4E70000
|
trusted library allocation
|
page read and write
|
||
|
57CE000
|
stack
|
page read and write
|
||
|
881E000
|
stack
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page execute and read and write
|
||
|
2FB1000
|
trusted library allocation
|
page read and write
|
||
|
AE4000
|
trusted library allocation
|
page read and write
|
||
|
2EEF000
|
stack
|
page read and write
|
||
|
710E000
|
stack
|
page read and write
|
||
|
2CC6000
|
trusted library allocation
|
page read and write
|
||
|
11ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
120E000
|
heap
|
page read and write
|
||
|
103E000
|
stack
|
page read and write
|
||
|
1630000
|
trusted library allocation
|
page read and write
|
||
|
2ABE000
|
trusted library allocation
|
page read and write
|
||
|
2CC0000
|
trusted library allocation
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
5060000
|
trusted library section
|
page read and write
|
||
|
4DE1000
|
trusted library allocation
|
page read and write
|
||
|
5230000
|
trusted library section
|
page read and write
|
||
|
B0A000
|
trusted library allocation
|
page execute and read and write
|
||
|
B06000
|
trusted library allocation
|
page execute and read and write
|
||
|
7620000
|
heap
|
page read and write
|
||
|
2C9D000
|
stack
|
page read and write
|
||
|
552000
|
unkown
|
page readonly
|
||
|
2DC5000
|
trusted library allocation
|
page read and write
|
||
|
AF3000
|
trusted library allocation
|
page read and write
|
||
|
B51000
|
heap
|
page read and write
|
||
|
4F90000
|
heap
|
page read and write
|
||
|
3EF1000
|
trusted library allocation
|
page read and write
|
||
|
4DF2000
|
trusted library allocation
|
page read and write
|
||
|
2A50000
|
trusted library allocation
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
967000
|
stack
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
BDD000
|
heap
|
page read and write
|
||
|
2CDB000
|
trusted library allocation
|
page read and write
|
||
|
5430000
|
trusted library allocation
|
page read and write
|
||
|
4DE6000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
4FB3000
|
heap
|
page read and write
|
||
|
545E000
|
stack
|
page read and write
|
||
|
5040000
|
trusted library allocation
|
page execute and read and write
|
||
|
1226000
|
heap
|
page read and write
|
||
|
522E000
|
stack
|
page read and write
|
||
|
2AEB000
|
trusted library allocation
|
page read and write
|
||
|
2F9B000
|
trusted library allocation
|
page read and write
|
||
|
2AE6000
|
trusted library allocation
|
page read and write
|
||
|
5490000
|
heap
|
page read and write
|
||
|
6F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
3A81000
|
trusted library allocation
|
page read and write
|
||
|
4E52000
|
trusted library allocation
|
page read and write
|
||
|
2FAE000
|
trusted library allocation
|
page read and write
|
||
|
3B73000
|
trusted library allocation
|
page read and write
|
||
|
5440000
|
heap
|
page read and write
|
There are 193 hidden memdumps, click here to show them.