Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Play_VM-Now(bfrieden)VWAV.xhtml
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
initial sample
|
 |
|
|
Chrome Cache Entry: 43
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
|
dropped
|
||
|
Chrome Cache Entry: 44
|
PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 45
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
dropped
|
||
|
Chrome Cache Entry: 46
|
Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 47
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 48
|
PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 49
|
PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 50
|
PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 51
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 52
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 53
|
ASCII text, with very long lines (32065)
|
downloaded
|
||
|
Chrome Cache Entry: 54
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
downloaded
|
||
|
Chrome Cache Entry: 55
|
ASCII text, with very long lines (32030)
|
downloaded
|
||
|
Chrome Cache Entry: 56
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
|
downloaded
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2004,i,8860473447837031108,2127390397510089652,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
--variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2124 /prefetch:11
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Play_VM-Now(bfrieden)VWAV.xhtml"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://avcbtech.site/muk/xwps.php
|
104.168.138.190
|
|
|
|
file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml
|
|
||
|
https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
unknown
|
||
|
https://i.imgur.com/0HdPsKK.png
|
199.232.196.193
|
||
|
https://getbootstrap.com)
|
unknown
|
||
|
https://office.avcbtech.store/muk/xls/m1u2k.js?uid=bfrieden@cosb.org
|
139.28.36.38
|
||
|
https://sender.linxcoded.top/start/xls/includes/css6.css
|
185.174.100.20
|
||
|
https://i.imgur.com/KAb5SEy.png
|
199.232.196.193
|
||
|
https://code.jquery.com/jquery-3.1.1.min.js
|
151.101.194.137
|
||
|
https://api.ipify.org/?format=json
|
104.26.13.205
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
office.avcbtech.store
|
139.28.36.38
|
||
|
code.jquery.com
|
151.101.194.137
|
||
|
avcbtech.site
|
104.168.138.190
|
||
|
server1.linxcoded.top
|
185.174.100.76
|
||
|
www.google.com
|
142.250.186.132
|
||
|
api.ipify.org
|
104.26.13.205
|
||
|
s-part-0039.t-0009.t-msedge.net
|
13.107.246.67
|
||
|
sender.linxcoded.top
|
185.174.100.20
|
||
|
ipv4.imgur.map.fastly.net
|
199.232.196.193
|
||
|
i.imgur.com
|
unknown
|
||
|
_8254._https.server1.linxcoded.top
|
unknown
|
There are 1 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.24
|
unknown
|
unknown
|
|
|
|
142.250.184.196
|
unknown
|
United States
|
||
|
104.26.12.205
|
unknown
|
United States
|
||
|
185.174.100.20
|
sender.linxcoded.top
|
Ukraine
|
||
|
199.232.192.193
|
unknown
|
United States
|
||
|
139.28.36.38
|
office.avcbtech.store
|
Ukraine
|
||
|
199.232.196.193
|
ipv4.imgur.map.fastly.net
|
United States
|
||
|
185.174.100.76
|
server1.linxcoded.top
|
Ukraine
|
||
|
104.168.138.190
|
avcbtech.site
|
United States
|
||
|
142.250.186.132
|
www.google.com
|
United States
|
||
|
151.101.194.137
|
code.jquery.com
|
United States
|
||
|
104.26.13.205
|
api.ipify.org
|
United States
|
There are 2 hidden IPs, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml
|
|
|
|
file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml
|
|
|
|
file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml
|
|
|
|
file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml
|
||
|
file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml
|
||
|
file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml
|
||
|
file:///C:/Users/user/Desktop/Play_VM-Now(bfrieden)VWAV.xhtml
|