Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
7F95320763FDCB0F731CE91FB8E178D4110E10A1D56836F442BA34C6F2A631F6.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 15:53:07 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 15:53:07 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 15:53:07 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 15:53:07 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 15:53:07 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 150
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 151
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 152
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 153
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 154
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 155
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 156
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 157
|
ASCII text, with very long lines (65410)
|
dropped
|
||
Chrome Cache Entry: 158
|
Web Open Font Format (Version 2), TrueType, length 18768, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 159
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 160
|
ASCII text, with very long lines (65410)
|
downloaded
|
||
Chrome Cache Entry: 161
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 162
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 163
|
ASCII text, with very long lines (52717), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 164
|
ASCII text, with very long lines (52717), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 165
|
exported SGML document, ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 166
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 167
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
downloaded
|
||
Chrome Cache Entry: 168
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 169
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
dropped
|
||
Chrome Cache Entry: 170
|
PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 171
|
ASCII text, with very long lines (32029), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 172
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 173
|
PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 174
|
ASCII text, with CRLF line terminators
|
dropped
|
||
Chrome Cache Entry: 175
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 176
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 177
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 178
|
exported SGML document, ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 179
|
HTML document, ASCII text, with very long lines (639), with CRLF, LF line terminators
|
downloaded
|
||
Chrome Cache Entry: 180
|
ASCII text, with very long lines (46884)
|
dropped
|
||
Chrome Cache Entry: 181
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 182
|
ASCII text, with very long lines (32029), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 183
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 184
|
PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 185
|
PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 186
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 187
|
ASCII text, with very long lines (46884)
|
downloaded
|
||
Chrome Cache Entry: 188
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 189
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
dropped
|
There are 37 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\7F95320763FDCB0F731CE91FB8E178D4110E10A1D56836F442BA34C6F2A631F6.exe
|
"C:\Users\user\Desktop\7F95320763FDCB0F731CE91FB8E178D4110E10A1D56836F442BA34C6F2A631F6.exe"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=7F95320763FDCB0F731CE91FB8E178D4110E10A1D56836F442BA34C6F2A631F6.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=1700 --field-trial-handle=1884,i,637461877397389753,4389975086437105104,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=7F95320763FDCB0F731CE91FB8E178D4110E10A1D56836F442BA34C6F2A631F6.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1936,i,10713725616331725220,8343982404964030147,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf
|
unknown
|
||
https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md
|
unknown
|
||
https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725
|
unknown
|
||
https://client-api.arkoselabs.com/v2/api.js
|
unknown
|
||
https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev
|
unknown
|
||
https://github.com/Thraka
|
unknown
|
||
https://github.com/dotnet/docs/issues
|
unknown
|
||
http://polymer.github.io/PATENTS.txt
|
unknown
|
||
https://aka.ms/LFO_Events?wt.mc_id=esi_lfobannerevents_webpage_wwl
|
unknown
|
||
https://aka.ms/certhelp
|
unknown
|
||
https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/
|
unknown
|
||
https://www.linkedin.com/cws/share?url=$
|
unknown
|
||
https://aka.ms/ContentUserFeedback
|
unknown
|
||
https://github.com/mairaw
|
unknown
|
||
https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
|
13.107.246.42
|
||
https://schema.org
|
unknown
|
||
http://polymer.github.io/LICENSE.txt
|
unknown
|
||
https://github.com/Youssef1313
|
unknown
|
||
http://polymer.github.io/AUTHORS.txt
|
unknown
|
||
https://aka.ms/yourcaliforniaprivacychoices
|
unknown
|
||
https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml
|
unknown
|
||
https://github.com/nschonni
|
unknown
|
||
https://aka.ms/DP600/Plan/LearnT2?ocid=fabric24-dp600plan_learnpromo_T2_ad
|
unknown
|
||
https://management.azure.com/subscriptions?api-version=2016-06-01
|
unknown
|
||
https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0
|
unknown
|
||
https://github.com/adegeo
|
unknown
|
||
https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md
|
unknown
|
||
https://aka.ms/pshelpmechoose
|
unknown
|
||
https://aka.ms/feedback/report?space=61
|
unknown
|
||
https://github.com/jonschlinkert/is-plain-object
|
unknown
|
||
https://octokit.github.io/rest.js/#throttling
|
unknown
|
||
https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2017-0
|
unknown
|
||
https://github.com/js-cookie/js-cookie
|
unknown
|
||
https://learn-video.azurefd.net/vod/player
|
unknown
|
||
https://twitter.com/intent/tweet?original_referer=$
|
unknown
|
||
https://github.com/$
|
unknown
|
||
https://github.com/gewarren
|
unknown
|
||
http://schema.org/Organization
|
unknown
|
||
http://polymer.github.io/CONTRIBUTORS.txt
|
unknown
|
||
https://channel9.msdn.com/
|
unknown
|
||
https://learn-video.azurefd.net/
|
unknown
|
||
https://github.com/dotnet/try
|
unknown
|
There are 32 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
js.monitor.azure.com
|
unknown
|
||
mdec.nelreports.net
|
unknown
|
||
s-part-0014.t-0009.t-msedge.net
|
13.107.246.42
|
||
www.google.com
|
142.250.185.132
|
||
s-part-0032.t-0009.t-msedge.net
|
13.107.246.60
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
13.107.246.42
|
s-part-0014.t-0009.t-msedge.net
|
United States
|
||
142.250.185.132
|
www.google.com
|
United States
|
||
142.250.185.100
|
unknown
|
United States
|
||
13.107.246.60
|
s-part-0032.t-0009.t-msedge.net
|
United States
|
||
192.168.2.5
|
unknown
|
unknown
|
||
239.255.255.250
|
unknown
|
Reserved
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
682000
|
unkown
|
page readonly
|
||
10D0000
|
heap
|
page read and write
|
||
AF9000
|
stack
|
page read and write
|
||
1060000
|
heap
|
page read and write
|
||
D60000
|
heap
|
page read and write
|
||
2A0E000
|
stack
|
page read and write
|
||
2A4E000
|
stack
|
page read and write
|
||
790000
|
heap
|
page read and write
|
||
4510000
|
trusted library allocation
|
page read and write
|
||
2E6F000
|
stack
|
page read and write
|
||
2F6E000
|
stack
|
page read and write
|
||
780000
|
heap
|
page read and write
|
||
4E4E000
|
stack
|
page read and write
|
||
E6E000
|
stack
|
page read and write
|
||
7E0000
|
heap
|
page read and write
|
||
C25000
|
heap
|
page read and write
|
||
C0E000
|
heap
|
page read and write
|
||
1070000
|
heap
|
page read and write
|
||
680000
|
unkown
|
page readonly
|
||
2B6E000
|
stack
|
page read and write
|
||
C2D000
|
heap
|
page read and write
|
||
C00000
|
heap
|
page read and write
|
||
10D5000
|
heap
|
page read and write
|
||
D3E000
|
stack
|
page read and write
|
||
1090000
|
heap
|
page read and write
|
||
510E000
|
stack
|
page read and write
|
||
4ECC000
|
stack
|
page read and write
|
||
F6E000
|
stack
|
page read and write
|
||
C89000
|
heap
|
page read and write
|
||
2D6B000
|
stack
|
page read and write
|
||
2C6D000
|
stack
|
page read and write
|
||
1094000
|
heap
|
page read and write
|
||
500E000
|
stack
|
page read and write
|
||
729000
|
stack
|
page read and write
|
||
7E6000
|
heap
|
page read and write
|
||
4FCC000
|
stack
|
page read and write
|
||
C8D000
|
heap
|
page read and write
|
||
29BE000
|
stack
|
page read and write
|
||
C0B000
|
heap
|
page read and write
|
||
10D9000
|
heap
|
page read and write
|
||
293B000
|
stack
|
page read and write
|
||
4D4E000
|
stack
|
page read and write
|
||
7DE000
|
stack
|
page read and write
|
||
2A60000
|
heap
|
page read and write
|
||
297E000
|
stack
|
page read and write
|
||
10A0000
|
heap
|
page read and write
|
||
68E000
|
unkown
|
page readonly
|
There are 37 hidden memdumps, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=7F95320763FDCB0F731CE91FB8E178D4110E10A1D56836F442BA34C6F2A631F6.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=7F95320763FDCB0F731CE91FB8E178D4110E10A1D56836F442BA34C6F2A631F6.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=7F95320763FDCB0F731CE91FB8E178D4110E10A1D56836F442BA34C6F2A631F6.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=7F95320763FDCB0F731CE91FB8E178D4110E10A1D56836F442BA34C6F2A631F6.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|