Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Desktop\cmdline.out
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\Desktop\download\index.html@690si1i5lvsbaxkx8x7o&af=105612
|
HTML document, Unicode text, UTF-8 text
|
dropped
|
||
|
Chrome Cache Entry: 58
|
ASCII text, with very long lines (755)
|
dropped
|
||
|
Chrome Cache Entry: 59
|
ASCII text, with very long lines (24940)
|
downloaded
|
||
|
Chrome Cache Entry: 60
|
PNG image data, 375 x 109, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 61
|
ASCII text, with very long lines (755)
|
downloaded
|
||
|
Chrome Cache Entry: 62
|
PNG image data, 200 x 58, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 63
|
PNG image data, 25 x 25, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 64
|
ASCII text, with very long lines (10194), with no line terminators
|
downloaded
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition
--user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://1fichier.com/?690si1i5lvsbaxkx8x7o&af=105612"
> cmdline.out 2>&1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\wget.exe
|
wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0
(Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://1fichier.com/?690si1i5lvsbaxkx8x7o&af=105612"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\download\index.html@690si1i5lvsbaxkx8x7o&af=105612.html
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2020,i,7518735245940088784,2414757051384116955,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://1fichier.com/?690si1i5lvsbaxkx8x7o&af=105612
|
|||
|
https://img.1fichier.com/favicon.png
|
unknown
|
||
|
https://1fichier.com/cgu.html
|
unknown
|
||
|
https://1fichier.com/?690si1i5lvsbaxkx8x7o&af=105612
|
5.39.224.140
|
||
|
https://img.1fichier.com/logo.png
|
5.39.224.141
|
||
|
https://1fichier.com
|
unknown
|
||
|
https://1fichier.com/login.pl
|
unknown
|
||
|
https://img.1fichier.com/logo-footer.png
|
5.39.224.141
|
||
|
http://jqueryui.com
|
unknown
|
||
|
https://img.1fichier.com/js/jquery.js
|
5.39.224.141
|
||
|
https://1fichier.com/abus.html
|
unknown
|
||
|
https://1fichier.com/api.html
|
unknown
|
||
|
https://img.1fichier.com/css/jquery.ui.css
|
5.39.224.141
|
||
|
https://1fichier.com/?690si1i5lvsbaxkx8x7o&af=105612VE
|
unknown
|
||
|
https://dstorage.fr
|
unknown
|
||
|
https://1fichier.com/hlp.html
|
unknown
|
||
|
https://1fichier.com/network.html
|
unknown
|
||
|
https://twitter.com/1fichiercom
|
unknown
|
||
|
https://img.1fichier.com/twitter.png
|
5.39.224.141
|
||
|
https://1fichier.com/tarifs.html
|
unknown
|
||
|
https://1fichier.com/revendeurs.html
|
unknown
|
||
|
https://img.1fichier.com/flags/en.png
|
unknown
|
||
|
https://1fichier.com/contact.html
|
unknown
|
||
|
https://img.1fichier.com/css/style.css
|
5.39.224.141
|
||
|
https://img.1fichier.com/flags/fr.png
|
unknown
|
||
|
https://1fichier.com/register.pl
|
unknown
|
||
|
https://img.1fichier.com/favicon.ico
|
unknown
|
||
|
https://img.1fichier.com/facebook.png
|
5.39.224.141
|
There are 17 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
1fichier.com
|
5.39.224.140
|
||
|
img.1fichier.com
|
5.39.224.141
|
||
|
www.google.com
|
142.250.181.228
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.181.228
|
www.google.com
|
United States
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
5.39.224.141
|
img.1fichier.com
|
France
|
||
|
5.39.224.140
|
1fichier.com
|
France
|
||
|
192.168.2.4
|
unknown
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2DEF000
|
stack
|
page read and write
|
||
|
2BEE000
|
stack
|
page read and write
|
||
|
9CD000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
FBF000
|
stack
|
page read and write
|
||
|
A72000
|
heap
|
page read and write
|
||
|
2ABD000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
1155000
|
heap
|
page read and write
|
||
|
2AE6000
|
heap
|
page read and write
|
||
|
B7E000
|
stack
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
115C000
|
heap
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
DBF000
|
stack
|
page read and write
|
||
|
2ABA000
|
heap
|
page read and write
|
||
|
A48000
|
heap
|
page read and write
|
||
|
2AEA000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
115B000
|
heap
|
page read and write
|
||
|
2AEE000
|
heap
|
page read and write
|
||
|
2AF2000
|
heap
|
page read and write
|
||
|
BB6000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
There are 18 hidden memdumps, click here to show them.