Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
LisectAVT_2403002C_142.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 25 06:47:51 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 25 06:47:51 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 25 06:47:51 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 25 06:47:51 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 25 06:47:51 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 150
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 151
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 152
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 153
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 154
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 155
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 156
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 157
|
ASCII text, with very long lines (65410)
|
dropped
|
||
|
Chrome Cache Entry: 158
|
Web Open Font Format (Version 2), TrueType, length 18768, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 159
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 160
|
ASCII text, with very long lines (65410)
|
downloaded
|
||
|
Chrome Cache Entry: 161
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 162
|
HTML document, ASCII text, with very long lines (639), with CRLF, LF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 163
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 164
|
ASCII text, with very long lines (52717), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 165
|
ASCII text, with very long lines (52717), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 166
|
exported SGML document, ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 167
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 168
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
downloaded
|
||
|
Chrome Cache Entry: 169
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 170
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
dropped
|
||
|
Chrome Cache Entry: 171
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 172
|
PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 173
|
ASCII text, with very long lines (32029), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 174
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 175
|
PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 176
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 177
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 178
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 179
|
exported SGML document, ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 180
|
ASCII text, with very long lines (46884)
|
dropped
|
||
|
Chrome Cache Entry: 181
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 182
|
ASCII text, with very long lines (32029), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 183
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 184
|
PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 185
|
PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 186
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 187
|
ASCII text, with very long lines (46884)
|
downloaded
|
||
|
Chrome Cache Entry: 188
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 189
|
PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
|
dropped
|
There are 37 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\LisectAVT_2403002C_142.exe
|
"C:\Users\user\Desktop\LisectAVT_2403002C_142.exe"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=LisectAVT_2403002C_142.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1904,i,3045040594546194306,8046493471930814901,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=LisectAVT_2403002C_142.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1888,i,6999489819283979014,13540749176578719827,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf
|
unknown
|
||
|
https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md
|
unknown
|
||
|
https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725
|
unknown
|
||
|
https://client-api.arkoselabs.com/v2/api.js
|
unknown
|
||
|
https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev
|
unknown
|
||
|
https://github.com/Thraka
|
unknown
|
||
|
https://github.com/dotnet/docs/issues
|
unknown
|
||
|
http://polymer.github.io/PATENTS.txt
|
unknown
|
||
|
https://aka.ms/LFO_Events?wt.mc_id=esi_lfobannerevents_webpage_wwl
|
unknown
|
||
|
https://aka.ms/certhelp
|
unknown
|
||
|
https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/
|
unknown
|
||
|
https://www.linkedin.com/cws/share?url=$
|
unknown
|
||
|
https://aka.ms/ContentUserFeedback
|
unknown
|
||
|
https://github.com/mairaw
|
unknown
|
||
|
https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
|
13.107.246.42
|
||
|
https://schema.org
|
unknown
|
||
|
http://polymer.github.io/LICENSE.txt
|
unknown
|
||
|
https://github.com/Youssef1313
|
unknown
|
||
|
http://polymer.github.io/AUTHORS.txt
|
unknown
|
||
|
https://aka.ms/yourcaliforniaprivacychoices
|
unknown
|
||
|
https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml
|
unknown
|
||
|
https://github.com/nschonni
|
unknown
|
||
|
https://aka.ms/DP600/Plan/LearnT2?ocid=fabric24-dp600plan_learnpromo_T2_ad
|
unknown
|
||
|
https://management.azure.com/subscriptions?api-version=2016-06-01
|
unknown
|
||
|
https://github.com/adegeo
|
unknown
|
||
|
https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md
|
unknown
|
||
|
https://aka.ms/pshelpmechoose
|
unknown
|
||
|
https://aka.ms/feedback/report?space=61
|
unknown
|
||
|
https://github.com/jonschlinkert/is-plain-object
|
unknown
|
||
|
https://octokit.github.io/rest.js/#throttling
|
unknown
|
||
|
https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2017-0
|
unknown
|
||
|
https://github.com/js-cookie/js-cookie
|
unknown
|
||
|
https://learn-video.azurefd.net/vod/player
|
unknown
|
||
|
https://twitter.com/intent/tweet?original_referer=$
|
unknown
|
||
|
https://github.com/$
|
unknown
|
||
|
https://github.com/gewarren
|
unknown
|
||
|
http://schema.org/Organization
|
unknown
|
||
|
http://polymer.github.io/CONTRIBUTORS.txt
|
unknown
|
||
|
https://channel9.msdn.com/
|
unknown
|
||
|
https://learn-video.azurefd.net/
|
unknown
|
||
|
https://github.com/dotnet/try
|
unknown
|
There are 31 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
js.monitor.azure.com
|
unknown
|
|
|
|
mdec.nelreports.net
|
unknown
|
|
|
|
s-part-0014.t-0009.t-msedge.net
|
13.107.246.42
|
||
|
s-part-0014.t-0009.fb-t-msedge.net
|
13.107.253.42
|
||
|
s-part-0017.t-0009.fb-t-msedge.net
|
13.107.253.45
|
||
|
www.google.com
|
172.217.18.4
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
13.107.246.42
|
s-part-0014.t-0009.t-msedge.net
|
United States
|
||
|
192.168.2.8
|
unknown
|
unknown
|
||
|
172.217.18.4
|
www.google.com
|
United States
|
||
|
13.107.253.45
|
s-part-0017.t-0009.fb-t-msedge.net
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
13.107.253.42
|
s-part-0014.t-0009.fb-t-msedge.net
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
22000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
||
|
55E000
|
stack
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
47FF000
|
stack
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
3F00000
|
trusted library allocation
|
page read and write
|
||
|
2250000
|
heap
|
page read and write
|
||
|
D9000
|
stack
|
page read and write
|
||
|
3ABF000
|
stack
|
page read and write
|
||
|
275F000
|
stack
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
3BB4000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
261B000
|
stack
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
23DE000
|
stack
|
page read and write
|
||
|
4BDF000
|
stack
|
page read and write
|
||
|
493E000
|
stack
|
page read and write
|
||
|
1D9000
|
stack
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
483E000
|
stack
|
page read and write
|
||
|
223E000
|
stack
|
page read and write
|
||
|
229E000
|
stack
|
page read and write
|
||
|
6E5000
|
heap
|
page read and write
|
||
|
4A9C000
|
stack
|
page read and write
|
||
|
4ADE000
|
stack
|
page read and write
|
||
|
251B000
|
stack
|
page read and write
|
||
|
24DC000
|
stack
|
page read and write
|
||
|
6CE000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
499B000
|
stack
|
page read and write
|
||
|
6AF000
|
stack
|
page read and write
|
||
|
3C000
|
unkown
|
page readonly
|
||
|
819000
|
heap
|
page read and write
|
||
|
265E000
|
stack
|
page read and write
|
||
|
3B7E000
|
stack
|
page read and write
|
||
|
6C8000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
91E000
|
stack
|
page read and write
|
||
|
59D000
|
stack
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
239F000
|
stack
|
page read and write
|
||
|
3BB0000
|
heap
|
page read and write
|
||
|
6ED000
|
heap
|
page read and write
|
There are 35 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=LisectAVT_2403002C_142.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
|
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=LisectAVT_2403002C_142.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|
||
|
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=LisectAVT_2403002C_142.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
|