Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
AjeraClient.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_AjeraClient.exe_6563b875ae84bf1f0c3457b8eec59433e179d_2fc16863_449eee62-fe53-4c3a-9d43-053e873c7c56\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER472.tmp.dmp
|
Mini DuMP crash report, 16 streams, Tue Mar 26 18:56:15 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER51F.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER54F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\AjeraClient.exe
|
"C:\Users\user\Desktop\AjeraClient.exe"
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 4292 -s 724
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://fa1171/Ajera/SAService.rem
|
unknown
|
||
http://help.deltek.com/learningcentersecurity.aspxSHelp
|
unknown
|
||
https://axwebservices.axium.com/webservices/ajeraservice.asmx
|
unknown
|
||
http://www.axium.com/solutioncenter7https://www.ajerausers.org/-Crystal
|
unknown
|
||
https://ajera.comEUnable
|
unknown
|
||
https://axium.nelcoportal.com/IntegrationService.svc
|
unknown
|
||
https://www.axium.com/DataUpload/
|
unknown
|
||
https://www.axium.com/DataUpload/ClientInvoiceDesignerInstallResults/cGCHandle
|
unknown
|
||
https://update.axium.com/SupportingFiles/9Downloading
|
unknown
|
||
https://axium.nelcoportal.com/IntegrationService.svc?
|
unknown
|
||
http://schemas.datacontract.org/2004/07/FileTaxes.PartnerIntegration.AccountSetup
|
unknown
|
||
http://nelcosolutions.com/IntegrationService/DashboardUrl
|
unknown
|
||
http://upx.sf.net
|
unknown
|
||
http://schemas.datacontract.org/2004/07/FileTaxes.PartnerIntegration.Transmit
|
unknown
|
||
http://nelcosolutions.com/IntegrationService/Transmit
|
unknown
|
||
https://axiumsdkdev.nelcoportal.com/IntegrationService.svc
|
unknown
|
||
http://www.axium.com/support/webinars.aspxghttp://www.axium.com/support/training-sessions.aspx
|
unknown
|
||
http://nelcosolutions.com/IntegrationService/AccountSetup
|
unknown
|
||
http://nelcosolutions.com/TU
|
unknown
|
||
http://www.axiumae.com/DataUpload/CustomCrystal/
|
unknown
|
||
https://update.axium.com/SqlServer/
|
unknown
|
||
http://nelcosolutions.com/T
|
unknown
|
||
http://www.axium.com/legal/SoftwareLicenseAjera.aspx/Ajera
|
unknown
|
||
https://www.billandpay.com/business/authapp.php?appid=
|
unknown
|
||
http://help.deltek.com/learningcentersecurity.aspx?version=8
|
unknown
|
||
https://www.axium.com/DataUpload/InstallResults/EUnable
|
unknown
|
||
http://www.axium.com/legal/SoftwareLicenseAjera.aspx?record=
|
unknown
|
||
http://www.greatland.com/Schemas/GWX/1.0/
|
unknown
|
||
http://www.surveymonkey.com/s/MGDWLLGkAxium
|
unknown
|
||
http://nelcosolutions.com/IntegrationService/EmailCredentials
|
unknown
|
||
http://nelcosolutions.com/
|
unknown
|
||
http://www.axium.com/company/contact-us.aspx
|
unknown
|
There are 22 hidden URLs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{bf96dddd-70ee-39bb-521d-6a71892ac1fe}\Root\InventoryApplicationFile\ajeraclient.exe|866e0f1d7e12b6a4
|
ProgramId
|
||
\REGISTRY\A\{bf96dddd-70ee-39bb-521d-6a71892ac1fe}\Root\InventoryApplicationFile\ajeraclient.exe|866e0f1d7e12b6a4
|
FileId
|
||
\REGISTRY\A\{bf96dddd-70ee-39bb-521d-6a71892ac1fe}\Root\InventoryApplicationFile\ajeraclient.exe|866e0f1d7e12b6a4
|
LowerCaseLongPath
|
||
\REGISTRY\A\{bf96dddd-70ee-39bb-521d-6a71892ac1fe}\Root\InventoryApplicationFile\ajeraclient.exe|866e0f1d7e12b6a4
|
LongPathHash
|
||
\REGISTRY\A\{bf96dddd-70ee-39bb-521d-6a71892ac1fe}\Root\InventoryApplicationFile\ajeraclient.exe|866e0f1d7e12b6a4
|
Name
|
||
\REGISTRY\A\{bf96dddd-70ee-39bb-521d-6a71892ac1fe}\Root\InventoryApplicationFile\ajeraclient.exe|866e0f1d7e12b6a4
|
OriginalFileName
|
||
\REGISTRY\A\{bf96dddd-70ee-39bb-521d-6a71892ac1fe}\Root\InventoryApplicationFile\ajeraclient.exe|866e0f1d7e12b6a4
|
Publisher
|
||
\REGISTRY\A\{bf96dddd-70ee-39bb-521d-6a71892ac1fe}\Root\InventoryApplicationFile\ajeraclient.exe|866e0f1d7e12b6a4
|
Version
|
||
\REGISTRY\A\{bf96dddd-70ee-39bb-521d-6a71892ac1fe}\Root\InventoryApplicationFile\ajeraclient.exe|866e0f1d7e12b6a4
|
BinFileVersion
|
||
\REGISTRY\A\{bf96dddd-70ee-39bb-521d-6a71892ac1fe}\Root\InventoryApplicationFile\ajeraclient.exe|866e0f1d7e12b6a4
|
BinaryType
|
||
\REGISTRY\A\{bf96dddd-70ee-39bb-521d-6a71892ac1fe}\Root\InventoryApplicationFile\ajeraclient.exe|866e0f1d7e12b6a4
|
ProductName
|
||
\REGISTRY\A\{bf96dddd-70ee-39bb-521d-6a71892ac1fe}\Root\InventoryApplicationFile\ajeraclient.exe|866e0f1d7e12b6a4
|
ProductVersion
|
||
\REGISTRY\A\{bf96dddd-70ee-39bb-521d-6a71892ac1fe}\Root\InventoryApplicationFile\ajeraclient.exe|866e0f1d7e12b6a4
|
LinkDate
|
||
\REGISTRY\A\{bf96dddd-70ee-39bb-521d-6a71892ac1fe}\Root\InventoryApplicationFile\ajeraclient.exe|866e0f1d7e12b6a4
|
BinProductVersion
|
||
\REGISTRY\A\{bf96dddd-70ee-39bb-521d-6a71892ac1fe}\Root\InventoryApplicationFile\ajeraclient.exe|866e0f1d7e12b6a4
|
AppxPackageFullName
|
||
\REGISTRY\A\{bf96dddd-70ee-39bb-521d-6a71892ac1fe}\Root\InventoryApplicationFile\ajeraclient.exe|866e0f1d7e12b6a4
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{bf96dddd-70ee-39bb-521d-6a71892ac1fe}\Root\InventoryApplicationFile\ajeraclient.exe|866e0f1d7e12b6a4
|
Size
|
||
\REGISTRY\A\{bf96dddd-70ee-39bb-521d-6a71892ac1fe}\Root\InventoryApplicationFile\ajeraclient.exe|866e0f1d7e12b6a4
|
Language
|
||
\REGISTRY\A\{bf96dddd-70ee-39bb-521d-6a71892ac1fe}\Root\InventoryApplicationFile\ajeraclient.exe|866e0f1d7e12b6a4
|
Usn
|
There are 9 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
C0B75FF000
|
stack
|
page read and write
|
||
287FAEA1000
|
heap
|
page read and write
|
||
287FABAC000
|
unkown
|
page readonly
|
||
287FAFA0000
|
heap
|
page read and write
|
||
287FADE0000
|
heap
|
page read and write
|
||
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
287FADE6000
|
heap
|
page read and write
|
||
287FA3D0000
|
unkown
|
page readonly
|
||
28790001000
|
trusted library allocation
|
page read and write
|
||
7FF848FEA000
|
trusted library allocation
|
page read and write
|
||
C0B76FF000
|
stack
|
page read and write
|
||
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
287FAEA6000
|
heap
|
page read and write
|
||
7FF848E24000
|
trusted library allocation
|
page read and write
|
||
28790003000
|
trusted library allocation
|
page read and write
|
||
C0B78FD000
|
stack
|
page read and write
|
||
287FAE54000
|
heap
|
page read and write
|
||
287FAE0B000
|
heap
|
page read and write
|
||
287FAD40000
|
heap
|
page read and write
|
||
287FADEC000
|
heap
|
page read and write
|
||
287FAE9F000
|
heap
|
page read and write
|
||
287FADD0000
|
trusted library allocation
|
page read and write
|
||
287FAE20000
|
heap
|
page read and write
|
||
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
287FB165000
|
heap
|
page read and write
|
||
C0B77FE000
|
stack
|
page read and write
|
||
287FAF30000
|
heap
|
page read and write
|
||
287FA3D0000
|
unkown
|
page readonly
|
||
28790008000
|
trusted library allocation
|
page read and write
|
||
287FA930000
|
unkown
|
page readonly
|
||
287FB160000
|
heap
|
page read and write
|
||
287FAE56000
|
heap
|
page read and write
|
||
287FC8B0000
|
heap
|
page read and write
|
||
28780001000
|
trusted library allocation
|
page read and write
|
||
287FAC40000
|
heap
|
page read and write
|
||
287FAD20000
|
heap
|
page read and write
|
||
287FAEC1000
|
heap
|
page read and write
|
||
287FABC0000
|
unkown
|
page readonly
|
||
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
287FCAA0000
|
heap
|
page execute and read and write
|
||
287FAE0D000
|
heap
|
page read and write
|
||
7FF4DA200000
|
trusted library allocation
|
page execute and read and write
|
||
287FAE4E000
|
heap
|
page read and write
|
||
287FAE23000
|
heap
|
page read and write
|
||
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
287FADB0000
|
trusted library allocation
|
page read and write
|
||
287FA3D2000
|
unkown
|
page readonly
|
||
C0B718D000
|
stack
|
page read and write
|
||
7FF848FDC000
|
trusted library allocation
|
page read and write
|
||
287FAD60000
|
heap
|
page read and write
|
||
287FAE15000
|
heap
|
page read and write
|
||
7FF848ED0000
|
trusted library allocation
|
page execute and read and write
|
||
C0B74FE000
|
stack
|
page read and write
|
There are 44 hidden memdumps, click here to show them.