Loading ...

Play interactive tourEdit tour

Analysis Report https://leanproconsulting.com.br/gov/covid19relief/sba.gov/

Overview

General Information

Sample URL:https://leanproconsulting.com.br/gov/covid19relief/sba.gov/
Analysis ID:252254

Most interesting Screenshot:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Found iframes

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 6724 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 6772 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6724 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.leanproconsulting.com.br/HTTP Parser: Iframe src: https://www.facebook.com/v3.1/plugins/page.php?adapt_container_width=true&app_id=235407303331367&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dffe9952cd1c6b1%26domain%3Dwww.leanproconsulting.com.br%26origin%3Dhttps%253A%252F%252Fwww.leanproconsulting.com.br%252Ff659bf5a3407d3%26relation%3Dparent.parent&container_width=376&height=377&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fleanproconsulting%2F&locale=pt_BR&sdk=joey&show_facepile=false&small_header=false&tabs=timeline&width=377
Source: https://www.leanproconsulting.com.br/HTTP Parser: Iframe src: https://www.facebook.com/v3.1/plugins/page.php?adapt_container_width=true&app_id=235407303331367&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dffe9952cd1c6b1%26domain%3Dwww.leanproconsulting.com.br%26origin%3Dhttps%253A%252F%252Fwww.leanproconsulting.com.br%252Ff659bf5a3407d3%26relation%3Dparent.parent&container_width=376&height=377&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fleanproconsulting%2F&locale=pt_BR&sdk=joey&show_facepile=false&small_header=false&tabs=timeline&width=377
Source: https://www.leanproconsulting.com.br/HTTP Parser: No <meta name="author".. found
Source: https://www.leanproconsulting.com.br/HTTP Parser: No <meta name="author".. found
Source: https://www.leanproconsulting.com.br/HTTP Parser: No <meta name="copyright".. found
Source: https://www.leanproconsulting.com.br/HTTP Parser: No <meta name="copyright".. found
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2018/08/favico.png HTTP/1.1User-Agent: AutoItHost: www.leanproconsulting.com.br
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2018/08/Lean-Pro-Consulting_2018v3.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.leanproconsulting.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2018/08/Consultorias_lean.gif HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.leanproconsulting.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2018/08/Auditorias_lean.gif HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.leanproconsulting.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2018/08/Treinamentos_Lean.gif HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.leanproconsulting.com.brConnection: Keep-Alive
Source: scripts[1].js0.2.drString found in binary or memory: src: '//www.youtube.com/embed/%id%?autoplay=1&rel=0' equals www.youtube.com (Youtube)
Source: EDLOBVCU.htm.2.drString found in binary or memory: <ul class="social"><li class="facebook"><a target="_blank" href="https://www.facebook.com/LeanProConsulting/" title="Facebook"><i class="icon-facebook"></i></a></li><li class="linkedin"><a target="_blank" href="https://www.linkedin.com/in/leanpro-consulting-24944888/" title="LinkedIn"><i class="icon-linkedin"></i></a></li><li class="rss"><a target="_blank" href="https://www.leanproconsulting.com.br/feed/" title="RSS"><i class="icon-rss"></i></a></li><li class="custom"><a target="_blank" href="/contato"><i class="icon-email"></i></a></li></ul> equals www.facebook.com (Facebook)
Source: EDLOBVCU.htm.2.drString found in binary or memory: <ul class="social"><li class="facebook"><a target="_blank" href="https://www.facebook.com/LeanProConsulting/" title="Facebook"><i class="icon-facebook"></i></a></li><li class="linkedin"><a target="_blank" href="https://www.linkedin.com/in/leanpro-consulting-24944888/" title="LinkedIn"><i class="icon-linkedin"></i></a></li><li class="rss"><a target="_blank" href="https://www.leanproconsulting.com.br/feed/" title="RSS"><i class="icon-rss"></i></a></li><li class="custom"><a target="_blank" href="/contato"><i class="icon-email"></i></a></li></ul> equals www.linkedin.com (Linkedin)
Source: EDLOBVCU.htm.2.drString found in binary or memory: <ul class="social"><li class="facebook"><a target="_blank" href="https://www.facebook.com/LeanProConsulting/" title="Facebook"><i class="icon-facebook"></i></a></li><li class="linkedin"><a target="_blank" href="https://www.linkedin.com/in/leanpro-consulting-24944888/" title="LinkedIn"><i class="icon-linkedin"></i></a></li><li class="rss"><a target="_blank" href="https://www.leanproconsulting.com.br/feed/" title="RSS"><i class="icon-rss"></i></a></li><li class="custom"><a target="_blank" href="/contato"><i class="icon-email"></i></a></li></ul> equals www.facebook.com (Facebook)
Source: EDLOBVCU.htm.2.drString found in binary or memory: <ul class="social"><li class="facebook"><a target="_blank" href="https://www.facebook.com/LeanProConsulting/" title="Facebook"><i class="icon-facebook"></i></a></li><li class="linkedin"><a target="_blank" href="https://www.linkedin.com/in/leanpro-consulting-24944888/" title="LinkedIn"><i class="icon-linkedin"></i></a></li><li class="rss"><a target="_blank" href="https://www.leanproconsulting.com.br/feed/" title="RSS"><i class="icon-rss"></i></a></li><li class="custom"><a target="_blank" href="/contato"><i class="icon-email"></i></a></li></ul> equals www.linkedin.com (Linkedin)
Source: sdk[1].js0.2.drString found in binary or memory: } }).call(global);})(window.inDapIF ? parent.window : window, window);} catch (e) {new Image().src="https:\/\/www.facebook.com\/" + 'common/scribe_endpoint.php?c=jssdk_error&m='+encodeURIComponent('{"error":"LOAD", "extra": {"name":"'+e.name+'","line":"'+(e.lineNumber||e.line)+'","script":"'+(e.fileName||e.sourceURL||e.script)+'","stack":"'+(e.stackTrace||e.stack)+'","revision":"1002428171","namespace":"FB","message":"'+e.message+'"}}');} equals www.facebook.com (Facebook)
Source: sV7ApBr2PPc[1].js.2.drString found in binary or memory: * License: https://www.facebook.com/legal/license/09P_rcHKL4D/ equals www.facebook.com (Facebook)
Source: sdk[1].js0.2.drString found in binary or memory: * License: https://www.facebook.com/legal/license/MDzNl_j9yvg/ equals www.facebook.com (Facebook)
Source: HbiO86FaUgG[1].js.2.drString found in binary or memory: * License: https://www.facebook.com/legal/license/V9vdYColc4k/ equals www.facebook.com (Facebook)
Source: uBPfXhmsHDC[1].js.2.drString found in binary or memory: * License: https://www.facebook.com/legal/license/WRsJ32R7YJG/ equals www.facebook.com (Facebook)
Source: sV7ApBr2PPc[1].js.2.drString found in binary or memory: * License: https://www.facebook.com/legal/license/ZtTipMAcpq9/ equals www.facebook.com (Facebook)
Source: EDLOBVCU.htm.2.drString found in binary or memory: <blockquote cite="https://www.facebook.com/leanproconsulting/" class="fb-xfbml-parse-ignore"><p><a href="https://www.facebook.com/leanproconsulting/">LeanPro Consulting</a></p></blockquote> equals www.facebook.com (Facebook)
Source: msapplication.xml1.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x63d2c412,0x01d66544</date><accdate>0x63d2c412,0x01d66544</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml1.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x63d2c412,0x01d66544</date><accdate>0x63d2c412,0x01d66544</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml6.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x63d9eb29,0x01d66544</date><accdate>0x63d9eb29,0x01d66544</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml6.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x63d9eb29,0x01d66544</date><accdate>0x63d9eb29,0x01d66544</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml8.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x63dc4d6d,0x01d66544</date><accdate>0x63dc4d6d,0x01d66544</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml8.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x63dc4d6d,0x01d66544</date><accdate>0x63dc4d6d,0x01d66544</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: EDLOBVCU.htm.2.drString found in binary or memory: <div class="fb-page" data-href="https://www.facebook.com/leanproconsulting/" data-tabs="timeline" data-width="377" data-height="377" data-small-header="false" data-adapt-container-width="true" data-hide-cover="false" data-show-facepile="false"> equals www.facebook.com (Facebook)
Source: page[1].htm.2.drString found in binary or memory: <link type="text/css" rel="stylesheet" href="https://www.facebook.com/rsrc.php/v3/y6/l/0,cross/X6m_WCxbJdr.css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="YPXwx" /> equals www.facebook.com (Facebook)
Source: page[1].htm.2.drString found in binary or memory: <script src="https://www.facebook.com/rsrc.php/v3/y2/r/TTDowoplGYB.js?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="+jCbM" nonce="Qx81mCyz"></script> equals www.facebook.com (Facebook)
Source: page[1].htm.2.drString found in binary or memory: <script src="https://www.facebook.com/rsrc.php/v3/y9/r/zT-36sGARbn.js?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="P5yjg" nonce="Qx81mCyz"></script> equals www.facebook.com (Facebook)
Source: page[1].htm.2.drString found in binary or memory: <script src="https://www.facebook.com/rsrc.php/v3/yX/r/AyfP7w_xNNd.js?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="nIIXF" nonce="Qx81mCyz"></script> equals www.facebook.com (Facebook)
Source: page[1].htm.2.drString found in binary or memory: <script src="https://www.facebook.com/rsrc.php/v3/y_/r/HbiO86FaUgG.js?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="L1UW9" nonce="Qx81mCyz"></script> equals www.facebook.com (Facebook)
Source: page[1].htm.2.drString found in binary or memory: <script src="https://www.facebook.com/rsrc.php/v3/ye/r/y4WUvAA0Uto.js?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="ne+Ol" nonce="Qx81mCyz"></script> equals www.facebook.com (Facebook)
Source: page[1].htm.2.drString found in binary or memory: <script src="https://www.facebook.com/rsrc.php/v3/yj/r/sV7ApBr2PPc.js?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="vEK5L" nonce="Qx81mCyz"></script> equals www.facebook.com (Facebook)
Source: page[1].htm.2.drString found in binary or memory: <script src="https://www.facebook.com/rsrc.php/v3/yr/r/H0NUMBsbxbQ.js?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="3hYMG" nonce="Qx81mCyz"></script> equals www.facebook.com (Facebook)
Source: page[1].htm.2.drString found in binary or memory: <script src="https://www.facebook.com/rsrc.php/v3i5VZ4/yd/l/pt_BR/IPMkMody6Xq.js?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="oDyXO" nonce="Qx81mCyz"></script> equals www.facebook.com (Facebook)
Source: page[1].htm.2.drString found in binary or memory: <script src="https://www.facebook.com/rsrc.php/v3iL6L4/yr/l/pt_BR/UOkKXdngOgJ.js?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="oFxaF" nonce="Qx81mCyz"></script> equals www.facebook.com (Facebook)
Source: page[1].htm.2.drString found in binary or memory: <script src="https://www.facebook.com/rsrc.php/v3ig3S4/yy/l/pt_BR/xRsHcwW61dz.js?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="s1TsA" nonce="Qx81mCyz"></script> equals www.facebook.com (Facebook)
Source: sdk[1].js0.2.drString found in binary or memory: __d("FBPixelEndpoint",["invariant","FBEventsParamList","FBEventsUtils"],(function(a,b,c,d,e,f,g){"use strict";var h="https://www.facebook.com/tr/",i=location.href,j=window.top!==window,k=document.referrer;function l(a,c,d,e){e=e||{};var f=new(b("FBEventsParamList"))();f.append("id",a);f.append("ev",c);f.append("dl",i);f.append("rl",k);f.append("if",j);f.append("ts",new Date().valueOf());f.append("cd",d);f.append("sw",window.screen.width);f.append("sh",window.screen.height);for(var g in e)f.append(g,e[g]);return f}function a(a,b,c,d){a=l(a,b,c,d);b=a.toQueryString();2048>(h+"?"+b).length?m(h,b):n(h,a)}function m(a,b){var c=new Image();c.src=a+"?"+b}function n(a,c){var d="fb"+Math.random().toString().replace(".",""),e=document.createElement("form");e.method="post";e.action=a;e.target=d;e.acceptCharset="utf-8";e.style.display="none";a=!!(window.attachEvent&&!window.addEventListener);a=a?'<iframe name="'+d+'">':"iframe";var f=document.createElement(a);f instanceof HTMLIFrameElement||g(0,20659);f.src="javascript:false";f.id=d;f.name=d;e.appendChild(f);b("FBEventsUtils").listenOnce(f,"load",function(){c.each(function(a,b){var c=document.createElement("input");c.name=a;c.value=b;e.appendChild(c)}),b("FBEventsUtils").listenOnce(f,"load",function(){var a;(a=e.parentNode)==null?void 0:a.removeChild(e)}),e.submit()});(a=document.body)==null?void 0:a.appendChild(e)}c={sendEvent:a};e.exports=c}),null); equals www.facebook.com (Facebook)
Source: page[1].htm.2.drString found in binary or memory: gina</a><a role="button" class="_42ft _4jy0 _opc _opd pluginConnectButtonConnected hidden_elem _4jy3 _517h _51sy" title="" href="https://www.facebook.com/LeanProConsulting/" target="_blank"><i class="_3-8_ img sp_5mhmaH8rzNW sx_ccb777"></i>Curtiu</a></div></div></span><a class="_29bd rfloat _4o5q" href="/sharer/sharer.php?app_id=235407303331367&amp;u=https%3A%2F%2Fwww.facebook.com%2FLeanProConsulting%2F&amp;display=popup&amp;ref=plugin&amp;src=page" target="_blank" id="u_0_3"><button value="1" class="_42ft _4jy0 _5gyi _ew1 _4jy3 _517h _51sy" type="submit"><i class="_3-8_ img sp_5mhmaH8rzNW sx_1f8e0b"></i>Compartilhar</button></a></div></div></div><div style="max-height: 246px;" class="_2lqg" id="u_0_4"></div></div></div><div></div></div><script nonce="Qx81mCyz">(function(width, height, id, callback, origin, domain) { if(id){var e=document.getElementById(id);if(width!==-1)e.style.width=width+"px";else{width=e.offsetWidth;if(window.getComputedStyle){var computed=getComputedStyle(e);computed&&(width=Math.ceil(parseFloat(computed.width))||e.offsetWidth)}}height===-1&&(height=e.offsetHeight)}var message="type=resize&cb="+callback+"&width="+width+"&height="+height;; (function(){var a=window.parent;window.opener!=null&&typeof window.opener.postMessage==="function"&&(relation==="opener.parent"?a=window.opener.parent:a=window.opener);var b=!0;function c(a,b){a=window.location.hostname.match(/\.(facebook\.sg|facebookcorewwwi\.onion)$/);a=a?a[1]:"facebook.com";new Image().src="https://www."+a+"/common/scribe_endpoint.php?c=jssdk_error&m="+encodeURIComponent(JSON.stringify(b))}function d(){if(a===window)window.close(),window.open("","_self",""),window.close(),!window.closed&&closeURI&&window.location.replace(closeURI);else try{a.postMessage(message,origin)}catch(a){b?(b=!1,window.setTimeout(d,200)):c("jssdk_error",{error:"POST_MESSAGE",extra:{message:a.message+", html/js/connect/XDDialogResponsePurePostMessage.js:53"}})}}function e(){__fbNative.postMessage(message,origin)}window==top&&/FBAN\/\w+;/i.test(navigator.userAgent)&&!/FBAN\/mLite;/.test(navigator.userAgent)?window.__fbNative&&__fbNative.postMessage?e():window.addEventListener("fbNativeReady",e):d()})();; })(-1, -1, "u_0_0", "ffe9952cd1c6b1", "https:\/\/www.leanproconsulting.com.br", "www.leanproconsulting.com.br");</script></div></div> equals www.facebook.com (Facebook)
Source: {8B2B7FA0-D137-11EA-90E0-ECF4BB862DED}.dat.1.drString found in binary or memory: https://www.facebook.com/v3.1/plugins/page.php?adapt_container_width=true&app_id=235407303331367&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dffe9952cd1c6b1%26domain%3Dwww.leanproconsulting.com.br%26origin%3Dhttps%253A%252F%252Fwww.leanproconsulting.com.br%252Ff659bf5a3407d3%26relation%3Dparent.parent&container_width=376&height=377&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fleanproconsulting%2F&locale=pt_BR&sdk=joey&show_facepile=false&small_header=false&tabs=timeline&width=377 equals www.facebook.com (Facebook)
Source: unknownDNS traffic detected: queries for: leanproconsulting.com.br
Source: accordion.min[1].js.2.drString found in binary or memory: http://api.jqueryui.com/accordion/
Source: core.min[1].js.2.drString found in binary or memory: http://api.jqueryui.com/category/ui-core/
Source: widget.min[1].js.2.drString found in binary or memory: http://api.jqueryui.com/jQuery.widget/
Source: mouse.min[1].js.2.drString found in binary or memory: http://api.jqueryui.com/mouse/
Source: sortable.min[1].js.2.drString found in binary or memory: http://api.jqueryui.com/sortable/
Source: tabs.min[1].js.2.drString found in binary or memory: http://api.jqueryui.com/tabs/
Source: plugins[1].js.2.drString found in binary or memory: http://dimsemenov.com/plugins/magnific-popup/
Source: mfn-icons[1].eot.2.drString found in binary or memory: http://fontello.com
Source: revicons[1].eot.2.dr, mfn-icons[1].eot.2.drString found in binary or memory: http://fontello.comCopyright
Source: plugins[1].js.2.drString found in binary or memory: http://imagesloaded.desandro.com/
Source: plugins[1].js.2.drString found in binary or memory: http://isotope.metafizzy.co
Source: mouse.min[1].js.2.drString found in binary or memory: http://jquery.org/license
Source: mouse.min[1].js.2.drString found in binary or memory: http://jqueryui.com
Source: plugins[1].js.2.drString found in binary or memory: http://kenwheeler.github.io
Source: rbtools.min[1].js.2.drString found in binary or memory: http://labs.rampinteractive.co.uk/touchSwipe/
Source: style[1].css.2.drString found in binary or memory: http://muffingroup.com/
Source: plugins[1].js.2.drString found in binary or memory: http://nicescroll.areaaperta.com
Source: jplayer.min[1].js.2.drString found in binary or memory: http://opensource.org/licenses/MIT
Source: rbtools.min[1].js.2.drString found in binary or memory: http://plugins.jquery.com/project/touchSwipe
Source: plugins[1].js.2.drString found in binary or memory: http://robert-fleischmann.de)
Source: style[1].css.2.drString found in binary or memory: http://themes.muffingroup.com/betheme/
Source: msapplication.xml.1.drString found in binary or memory: http://www.amazon.com/
Source: plugins[1].js.2.drString found in binary or memory: http://www.gianlucaguarini.com/
Source: rbtools.min[1].js.2.drString found in binary or memory: http://www.github.com/mattbryson
Source: msapplication.xml2.1.drString found in binary or memory: http://www.google.com/
Source: jplayer.min[1].js.2.drString found in binary or memory: http://www.jplayer.org
Source: EDLOBVCU.htm.2.drString found in binary or memory: http://www.leanproconsulting.com.br/
Source: EDLOBVCU.htm.2.drString found in binary or memory: http://www.leanproconsulting.com.br/#webpage
Source: EDLOBVCU.htm.2.drString found in binary or memory: http://www.leanproconsulting.com.br/wp-content/uploads/2014/09/home_business_subheader_bg.jpg);backg
Source: EDLOBVCU.htm.2.drString found in binary or memory: http://www.leanproconsulting.com.br/wp-content/uploads/2018/08/Auditorias_lean.gif
Source: EDLOBVCU.htm.2.drString found in binary or memory: http://www.leanproconsulting.com.br/wp-content/uploads/2018/08/Consultorias_lean.gif
Source: EDLOBVCU.htm.2.drString found in binary or memory: http://www.leanproconsulting.com.br/wp-content/uploads/2018/08/Lean-Pro-Consulting_2018v3.png
Source: EDLOBVCU.htm.2.drString found in binary or memory: http://www.leanproconsulting.com.br/wp-content/uploads/2018/08/Treinamentos_Lean.gif
Source: imagestore.dat.1.dr, EDLOBVCU.htm.2.drString found in binary or memory: http://www.leanproconsulting.com.br/wp-content/uploads/2018/08/favico.png
Source: msapplication.xml3.1.drString found in binary or memory: http://www.live.com/
Source: msapplication.xml4.1.drString found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml5.1.drString found in binary or memory: http://www.reddit.com/
Source: rs6[1].css.2.drString found in binary or memory: http://www.themepunch.com
Source: msapplication.xml6.1.drString found in binary or memory: http://www.twitter.com/
Source: msapplication.xml7.1.drString found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml8.1.drString found in binary or memory: http://www.youtube.com/
Source: plugins[1].js.2.drString found in binary or memory: http://zurb.com/playground/twentytwenty
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://api.w.org/
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://connect.facebook.net/pt_BR/sdk.js#xfbml=1&version=v3.1&appId=235407303331367&autoLogAppEvent
Source: scripts[1].js.2.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/CustomEvent/CustomEvent
Source: sV7ApBr2PPc[1].js.2.drString found in binary or memory: https://fburl.com/debugjs.
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://fonts.googleapis.com/css?family=Lato%3A1%2C300%2C400%2C400italic%2C700&#038;ver=5.4.2
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://fonts.googleapis.com/css?family=Raleway:800%2C500%2C400
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto%3A1%2C300%2C400%2C400italic%2C700&#038;ver=5.4.2
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/lato/v16/S6u8w4BMUTPHjxsAXC-s.woff)
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/lato/v16/S6u9w4BMUTPHh6UVSwiPHw.woff)
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/lato/v16/S6u9w4BMUTPHh7USSwiPHw.woff)
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wWA.woff)
Source: css[1].css0.2.drString found in binary or memory: https://fonts.gstatic.com/s/raleway/v17/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVtapbCIPrc.woff)
Source: css[1].css0.2.drString found in binary or memory: https://fonts.gstatic.com/s/raleway/v17/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrc.woff)
Source: css[1].css0.2.drString found in binary or memory: https://fonts.gstatic.com/s/raleway/v17/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrc.woff)
Source: css[2].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOkCnqEu92Fr1Mu51xIIzQ.woff)
Source: css[2].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css[2].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[2].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: plugins[1].js.2.drString found in binary or memory: https://github.com/imakewebthings/waypoints
Source: animations.min[1].js.2.drString found in binary or memory: https://github.com/joemottershaw/
Source: plugins[1].js.2.drString found in binary or memory: https://github.com/louisremi/jquery-smartresize
Source: rbtools.min[1].js.2.drString found in binary or memory: https://github.com/mattbryson/TouchSwipe-Jquery-Plugin
Source: plugins[1].js.2.drString found in binary or memory: https://github.com/mmkjony/enllax.js
Source: plugins[1].js.2.drString found in binary or memory: https://github.com/teamdf/jquery-visible/
Source: rbtools.min[1].js.2.drString found in binary or memory: https://greensock.com
Source: rbtools.min[1].js.2.drString found in binary or memory: https://greensock.com/standard-license
Source: sdk[1].js0.2.drString found in binary or memory: https://itunes.apple.com/us/app/messenger/id454638411
Source: sdk[1].js0.2.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.facebook.orca
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://schema.org
Source: xfzTCEEmmAs[1].js.2.drString found in binary or memory: https://scontent.xx.fbcdn.net/hads-ak-prn2/1487645_6012475414660_1439393861_n.png
Source: rs6[1].css.2.drString found in binary or memory: https://una.im/CSSgram/
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.b2xsolucoes.com.br/?utm_source=Site-cliente&utm_medium=LeanProConsulting
Source: sdk[1].js0.2.dr, sV7ApBr2PPc[1].js.2.drString found in binary or memory: https://www.internalfb.com/intern/invariant/
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/#website
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/?s=
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/auditorias/
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/comments/feed/
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/consultoria/
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/contato/
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/curso-green-belt-six-sigma/
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/empresa/
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/equipe/
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/feed/
Source: {8B2B7FA0-D137-11EA-90E0-ECF4BB862DED}.dat.1.drString found in binary or memory: https://www.leanproconsulting.com.br/gov/covid19relief/sba.gov/
Source: {8B2B7FA0-D137-11EA-90E0-ECF4BB862DED}.dat.1.drString found in binary or memory: https://www.leanproconsulting.com.br/gov/covid19relief/sba.gov/Root
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/home/feed/
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/inscricoes/
Source: {8B2B7FA0-D137-11EA-90E0-ECF4BB862DED}.dat.1.drString found in binary or memory: https://www.leanproconsulting.com.br/nHome
Source: ~DFE19AA4603FBF2CB6.TMP.1.drString found in binary or memory: https://www.leanproconsulting.com.br/ov/covid19relief/sba.gov/
Source: ~DFE19AA4603FBF2CB6.TMP.1.drString found in binary or memory: https://www.leanproconsulting.com.br/ov/covid19relief/sba.gov/l
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/treinamentos/
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/plugins/revslider/public/assets/fonts/pe-icon-7-stro
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ve
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/themes/betheme/assets/animations/animations.min.css?
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/themes/betheme/assets/animations/animations.min.js?v
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/themes/betheme/assets/jplayer/css/jplayer.blue.monda
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/themes/betheme/assets/jplayer/jplayer.min.js?ver=20.
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/themes/betheme/assets/ui/jquery.ui.all.css?ver=20.9.
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/themes/betheme/css/base.css?ver=20.9.5.8
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/themes/betheme/css/layout.css?ver=20.9.5.8
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/themes/betheme/css/responsive.css?ver=20.9.5.8
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/themes/betheme/css/shortcodes.css?ver=20.9.5.8
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/themes/betheme/js/menu.js?ver=20.9.5.8
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/themes/betheme/js/parallax/translate3d.js?ver=20.9.5
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/themes/betheme/js/plugins.js?ver=20.9.5.8
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/themes/betheme/js/scripts.js?ver=20.9.5.8
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-content/themes/betheme/style.css?ver=20.9.5.8
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-includes/css/dist/block-library/style.min.css?ver=5.4.2
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-includes/js/comment-reply.min.js?ver=5.4.2
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-includes/js/jquery/ui/accordion.min.js?ver=1.11.4
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-includes/js/jquery/ui/mouse.min.js?ver=1.11.4
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-includes/js/jquery/ui/sortable.min.js?ver=1.11.4
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-includes/js/jquery/ui/tabs.min.js?ver=1.11.4
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-includes/js/wp-embed.min.js?ver=5.4.2
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-includes/wlwmanifest.xml
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-json/
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.leanproconsultin
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://www.leanproconsulting.com.br/xmlrpc.php?rsd
Source: {8B2B7FA0-D137-11EA-90E0-ECF4BB862DED}.dat.1.drString found in binary or memory: https://www.leanpsulting.com.br/ov/covid19relief/sba.gov/Root
Source: rs6.min[1].js.2.drString found in binary or memory: https://www.themepunch.com/links/slider_revolution_wordpress_regular_license
Source: rs6.min[1].js.2.drString found in binary or memory: https://www.themepunch.com/support-center
Source: EDLOBVCU.htm.2.drString found in binary or memory: https://yoast.com/wordpress/plugins/seo/
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: classification engineClassification label: clean0.win@3/122@10/5
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\LowJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6724 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6724 CREDAT:17410 /prefetch:2Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Drive-by Compromise1Graphical User Interface1Winlogon Helper DLLProcess Injection1Masquerading1Credential DumpingFile and Directory Discovery1Application Deployment SoftwareData from Local SystemData CompressedStandard Cryptographic Protocol2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesProcess Injection1Network SniffingApplication Window DiscoveryRemote ServicesData from Removable MediaExfiltration Over Other Network MediumNon-Application Layer Protocol2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
External Remote ServicesWindows Management InstrumentationAccessibility FeaturesPath InterceptionRootkitInput CaptureQuery RegistryWindows Remote ManagementData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Drive-by CompromiseScheduled TaskSystem FirmwareDLL Search Order HijackingObfuscated Files or InformationCredentials in FilesSystem Network Configuration DiscoveryLogon ScriptsInput CaptureData EncryptedIngress Tool Transfer1SIM Card SwapPremium SMS Toll Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.