Purchase Order.exe
| Engine | Download Report | Detection | Info |
|---|---|---|---|
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
| IP | Country | Detection |
|---|---|---|
| 104.23.98.190 | United States |  |
| 172.67.143.180 | United States | |
| Name | IP | Detection |
|---|---|---|
| hastebin.com | 172.67.143.180 | |
| pastebin.com | 104.23.98.190 | |
| Name | Detection |
|---|---|
| http://crl.m | |
| https://hastebin.com/raw/zuquyuqaxa | |
| https://hastebin.com/raw/gozovupono | |
| Click to see the 23 hidden entries | |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
| https://hastebin.com/raw/uwukixowoh | |
| https://hastebin.com/raw/xoqevokuwo | |
| https://hastebin.com/raw/ekebahoxiz | |
| https://nuget.org/nuget.exe | |
| https://contoso.com/ | |
| http://schemas.xmlsoap.org/wsdl/ | |
| https://hastebin.com/raw/oxihusiwib | |
| https://hastebin.com/raw/aliyepiqox | |
| https://hastebin.com/raw/lutejitifu | |
| http://nuget.org/NuGet.exe | |
| https://hastebin.com/raw/sololedeto | |
| https://github.com/Pester/Pester | |
| https://hastebin.comD8 | |
| https://hastebin.com/raw/uxubocuvah | |
| https://hastebin.com/raw/duholiwaga | |
| https://contoso.com/Icon | |
| https://contoso.com/License | |
| https://hastebin.com/raw/ehakafilad | |
| http://www.apache.org/licenses/LICENSE-2.0.html | |
| http://schemas.xmlsoap.org/soap/encoding/ | |
| http://pesterbdd.com/images/Pester.png | |
| https://hastebin.com/raw/rinitihulu | |
| Name | File Type | Hashes | Detection |
|---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Purchase Order.exe.log |
ASCII text, with CRLF line terminators | # |  |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Purchase Order.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Purchase Order.exe:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
| Click to see the 13 hidden entries | |||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2g5p2lof.5bd.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3mnjijpy.0bm.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ilsjxgv4.chu.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n1dv2eqm.snp.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nrlm20hg.f3o.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ovek3yt1.yvg.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rfhy14t3.1da.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s4ufayo1.1u4.ps1 |
very short file (no magic) | # | |
C:\Users\user\Documents\20201127\PowerShell_transcript.367706.87+teOkT.20201127154838.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20201127\PowerShell_transcript.367706.a6tVQ7J_.20201127154839.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20201127\PowerShell_transcript.367706.kwApZ3uC.20201127154838.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20201127\PowerShell_transcript.367706.yvGWKClR.20201127154836.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
