Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
0pF5Vz4xG4.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
Chrome Cache Entry: 100
|
PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 101
|
ASCII text, with very long lines (46318), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 102
|
PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 103
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 104
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1300x300, components
3
|
dropped
|
||
Chrome Cache Entry: 105
|
ASCII text, with very long lines (65409)
|
downloaded
|
||
Chrome Cache Entry: 106
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 107
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 71
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 72
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 73
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 74
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 75
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 76
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 77
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1300x300, components
3
|
downloaded
|
||
Chrome Cache Entry: 78
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 79
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 80
|
Web Open Font Format (Version 2), TrueType, length 18768, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 81
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 82
|
ASCII text, with very long lines (52717), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 83
|
exported SGML document, ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 84
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 85
|
HTML document, ASCII text, with very long lines (516), with CRLF, LF line terminators
|
downloaded
|
||
Chrome Cache Entry: 86
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 87
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 88
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
downloaded
|
||
Chrome Cache Entry: 89
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 90
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 91
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
dropped
|
||
Chrome Cache Entry: 92
|
PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 93
|
ASCII text, with very long lines (31813), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 94
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 95
|
PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 96
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 97
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 98
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 99
|
ASCII text, with very long lines (31813), with no line terminators
|
downloaded
|
There are 28 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\0pF5Vz4xG4.exe
|
"C:\Users\user\Desktop\0pF5Vz4xG4.exe"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0pF5Vz4xG4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=1556 --field-trial-handle=2072,i,2833464812255304590,11198771505965286401,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0pF5Vz4xG4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1928,i,15172110000776622718,9297871655836015958,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf
|
unknown
|
||
https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md
|
unknown
|
||
https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725
|
unknown
|
||
https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev
|
unknown
|
||
https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js
|
13.107.246.45
|
||
https://github.com/Thraka
|
unknown
|
||
https://aka.ms/MSBuildChallenge/T1?ocid=build24_csc_learnpromo_T1_cnl
|
unknown
|
||
https://github.com/dotnet/docs/issues
|
unknown
|
||
http://polymer.github.io/PATENTS.txt
|
unknown
|
||
https://aka.ms/certhelp
|
unknown
|
||
https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/
|
unknown
|
||
https://www.linkedin.com/cws/share?url=$
|
unknown
|
||
https://aka.ms/ContentUserFeedback
|
unknown
|
||
https://github.com/mairaw
|
unknown
|
||
https://schema.org
|
unknown
|
||
http://polymer.github.io/LICENSE.txt
|
unknown
|
||
https://github.com/Youssef1313
|
unknown
|
||
http://polymer.github.io/AUTHORS.txt
|
unknown
|
||
https://aka.ms/banner_mslearn_tier1?wt.mc_id=build24_t1_learnpromotion_events
|
unknown
|
||
https://aka.ms/yourcaliforniaprivacychoices
|
unknown
|
||
https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml
|
unknown
|
||
https://github.com/nschonni
|
unknown
|
||
https://management.azure.com/subscriptions?api-version=2016-06-01
|
unknown
|
||
https://github.com/adegeo
|
unknown
|
||
https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md
|
unknown
|
||
https://aka.ms/pshelpmechoose
|
unknown
|
||
https://aka.ms/feedback/report?space=61
|
unknown
|
||
https://github.com/jonschlinkert/is-plain-object
|
unknown
|
||
https://octokit.github.io/rest.js/#throttling
|
unknown
|
||
https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2017-0
|
unknown
|
||
https://github.com/js-cookie/js-cookie
|
unknown
|
||
https://learn-video.azurefd.net/vod/player
|
unknown
|
||
https://twitter.com/intent/tweet?original_referer=$
|
unknown
|
||
https://github.com/$
|
unknown
|
||
https://github.com/gewarren
|
unknown
|
||
http://schema.org/Organization
|
unknown
|
||
http://polymer.github.io/CONTRIBUTORS.txt
|
unknown
|
||
https://channel9.msdn.com/
|
unknown
|
||
https://www.linkedin.com/profile/add?startTask=CERTIFICATION_NAME&name=$
|
unknown
|
||
https://learn-video.azurefd.net/
|
unknown
|
||
https://github.com/dotnet/try
|
unknown
|
There are 31 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
part-0032.t-0009.t-msedge.net
|
13.107.246.60
|
||
www.google.com
|
216.58.206.36
|
||
js.monitor.azure.com
|
unknown
|
||
mdec.nelreports.net
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
13.107.246.45
|
part-0017.t-0009.t-msedge.net
|
United States
|
||
13.107.246.60
|
part-0032.t-0009.t-msedge.net
|
United States
|
||
192.168.2.6
|
unknown
|
unknown
|
||
216.58.206.36
|
www.google.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
B72000
|
unkown
|
page readonly
|
||
797B000
|
stack
|
page read and write
|
||
1A20000
|
heap
|
page read and write
|
||
1920000
|
heap
|
page read and write
|
||
1CA5000
|
heap
|
page read and write
|
||
5530000
|
heap
|
page read and write
|
||
1960000
|
heap
|
page read and write
|
||
17F7000
|
stack
|
page read and write
|
||
1A46000
|
heap
|
page read and write
|
||
1A2C000
|
heap
|
page read and write
|
||
7D7F000
|
stack
|
page read and write
|
||
1840000
|
heap
|
page read and write
|
||
717E000
|
stack
|
page read and write
|
||
19E0000
|
heap
|
page read and write
|
||
6D7E000
|
stack
|
page read and write
|
||
1BD0000
|
heap
|
page read and write
|
||
B70000
|
unkown
|
page readonly
|
||
1A8E000
|
heap
|
page read and write
|
||
1940000
|
heap
|
page read and write
|
||
5980000
|
trusted library allocation
|
page read and write
|
||
3CB0000
|
heap
|
page read and write
|
||
41AE000
|
stack
|
page read and write
|
||
5533000
|
heap
|
page read and write
|
||
1CA0000
|
heap
|
page read and write
|
||
1ACC000
|
heap
|
page read and write
|
||
817E000
|
stack
|
page read and write
|
||
2295000
|
heap
|
page read and write
|
||
697B000
|
stack
|
page read and write
|
||
269E000
|
stack
|
page read and write
|
||
2290000
|
heap
|
page read and write
|
||
20AE000
|
stack
|
page read and write
|
||
1AD4000
|
heap
|
page read and write
|
||
229A000
|
heap
|
page read and write
|
||
757F000
|
stack
|
page read and write
|
||
657B000
|
stack
|
page read and write
|
||
1A26000
|
heap
|
page read and write
|
There are 26 hidden memdumps, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=0pF5Vz4xG4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=0pF5Vz4xG4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=0pF5Vz4xG4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=0pF5Vz4xG4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=0pF5Vz4xG4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|