Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Local\Temp\nwe5galq.xcu\Webmail-iinet\index.html
|
HTML document, Unicode text, UTF-8 text, with very long lines (3461)
|
dropped
|
 |
|
|
C:\Users\user\Desktop\extract\Webmail-iinet\index.html
|
HTML document, Unicode text, UTF-8 text, with very long lines (3461)
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nwe5galq.xcu\Webmail-iinet\css\app-059cd76ea4a5433e14ff6151a432ee48.css
|
ASCII text, with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nwe5galq.xcu\Webmail-iinet\css\cb3cc3fa3480964080588c52478ae092-login.png
|
PNG image data, 763 x 207, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nwe5galq.xcu\Webmail-iinet\email.php
|
PHP script, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nwe5galq.xcu\Webmail-iinet\images\iinet-logo.jpg
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 405x239,
components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nwe5galq.xcu\Webmail-iinet\images\tmc-login.png
|
PNG image data, 381 x 103, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nwe5galq.xcu\Webmail-iinet\next.php
|
PHP script, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\cmdline.out
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\Desktop\download\Webmail-iinet.zip
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
||
|
C:\Users\user\Desktop\extract\Webmail-iinet\css\app-059cd76ea4a5433e14ff6151a432ee48.css
|
ASCII text, with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\extract\Webmail-iinet\css\cb3cc3fa3480964080588c52478ae092-login.png
|
PNG image data, 763 x 207, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\Desktop\extract\Webmail-iinet\email.php
|
PHP script, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\extract\Webmail-iinet\images\iinet-logo.jpg
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 405x239,
components 3
|
dropped
|
||
|
C:\Users\user\Desktop\extract\Webmail-iinet\images\tmc-login.png
|
PNG image data, 381 x 103, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\Desktop\extract\Webmail-iinet\next.php
|
PHP script, ASCII text
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
There are 9 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition
--user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://maninhocontabilidade.com.br/pop/Webmail-iinet.zip"
> cmdline.out 2>&1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\wget.exe
|
wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0
(Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://maninhocontabilidade.com.br/pop/Webmail-iinet.zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
7za x -y -pinfected -o"C:\Users\user\Desktop\extract" "C:\Users\user\Desktop\download\Webmail-iinet.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\download\Webmail-iinet.zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\nwe5galq.xcu" "C:\Users\user\Desktop\download\Webmail-iinet.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://maninhocontabilidade.com.br/pop/Webmail-iinet.zip
|
|
||
|
https://www.google.com
|
unknown
|
||
|
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
|
unknown
|
||
|
https://code.jquery.com/jquery-3.2.1.slim.min.js
|
unknown
|
||
|
https://stackoverflow.com/a/19758620
|
unknown
|
||
|
http://www.geoiptool.com/?IP=$ip
|
unknown
|
||
|
http://ns.attribution.com/ads/1.0/
|
unknown
|
||
|
https://static.atmail.com/TMC/whitebg.png")
|
unknown
|
||
|
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
|
unknown
|
||
|
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
|
unknown
|
||
|
http://codepen.io/mrrocks/pen/EiplA
|
unknown
|
||
|
https://stackoverflow.com/a/9422689
|
unknown
|
||
|
https://www.google.com/
|
unknown
|
||
|
https://maninhocontabilidade.com.br/pop/Webmail-iinet.zip
|
191.37.38.39
|
||
|
https://maninhocontabilidade.com.br/pop/Webmail-iinet.zipL=6PR
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
maninhocontabilidade.com.br
|
191.37.38.39
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
191.37.38.39
|
maninhocontabilidade.com.br
|
Brazil
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
9B000
|
stack
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
2B3E000
|
stack
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
123C000
|
stack
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
1C6000
|
heap
|
page read and write
|
||
|
548E000
|
stack
|
page read and write
|
||
|
2A9A000
|
heap
|
page read and write
|
||
|
9D6000
|
stack
|
page read and write
|
||
|
2ACE000
|
heap
|
page read and write
|
||
|
1057000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
2DCF000
|
stack
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
14E000
|
stack
|
page read and write
|
||
|
CD5000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
31B0000
|
trusted library allocation
|
page read and write
|
||
|
2EBA000
|
trusted library allocation
|
page read and write
|
||
|
2EF5000
|
trusted library allocation
|
page read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
trusted library allocation
|
page read and write
|
||
|
D52000
|
trusted library allocation
|
page execute and read and write
|
||
|
A00000
|
trusted library allocation
|
page read and write
|
||
|
2710000
|
trusted library allocation
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
2AC6000
|
heap
|
page read and write
|
||
|
D7A000
|
heap
|
page read and write
|
||
|
111E000
|
stack
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
9E8000
|
heap
|
page read and write
|
||
|
1BE000
|
stack
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
13BE000
|
stack
|
page read and write
|
||
|
2ACE000
|
heap
|
page read and write
|
||
|
2ECA000
|
trusted library allocation
|
page read and write
|
||
|
A48000
|
heap
|
page read and write
|
||
|
544E000
|
stack
|
page read and write
|
||
|
D4A000
|
trusted library allocation
|
page execute and read and write
|
||
|
501E000
|
stack
|
page read and write
|
||
|
520E000
|
stack
|
page read and write
|
||
|
2AD2000
|
heap
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
C9E000
|
stack
|
page read and write
|
||
|
8DC000
|
stack
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
105B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
2AD7000
|
heap
|
page read and write
|
||
|
D0F000
|
stack
|
page read and write
|
||
|
D5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2605000
|
heap
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
2ACA000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
1400000
|
trusted library allocation
|
page execute and read and write
|
||
|
2600000
|
heap
|
page read and write
|
||
|
75D000
|
stack
|
page read and write
|
||
|
17D000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
2EB0000
|
trusted library allocation
|
page read and write
|
||
|
D42000
|
trusted library allocation
|
page execute and read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
2EBC000
|
trusted library allocation
|
page read and write
|
||
|
1430000
|
trusted library allocation
|
page read and write
|
||
|
1450000
|
trusted library allocation
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
17DF000
|
stack
|
page read and write
|
||
|
2AD7000
|
heap
|
page read and write
|
||
|
103E000
|
stack
|
page read and write
|
||
|
13F0000
|
trusted library allocation
|
page read and write
|
||
|
2AC6000
|
heap
|
page read and write
|
||
|
E0F000
|
stack
|
page read and write
|
||
|
56C000
|
stack
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
D7E000
|
heap
|
page read and write
|
||
|
558E000
|
stack
|
page read and write
|
||
|
2BCE000
|
stack
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
1050000
|
trusted library allocation
|
page read and write
|
||
|
D1E000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
9D9000
|
stack
|
page read and write
|
||
|
2A9D000
|
heap
|
page read and write
|
||
|
2610000
|
heap
|
page read and write
|
||
|
2AD7000
|
heap
|
page read and write
|
||
|
2AD7000
|
heap
|
page read and write
|
||
|
17B000
|
heap
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
1518000
|
heap
|
page read and write
|
||
|
DAF000
|
stack
|
page read and write
|
||
|
140E000
|
stack
|
page read and write
|
||
|
18DF000
|
stack
|
page read and write
|
||
|
175000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
104A000
|
trusted library allocation
|
page execute and read and write
|
||
|
DAE000
|
heap
|
page read and write
|
||
|
1420000
|
heap
|
page execute and read and write
|
||
|
51CD000
|
stack
|
page read and write
|
||
|
530D000
|
stack
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
2ACA000
|
heap
|
page read and write
|
||
|
2AD7000
|
heap
|
page read and write
|
||
|
133D000
|
stack
|
page read and write
|
||
|
534E000
|
stack
|
page read and write
|
||
|
109E000
|
stack
|
page read and write
|
||
|
D5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
122E000
|
stack
|
page read and write
|
||
|
9CC000
|
stack
|
page read and write
|
||
|
2AD5000
|
heap
|
page read and write
|
||
|
17E000
|
heap
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
2EE7000
|
trusted library allocation
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
274F000
|
stack
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
50CE000
|
stack
|
page read and write
|
||
|
2EDF000
|
trusted library allocation
|
page read and write
|
||
|
2EEA000
|
trusted library allocation
|
page read and write
|
||
|
1042000
|
trusted library allocation
|
page execute and read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
2ED5000
|
trusted library allocation
|
page read and write
|
||
|
2EF0000
|
trusted library allocation
|
page read and write
|
||
|
2E81000
|
trusted library allocation
|
page read and write
|
||
|
3E81000
|
trusted library allocation
|
page read and write
|
||
|
D96000
|
heap
|
page read and write
|
||
|
2EE2000
|
trusted library allocation
|
page read and write
|
||
|
17C000
|
heap
|
page read and write
|
||
|
31A5000
|
heap
|
page read and write
|
||
|
7F270000
|
trusted library allocation
|
page execute and read and write
|
There are 128 hidden memdumps, click here to show them.