Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PO F1298-24 Fabric Order.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PO F1298-24 Fabr_697bf1cfe728f851d8e751bad862896dd0f1c69_57bd0835_fad05113-fe59-4ec5-9ada-2e05d5fb69b6\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6BA7.tmp.dmp
|
Mini DuMP crash report, 16 streams, Thu Oct 24 09:56:13 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6E48.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6E97.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_au4vegts.fju.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tacpqzc0.0qh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w3yzu04u.qpr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xkiufkyt.kek.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\PO F1298-24 Fabric Order.exe
|
"C:\Users\user\Desktop\PO F1298-24 Fabric Order.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO F1298-24
Fabric Order.exe" -Force
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 2452 -s 1604
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://mail.iaa-airferight.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.iaa-airferight.com
|
46.175.148.58
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
46.175.148.58
|
mail.iaa-airferight.com
|
Ukraine
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
EnableLUA
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance
|
Enabled
|
||
|
\REGISTRY\A\{d31a8976-5d75-e133-7d56-8fef445685a5}\Root\InventoryApplicationFile\po f1298-24 fabr|2023e8c60adf1024
|
ProgramId
|
||
|
\REGISTRY\A\{d31a8976-5d75-e133-7d56-8fef445685a5}\Root\InventoryApplicationFile\po f1298-24 fabr|2023e8c60adf1024
|
FileId
|
||
|
\REGISTRY\A\{d31a8976-5d75-e133-7d56-8fef445685a5}\Root\InventoryApplicationFile\po f1298-24 fabr|2023e8c60adf1024
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{d31a8976-5d75-e133-7d56-8fef445685a5}\Root\InventoryApplicationFile\po f1298-24 fabr|2023e8c60adf1024
|
LongPathHash
|
||
|
\REGISTRY\A\{d31a8976-5d75-e133-7d56-8fef445685a5}\Root\InventoryApplicationFile\po f1298-24 fabr|2023e8c60adf1024
|
Name
|
||
|
\REGISTRY\A\{d31a8976-5d75-e133-7d56-8fef445685a5}\Root\InventoryApplicationFile\po f1298-24 fabr|2023e8c60adf1024
|
OriginalFileName
|
||
|
\REGISTRY\A\{d31a8976-5d75-e133-7d56-8fef445685a5}\Root\InventoryApplicationFile\po f1298-24 fabr|2023e8c60adf1024
|
Publisher
|
||
|
\REGISTRY\A\{d31a8976-5d75-e133-7d56-8fef445685a5}\Root\InventoryApplicationFile\po f1298-24 fabr|2023e8c60adf1024
|
Version
|
||
|
\REGISTRY\A\{d31a8976-5d75-e133-7d56-8fef445685a5}\Root\InventoryApplicationFile\po f1298-24 fabr|2023e8c60adf1024
|
BinFileVersion
|
||
|
\REGISTRY\A\{d31a8976-5d75-e133-7d56-8fef445685a5}\Root\InventoryApplicationFile\po f1298-24 fabr|2023e8c60adf1024
|
BinaryType
|
||
|
\REGISTRY\A\{d31a8976-5d75-e133-7d56-8fef445685a5}\Root\InventoryApplicationFile\po f1298-24 fabr|2023e8c60adf1024
|
ProductName
|
||
|
\REGISTRY\A\{d31a8976-5d75-e133-7d56-8fef445685a5}\Root\InventoryApplicationFile\po f1298-24 fabr|2023e8c60adf1024
|
ProductVersion
|
||
|
\REGISTRY\A\{d31a8976-5d75-e133-7d56-8fef445685a5}\Root\InventoryApplicationFile\po f1298-24 fabr|2023e8c60adf1024
|
LinkDate
|
||
|
\REGISTRY\A\{d31a8976-5d75-e133-7d56-8fef445685a5}\Root\InventoryApplicationFile\po f1298-24 fabr|2023e8c60adf1024
|
BinProductVersion
|
||
|
\REGISTRY\A\{d31a8976-5d75-e133-7d56-8fef445685a5}\Root\InventoryApplicationFile\po f1298-24 fabr|2023e8c60adf1024
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{d31a8976-5d75-e133-7d56-8fef445685a5}\Root\InventoryApplicationFile\po f1298-24 fabr|2023e8c60adf1024
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{d31a8976-5d75-e133-7d56-8fef445685a5}\Root\InventoryApplicationFile\po f1298-24 fabr|2023e8c60adf1024
|
Size
|
||
|
\REGISTRY\A\{d31a8976-5d75-e133-7d56-8fef445685a5}\Root\InventoryApplicationFile\po f1298-24 fabr|2023e8c60adf1024
|
Language
|
||
|
\REGISTRY\A\{d31a8976-5d75-e133-7d56-8fef445685a5}\Root\InventoryApplicationFile\po f1298-24 fabr|2023e8c60adf1024
|
Usn
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2FBE000
|
trusted library allocation
|
page read and write
|
|
|
|
1855C594000
|
trusted library allocation
|
page read and write
|
|
|
|
2F71000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
1856CE42000
|
trusted library allocation
|
page read and write
|
|
|
|
1856C267000
|
trusted library allocation
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
566E000
|
stack
|
page read and write
|
||
|
1856ED71000
|
trusted library allocation
|
page read and write
|
||
|
1856C5AB000
|
trusted library allocation
|
page read and write
|
||
|
1855C294000
|
trusted library allocation
|
page read and write
|
||
|
1855A400000
|
unkown
|
page readonly
|
||
|
134A000
|
trusted library allocation
|
page execute and read and write
|
||
|
18573371000
|
trusted library allocation
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
6460000
|
trusted library allocation
|
page execute and read and write
|
||
|
4596AFE000
|
stack
|
page read and write
|
||
|
5450000
|
trusted library allocation
|
page read and write
|
||
|
1324000
|
trusted library allocation
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
1855A406000
|
unkown
|
page readonly
|
||
|
6BA0000
|
trusted library allocation
|
page read and write
|
||
|
5A80000
|
trusted library allocation
|
page read and write
|
||
|
1310000
|
trusted library allocation
|
page read and write
|
||
|
6450000
|
trusted library allocation
|
page read and write
|
||
|
2DE0000
|
heap
|
page execute and read and write
|
||
|
18574921000
|
trusted library allocation
|
page read and write
|
||
|
1855C0D0000
|
heap
|
page read and write
|
||
|
45967FE000
|
stack
|
page read and write
|
||
|
1855A5E0000
|
heap
|
page read and write
|
||
|
1855A4C0000
|
heap
|
page read and write
|
||
|
13C6000
|
heap
|
page read and write
|
||
|
64AD000
|
stack
|
page read and write
|
||
|
2E00000
|
trusted library allocation
|
page read and write
|
||
|
54D3000
|
heap
|
page read and write
|
||
|
62B7000
|
heap
|
page read and write
|
||
|
1855A630000
|
heap
|
page read and write
|
||
|
1855A805000
|
heap
|
page read and write
|
||
|
654E000
|
stack
|
page read and write
|
||
|
2E20000
|
trusted library allocation
|
page read and write
|
||
|
11A2000
|
heap
|
page read and write
|
||
|
1855A635000
|
heap
|
page read and write
|
||
|
1855C618000
|
trusted library allocation
|
page read and write
|
||
|
13BE000
|
stack
|
page read and write
|
||
|
1340000
|
trusted library allocation
|
page read and write
|
||
|
1856E371000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
11AA000
|
heap
|
page read and write
|
||
|
59CE000
|
stack
|
page read and write
|
||
|
3F71000
|
trusted library allocation
|
page read and write
|
||
|
45965FE000
|
stack
|
page read and write
|
||
|
1857443C000
|
heap
|
page read and write
|
||
|
588E000
|
stack
|
page read and write
|
||
|
45968FD000
|
stack
|
page read and write
|
||
|
2E3A000
|
trusted library allocation
|
page read and write
|
||
|
2DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
185743A0000
|
heap
|
page read and write
|
||
|
6BD0000
|
heap
|
page read and write
|
||
|
1115000
|
heap
|
page read and write
|
||
|
1323000
|
trusted library allocation
|
page execute and read and write
|
||
|
54D0000
|
heap
|
page read and write
|
||
|
598F000
|
stack
|
page read and write
|
||
|
18574427000
|
heap
|
page read and write
|
||
|
3FD7000
|
trusted library allocation
|
page read and write
|
||
|
2E26000
|
trusted library allocation
|
page read and write
|
||
|
6260000
|
heap
|
page read and write
|
||
|
1855A640000
|
heap
|
page read and write
|
||
|
185743E5000
|
heap
|
page read and write
|
||
|
1856D971000
|
trusted library allocation
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
1320000
|
trusted library allocation
|
page read and write
|
||
|
2E41000
|
trusted library allocation
|
page read and write
|
||
|
1855A64D000
|
heap
|
page read and write
|
||
|
1342000
|
trusted library allocation
|
page read and write
|
||
|
18572971000
|
trusted library allocation
|
page read and write
|
||
|
1350000
|
trusted library allocation
|
page read and write
|
||
|
1855C261000
|
trusted library allocation
|
page read and write
|
||
|
54BC000
|
stack
|
page read and write
|
||
|
4596BFE000
|
stack
|
page read and write
|
||
|
1855A6AA000
|
heap
|
page read and write
|
||
|
1855C150000
|
trusted library section
|
page read and write
|
||
|
18571571000
|
trusted library allocation
|
page read and write
|
||
|
2FD4000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
578C000
|
stack
|
page read and write
|
||
|
2E3E000
|
trusted library allocation
|
page read and write
|
||
|
1855A740000
|
trusted library allocation
|
page read and write
|
||
|
65A0000
|
trusted library allocation
|
page read and write
|
||
|
18575321000
|
trusted library allocation
|
page read and write
|
||
|
658E000
|
stack
|
page read and write
|
||
|
1855C250000
|
heap
|
page execute and read and write
|
||
|
65A7000
|
trusted library allocation
|
page read and write
|
||
|
5A8C000
|
trusted library allocation
|
page read and write
|
||
|
1855A773000
|
trusted library allocation
|
page read and write
|
||
|
1856F771000
|
trusted library allocation
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
1857441C000
|
heap
|
page read and write
|
||
|
4596153000
|
stack
|
page read and write
|
||
|
6282000
|
heap
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
CEA000
|
stack
|
page read and write
|
||
|
62AC000
|
heap
|
page read and write
|
||
|
4F78000
|
trusted library allocation
|
page read and write
|
||
|
6240000
|
heap
|
page read and write
|
||
|
1855A760000
|
trusted library allocation
|
page read and write
|
||
|
18571F71000
|
trusted library allocation
|
page read and write
|
||
|
1855A718000
|
heap
|
page read and write
|
||
|
1352000
|
trusted library allocation
|
page read and write
|
||
|
1855A6AE000
|
heap
|
page read and write
|
||
|
6DA0000
|
heap
|
page read and write
|
||
|
115D000
|
heap
|
page read and write
|
||
|
112B000
|
heap
|
page read and write
|
||
|
2F6E000
|
stack
|
page read and write
|
||
|
5460000
|
trusted library allocation
|
page read and write
|
||
|
185743ED000
|
heap
|
page read and write
|
||
|
613E000
|
stack
|
page read and write
|
||
|
132D000
|
trusted library allocation
|
page execute and read and write
|
||
|
45970FE000
|
stack
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
562E000
|
stack
|
page read and write
|
||
|
4596CFE000
|
stack
|
page read and write
|
||
|
5680000
|
heap
|
page execute and read and write
|
||
|
5A59000
|
trusted library allocation
|
page read and write
|
||
|
1856CF71000
|
trusted library allocation
|
page read and write
|
||
|
2DDC000
|
stack
|
page read and write
|
||
|
6BE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1855A65F000
|
heap
|
page read and write
|
||
|
5A50000
|
trusted library allocation
|
page read and write
|
||
|
3F99000
|
trusted library allocation
|
page read and write
|
||
|
1355000
|
trusted library allocation
|
page execute and read and write
|
||
|
624A000
|
heap
|
page read and write
|
||
|
2FBC000
|
trusted library allocation
|
page read and write
|
||
|
628A000
|
heap
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
133D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E4D000
|
trusted library allocation
|
page read and write
|
||
|
6B90000
|
trusted library allocation
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
1855A800000
|
heap
|
page read and write
|
||
|
1855A7A0000
|
heap
|
page execute and read and write
|
||
|
1855A6AC000
|
heap
|
page read and write
|
||
|
1855A402000
|
unkown
|
page readonly
|
||
|
135B000
|
trusted library allocation
|
page execute and read and write
|
||
|
54E0000
|
heap
|
page read and write
|
||
|
6590000
|
trusted library allocation
|
page execute and read and write
|
||
|
1855A5A0000
|
heap
|
page read and write
|
||
|
7F300000
|
trusted library allocation
|
page execute and read and write
|
||
|
1855A6B6000
|
heap
|
page read and write
|
||
|
45966FF000
|
stack
|
page read and write
|
||
|
1357000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E10000
|
trusted library allocation
|
page read and write
|
||
|
674E000
|
stack
|
page read and write
|
||
|
1346000
|
trusted library allocation
|
page execute and read and write
|
||
|
1856C261000
|
trusted library allocation
|
page read and write
|
||
|
2E32000
|
trusted library allocation
|
page read and write
|
||
|
18570171000
|
trusted library allocation
|
page read and write
|
||
|
1855A67F000
|
heap
|
page read and write
|
||
|
1855A707000
|
heap
|
page read and write
|
||
|
3F79000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
18570B71000
|
trusted library allocation
|
page read and write
|
||
|
DE9000
|
stack
|
page read and write
|
||
|
1855C638000
|
trusted library allocation
|
page read and write
|
||
|
1855A770000
|
trusted library allocation
|
page read and write
|
||
|
45971FB000
|
stack
|
page read and write
|
||
|
2E2E000
|
trusted library allocation
|
page read and write
|
||
|
1370000
|
trusted library allocation
|
page read and write
|
||
|
64B0000
|
trusted library allocation
|
page read and write
|
||
|
11C7000
|
heap
|
page read and write
|
||
|
185743E1000
|
heap
|
page read and write
|
||
|
2E46000
|
trusted library allocation
|
page read and write
|
||
|
6456000
|
trusted library allocation
|
page read and write
|
||
|
2FC6000
|
trusted library allocation
|
page read and write
|
||
|
1855A66A000
|
heap
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
6440000
|
heap
|
page read and write
|
||
|
1855A682000
|
heap
|
page read and write
|
||
|
45964FE000
|
stack
|
page read and write
|
||
|
1855A5C0000
|
heap
|
page read and write
|
||
|
2E2B000
|
trusted library allocation
|
page read and write
|
||
|
510E000
|
stack
|
page read and write
|
||
|
4596FFD000
|
stack
|
page read and write
|
There are 172 hidden memdumps, click here to show them.