Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
http://www.192192p.peynircimumit.com.tr/?#aHR0cHM6Ly9zcGVjaWFsc3RlZWwuaXQvemlwL09mZmljZVY0L3RyYWRlc3VwcG9ydEBzay5jb20=
|
URL
|
initial url
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\authorize_client_id_xp4r0ga1-nqkd-504r-ilo1-gxvd8ys2h49z_u5gxwdl8h9p0c2arbt3fqsz64yjv1enimok7st1eq8z0j9fa7ynuo234pbx6ikwml5ghdrvcn07i4sewzyh2ru1gqdpcbo98j6tmk3fvax5l[1].htm
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D5DAD793-996B-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D5DAD795-996B-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D5DAD796-996B-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ellipsis_grey[1].svg
|
SVG Scalable Vector Graphics image
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ellipsis_white[1].svg
|
SVG Scalable Vector Graphics image
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\enterpass[1].png
|
PNG image data, 170 x 29, 8-bit/color RGB, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\arrow_left[1].svg
|
SVG Scalable Vector Graphics image
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\passwrd[1].png
|
PNG image data, 69 x 34, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\sigin[1].png
|
PNG image data, 108 x 32, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\style[1].css
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\firstmsg1[1].png
|
PNG image data, 353 x 41, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\microsoft_logo[1].svg
|
SVG Scalable Vector Graphics image
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ZU5XMULY.htm
|
HTML document, ASCII text, with very long lines, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicon[1].ico
|
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\forgpass[1].png
|
PNG image data, 121 x 20, 8-bit/color RGB, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\inv-big-background[1].png
|
PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF3562BF1B2BF6EB4B.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFE6774F0342D20FA7.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFF8C88BEE6B8462DB.TMP
|
data
|
dropped
|
|
There are 12 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1000 CREDAT:17410 /prefetch:2
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://specialsteel.inircimumit.com.tr/?#aHR0cHM6Ly9zcGVjaWFsc3RlZWwuaXQvemlwL09mZmljZVY0L3RyYWRlc3
|
unknown
|
|
|
|
https://specialsteel.it/zip/OfficeV4/images/favicon.ico~
|
unknown
|
|
|
|
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/microsoft_logo.png?x=ed9
|
unknown
|
|
|
|
http://www.192192p.peynircimumit.com.tr/?#aHR0cHM6Ly9zcGVjaWFsc3RlZWwuaXQvemlwL09mZmljZVY0L3RyYWRlc3
|
unknown
|
|
|
|
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/microsoft_logo.svg?x=ee5
|
unknown
|
|
|
|
http://www.192192p.peynircimumit.com.tr/?
|
95.130.175.151
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
specialsteel.it
|
185.2.4.79
|
|
|
|
www.192192p.peynircimumit.com.tr
|
95.130.175.151
|
|
|
|
secure.aadcdn.microsoftonline-p.com
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
95.130.175.151
|
www.192192p.peynircimumit.com.tr
|
Turkey
|
|
|
|
185.2.4.79
|
specialsteel.it
|
Italy
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{D5DAD793-996B-11EB-90E4-ECF4BB862DED}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
AdminActive
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-912
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-904
|
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF50A1D9000
|
unkown
|
page readonly
|
|
|
|
7FF59EA16000
|
unkown
|
page readonly
|
|
|
|
82F11FF000
|
unkown
|
page read and write
|
|
|
|
14500000000
|
unkown
|
page readonly
|
|
|
|
7FF59E8F8000
|
unkown
|
page readonly
|
|
|
|
21C20E3C000
|
unkown
|
page read and write
|
|
|
|
7FF59E97C000
|
unkown
|
page readonly
|
|
|
|
7FF50A524000
|
unkown
|
page readonly
|
|
|
|
1457F860000
|
heap private
|
page read and write
|
|
|
|
7FF59EA8C000
|
unkown
|
page readonly
|
|
|
|
21C20E4C000
|
unkown
|
page read and write
|
|
|
|
7FF50A4C5000
|
unkown
|
page readonly
|
|
|
|
21C20D00000
|
unkown
|
page readonly
|
|
|
|
21C20E89000
|
unkown
|
page read and write
|
|
|
|
145017B0000
|
heap private
|
page read and write
|
|
|
|
14501600000
|
heap private
|
page read and write
|
|
|
|
82F0DF5000
|
unkown
|
page read and write
|
|
|
|
1457F850000
|
unkown
|
page readonly
|
|
|
|
7FF50A57E000
|
unkown
|
page readonly
|
|
|
|
7FF50A589000
|
unkown
|
page readonly
|
|
|
|
7FF59EA2A000
|
unkown
|
page readonly
|
|
|
|
7FF59E88F000
|
unkown
|
page readonly
|
|
|
|
1457F91B000
|
heap default
|
page read and write
|
|
|
|
21C20E13000
|
unkown
|
page read and write
|
|
|
|
21C20DE0000
|
unkown
|
page readonly
|
|
|
|
7FF50A1D7000
|
unkown
|
page readonly
|
|
|
|
7FF50A480000
|
unkown
|
page readonly
|
|
|
|
7FF59E610000
|
unkown
|
page readonly
|
|
|
|
7FF50A498000
|
unkown
|
page readonly
|
|
|
|
1457F910000
|
heap default
|
page read and write
|
|
|
|
1457F953000
|
unkown
|
page read and write
|
|
|
|
7FF50A589000
|
unkown
|
page readonly
|
|
|
|
145018AF000
|
heap private
|
page read and write
|
|
|
|
ED197C000
|
unkown
|
page read and write
|
|
|
|
21C20F00000
|
unkown
|
page read and write
|
|
|
|
7FF50A4F6000
|
unkown
|
page readonly
|
|
|
|
7FF50A482000
|
unkown
|
page readonly
|
|
|
|
7FF59EA00000
|
unkown
|
page readonly
|
|
|
|
1457FE90000
|
heap private
|
page read and write
|
|
|
|
21C20C30000
|
unkown
|
page readonly
|
|
|
|
21C21940000
|
unkown
|
page readonly
|
|
|
|
21C20E02000
|
unkown
|
page read and write
|
|
|
|
7FF59E5FA000
|
unkown
|
page readonly
|
|
|
|
7FF59EAFE000
|
unkown
|
page readonly
|
|
|
|
7FF59EA95000
|
unkown
|
page readonly
|
|
|
|
ED19FE000
|
unkown
|
page read and write
|
|
|
|
7FF50A42E000
|
unkown
|
page readonly
|
|
|
|
21C20E21000
|
unkown
|
page read and write
|
|
|
|
7FF59EA86000
|
unkown
|
page readonly
|
|
|
|
82F10FF000
|
unkown
|
page read and write
|
|
|
|
7FF50A4F1000
|
unkown
|
page readonly
|
|
|
|
7FF59EA6D000
|
unkown
|
page readonly
|
|
|
|
7FF509D12000
|
unkown
|
page readonly
|
|
|
|
1457F890000
|
unkown
|
page read and write
|
|
|
|
7FF59EA3E000
|
unkown
|
page readonly
|
|
|
|
7FF50A4BE000
|
unkown
|
page readonly
|
|
|
|
7FF50A20C000
|
unkown
|
page readonly
|
|
|
|
1457F938000
|
heap default
|
page read and write
|
|
|
|
7FF50A4D9000
|
unkown
|
page readonly
|
|
|
|
145014F0000
|
heap private
|
page read and write
|
|
|
|
7FF59EA59000
|
unkown
|
page readonly
|
|
|
|
7FF50A506000
|
unkown
|
page readonly
|
|
|
|
7FF59EAA4000
|
unkown
|
page readonly
|
|
|
|
7FF59E941000
|
unkown
|
page readonly
|
|
|
|
7FF59E8DA000
|
unkown
|
page readonly
|
|
|
|
1457F720000
|
unkown
|
page readonly
|
|
|
|
7FF59EA4F000
|
unkown
|
page readonly
|
|
|
|
21C21000000
|
unkown
|
page readonly
|
|
|
|
1457F94E000
|
heap default
|
page read and write
|
|
|
|
ED17FD000
|
unkown
|
page read and write
|
|
|
|
1457F865000
|
heap private
|
page read and write
|
|
|
|
7FF59E82A000
|
unkown
|
page readonly
|
|
|
|
7FF59E742000
|
unkown
|
page readonly
|
|
|
|
7FF50A4AA000
|
unkown
|
page readonly
|
|
|
|
82F0C7E000
|
unkown
|
page read and write
|
|
|
|
21C20E49000
|
unkown
|
page read and write
|
|
|
|
1457F954000
|
unkown
|
page read and write
|
|
|
|
21C20E4F000
|
unkown
|
page read and write
|
|
|
|
7FF59EA02000
|
unkown
|
page readonly
|
|
|
|
7FF59E913000
|
unkown
|
page readonly
|
|
|
|
ED18FE000
|
unkown
|
page read and write
|
|
|
|
82F0EFB000
|
unkown
|
page read and write
|
|
|
|
7FF59EA7C000
|
unkown
|
page readonly
|
|
|
|
ED167C000
|
unkown
|
page read and write
|
|
|
|
7FF50A581000
|
unkown
|
page readonly
|
|
|
|
21C21600000
|
unkown
|
page readonly
|
|
|
|
21C20C20000
|
heap default
|
page read and write
|
|
|
|
7FF59EAA0000
|
unkown
|
page readonly
|
|
|
|
7FF50A520000
|
unkown
|
page readonly
|
|
|
|
1457FA10000
|
unkown
|
page readonly
|
|
|
|
21C20E48000
|
unkown
|
page read and write
|
|
|
|
21C20F08000
|
unkown
|
page read and write
|
|
|
|
21C20E29000
|
unkown
|
page read and write
|
|
|
|
21C20BC0000
|
heap private
|
page read and write
|
|
|
|
7FF59EB01000
|
unkown
|
page readonly
|
|
|
|
7FF50A52D000
|
unkown
|
page readonly
|
|
|
|
ED177E000
|
unkown
|
page read and write
|
|
|
|
7FF50A203000
|
unkown
|
page readonly
|
|
|
|
7FF59E600000
|
unkown
|
page readonly
|
|
|
|
7FF50A515000
|
unkown
|
page readonly
|
|
|
|
21C20E8B000
|
unkown
|
page read and write
|
|
|
|
1457F8F0000
|
unkown
|
page readonly
|
|
|
|
21C20E00000
|
unkown
|
page read and write
|
|
|
|
21C20F02000
|
unkown
|
page read and write
|
|
|
|
7FF50A527000
|
unkown
|
page readonly
|
|
|
|
7FF59E8CE000
|
unkown
|
page readonly
|
|
|
|
7FF50A434000
|
unkown
|
page readonly
|
|
|
|
21C21402000
|
unkown
|
page read and write
|
|
|
|
7FF59EA76000
|
unkown
|
page readonly
|
|
|
|
7FF59EB09000
|
unkown
|
page readonly
|
|
|
|
21C20DF0000
|
unkown
|
page read and write
|
|
|
|
1457F780000
|
unkown
|
page readonly
|
|
|
|
1457F8B0000
|
unkown
|
page readonly
|
|
|
|
1457FE60000
|
unkown
|
page readonly
|
|
|
|
7FF59EA18000
|
unkown
|
page readonly
|
|
|
|
1457FDA0000
|
unkown
|
page readonly
|
|
|
|
7FF50A4FC000
|
unkown
|
page readonly
|
|
|
|
1457F870000
|
unkown
|
page read and write
|
|
|
|
7FF59EB09000
|
unkown
|
page readonly
|
|
|
|
82F0FF7000
|
unkown
|
page read and write
|
|
|
|
21C20F13000
|
unkown
|
page read and write
|
|
|
|
7FF50A50C000
|
unkown
|
page readonly
|
|
|
|
7FF59EA12000
|
unkown
|
page readonly
|
|
|
|
7FF50A532000
|
unkown
|
page readonly
|
|
|
|
ED16FE000
|
unkown
|
page read and write
|
|
|
|
82F099B000
|
unkown
|
page read and write
|
|
|
|
21C20E70000
|
unkown
|
page read and write
|
|
|
|
7FF50A19C000
|
unkown
|
page readonly
|
|
|
|
7FF59E947000
|
unkown
|
page readonly
|
|
|
|
7FF50A4ED000
|
unkown
|
page readonly
|
|
|
|
7FF50A42A000
|
unkown
|
page readonly
|
|
|
|
21C20E52000
|
unkown
|
page read and write
|
|
|
|
14501410000
|
unkown
|
page readonly
|
|
|
|
7FF50A49A000
|
unkown
|
page readonly
|
|
|
|
82F0CFF000
|
unkown
|
page read and write
|
|
|
|
7FF50A496000
|
unkown
|
page readonly
|
|
|
|
7FF59EAA7000
|
unkown
|
page readonly
|
|
|
|
7FF59E91D000
|
unkown
|
page readonly
|
|
|
|
7FF59EA45000
|
unkown
|
page readonly
|
|
There are 129 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://specialsteel.it/zip/OfficeV4/authorize_client_id:xp4r0ga1-nqkd-504r-ilo1-gxvd8ys2h49z_u5gxwdl8h9p0c2arbt3fqsz64yjv1enimok7st1eq8z0j9fa7ynuo234pbx6ikwml5ghdrvcn07i4sewzyh2ru1gqdpcbo98j6tmk3fvax5l?data=dHJhZGVzdXBwb3J0QHNrLmNvbQ==
|
|