Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Users\user\Desktop\cmdline.out
|
ASCII text, with CRLF line terminators
|
modified
|
||
C:\Users\user\Desktop\download\index.html@690si1i5lvsbaxkx8x7o&af=105612
|
HTML document, Unicode text, UTF-8 text
|
dropped
|
||
Chrome Cache Entry: 58
|
ASCII text, with very long lines (755)
|
dropped
|
||
Chrome Cache Entry: 59
|
ASCII text, with very long lines (24940)
|
downloaded
|
||
Chrome Cache Entry: 60
|
PNG image data, 375 x 109, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 61
|
ASCII text, with very long lines (755)
|
downloaded
|
||
Chrome Cache Entry: 62
|
PNG image data, 200 x 58, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 63
|
PNG image data, 25 x 25, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 64
|
ASCII text, with very long lines (10194), with no line terminators
|
downloaded
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition
--user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://1fichier.com/?690si1i5lvsbaxkx8x7o&af=105612"
> cmdline.out 2>&1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\wget.exe
|
wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0
(Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://1fichier.com/?690si1i5lvsbaxkx8x7o&af=105612"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\download\index.html@690si1i5lvsbaxkx8x7o&af=105612.html
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2020,i,7518735245940088784,2414757051384116955,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://1fichier.com/?690si1i5lvsbaxkx8x7o&af=105612
|
|||
https://img.1fichier.com/favicon.png
|
unknown
|
||
https://1fichier.com/cgu.html
|
unknown
|
||
https://1fichier.com/?690si1i5lvsbaxkx8x7o&af=105612
|
5.39.224.140
|
||
https://img.1fichier.com/logo.png
|
5.39.224.141
|
||
https://1fichier.com
|
unknown
|
||
https://1fichier.com/login.pl
|
unknown
|
||
https://img.1fichier.com/logo-footer.png
|
5.39.224.141
|
||
http://jqueryui.com
|
unknown
|
||
https://img.1fichier.com/js/jquery.js
|
5.39.224.141
|
||
https://1fichier.com/abus.html
|
unknown
|
||
https://1fichier.com/api.html
|
unknown
|
||
https://img.1fichier.com/css/jquery.ui.css
|
5.39.224.141
|
||
https://1fichier.com/?690si1i5lvsbaxkx8x7o&af=105612VE
|
unknown
|
||
https://dstorage.fr
|
unknown
|
||
https://1fichier.com/hlp.html
|
unknown
|
||
https://1fichier.com/network.html
|
unknown
|
||
https://twitter.com/1fichiercom
|
unknown
|
||
https://img.1fichier.com/twitter.png
|
5.39.224.141
|
||
https://1fichier.com/tarifs.html
|
unknown
|
||
https://1fichier.com/revendeurs.html
|
unknown
|
||
https://img.1fichier.com/flags/en.png
|
unknown
|
||
https://1fichier.com/contact.html
|
unknown
|
||
https://img.1fichier.com/css/style.css
|
5.39.224.141
|
||
https://img.1fichier.com/flags/fr.png
|
unknown
|
||
https://1fichier.com/register.pl
|
unknown
|
||
https://img.1fichier.com/favicon.ico
|
unknown
|
||
https://img.1fichier.com/facebook.png
|
5.39.224.141
|
There are 17 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
1fichier.com
|
5.39.224.140
|
||
img.1fichier.com
|
5.39.224.141
|
||
www.google.com
|
142.250.181.228
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
239.255.255.250
|
unknown
|
Reserved
|
||
142.250.181.228
|
www.google.com
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
5.39.224.141
|
img.1fichier.com
|
France
|
||
5.39.224.140
|
1fichier.com
|
France
|
||
192.168.2.4
|
unknown
|
unknown
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
2DEF000
|
stack
|
page read and write
|
||
2BEE000
|
stack
|
page read and write
|
||
9CD000
|
stack
|
page read and write
|
||
9C000
|
stack
|
page read and write
|
||
A10000
|
heap
|
page read and write
|
||
1150000
|
heap
|
page read and write
|
||
FBF000
|
stack
|
page read and write
|
||
A72000
|
heap
|
page read and write
|
||
2ABD000
|
heap
|
page read and write
|
||
A20000
|
heap
|
page read and write
|
||
1155000
|
heap
|
page read and write
|
||
2AE6000
|
heap
|
page read and write
|
||
B7E000
|
stack
|
page read and write
|
||
2AB0000
|
heap
|
page read and write
|
||
1E0000
|
heap
|
page read and write
|
||
115C000
|
heap
|
page read and write
|
||
BB0000
|
heap
|
page read and write
|
||
A0E000
|
stack
|
page read and write
|
||
DBF000
|
stack
|
page read and write
|
||
2ABA000
|
heap
|
page read and write
|
||
A48000
|
heap
|
page read and write
|
||
2AEA000
|
heap
|
page read and write
|
||
A40000
|
heap
|
page read and write
|
||
115B000
|
heap
|
page read and write
|
||
2AEE000
|
heap
|
page read and write
|
||
2AF2000
|
heap
|
page read and write
|
||
BB6000
|
heap
|
page read and write
|
||
100000
|
heap
|
page read and write
|
There are 18 hidden memdumps, click here to show them.