File name: | mailruhomesearch.exe |
Full analysis: | https://app.any.run/tasks/6bcb1939-24ec-49df-b7b0-3eb2bee1ea40 |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 06:37:29 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | A29C9F523B47027FB97190B908C18979 |
SHA1: | 203CA880EFA5E1C883F37AD56A4B0E832B813A15 |
SHA256: | 25CEEAED228C2D7C08BAD41362AD6619C243324AD8A0E05C75D3672E96373BED |
SSDEEP: | 49152:QS3LOzY7exX2IFqucmyChAgZmY+jsCt8cv1XuYyU7rhTqr6iZVQA:QS3qvxXvgucmTegr+bcO |
.exe | | | Win32 EXE PECompact compressed (generic) (53.4) |
---|---|---|
.exe | | | Win64 Executable (generic) (35.5) |
.exe | | | Win32 Executable (generic) (5.8) |
.exe | | | Generic Win/DOS Executable (2.5) |
.exe | | | DOS Executable Generic (2.5) |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 2019-Feb-22 08:36:08 |
Detected languages: |
|
TLS Callbacks: | 1 callback(s) detected. |
Debug artifacts: |
|
FileDescription: | sputnik |
FileVersion: | 5.1.0.194 |
InternalName: | sputnik |
LegalCopyright: | Copyright c 2005 - 2015 |
OriginalFilename: | sputnik.exe |
ProductName: | sputnik |
ProductVersion: | 5.1.0.194 |
e_magic: | MZ |
---|---|
e_cblp: | 144 |
e_cp: | 3 |
e_crlc: | - |
e_cparhdr: | 4 |
e_minalloc: | - |
e_maxalloc: | 65535 |
e_ss: | - |
e_sp: | 184 |
e_csum: | - |
e_ip: | - |
e_cs: | - |
e_ovno: | - |
e_oemid: | - |
e_oeminfo: | - |
e_lfanew: | 288 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
NumberofSections: | 5 |
TimeDateStamp: | 2019-Feb-22 08:36:08 |
PointerToSymbolTable: | - |
NumberOfSymbols: | - |
SizeOfOptionalHeader: | 224 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 4096 | 1660339 | 1660416 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.65676 |
.rdata | 1667072 | 309500 | 309760 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.04915 |
.data | 1978368 | 43144 | 36352 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.97286 |
.rsrc | 2023424 | 21984 | 22016 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.86905 |
.reloc | 2048000 | 76516 | 76800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.588 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 3.38058 | 628 | UNKNOWN | Russian - Russia | RT_VERSION |
GO_MAIL_RU_ICO | 7.98034 | 10132 | UNKNOWN | Russian - Russia | BIN |
GO_MAIL_RU_PNG | 7.53676 | 815 | UNKNOWN | Russian - Russia | BIN |
MAIL_RU_ICO | 7.97151 | 8319 | UNKNOWN | Russian - Russia | BIN |
MAIL_RU_PNG | 7.52939 | 783 | UNKNOWN | Russian - Russia | BIN |
1 (#2) | 5.12107 | 796 | UNKNOWN | English - United States | RT_MANIFEST |
ADVAPI32.dll |
CRYPT32.dll |
KERNEL32.dll |
OLEAUT32.dll |
PSAPI.DLL |
SHELL32.dll |
USER32.dll |
VERSION.dll |
WINHTTP.dll |
WTSAPI32.dll |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
660 | "C:\Users\admin\AppData\Local\Temp\mailruhomesearch.exe" | C:\Users\admin\AppData\Local\Temp\mailruhomesearch.exe | — | Explorer.EXE | |||||||||||
User: admin Integrity Level: MEDIUM Description: sputnik Exit code: 0 Version: 5.1.0.194 Modules
| |||||||||||||||
400 | "C:\Users\admin\AppData\Local\Temp\mailruhomesearch.exe" --elevation | C:\Users\admin\AppData\Local\Temp\mailruhomesearch.exe | mailruhomesearch.exe | ||||||||||||
User: admin Integrity Level: HIGH Description: sputnik Exit code: 0 Version: 5.1.0.194 Modules
| |||||||||||||||
3896 | "C:\Users\admin\AppData\Local\Temp\fec8-61bd-e01c-8d2b\na_runner.exe" --install | C:\Users\admin\AppData\Local\Temp\fec8-61bd-e01c-8d2b\na_runner.exe | mailruhomesearch.exe | ||||||||||||
User: admin Company: Mail.Ru Integrity Level: HIGH Description: Mail.Ru updater Exit code: 0 Version: 5.0.0.176 Modules
| |||||||||||||||
1984 | "C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe" | C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe | na_runner.exe | ||||||||||||
User: admin Company: Mail.Ru Integrity Level: HIGH Description: Mail.Ru updater Exit code: 0 Version: 5.0.0.176 Modules
| |||||||||||||||
2116 | "C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe" --s | C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe | services.exe | ||||||||||||
User: SYSTEM Company: Mail.Ru Integrity Level: SYSTEM Description: Mail.Ru updater Exit code: 0 Version: 5.0.0.176 Modules
| |||||||||||||||
1752 | "C:\Windows\System32\regsvr32.exe" /s "C:\Users\admin\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll" | C:\Windows\System32\regsvr32.exe | — | mailruhomesearch.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft(C) Register Server Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3516 | "C:\Windows\TEMP\b497-2fc8-0e3d-ea1c" --install | C:\Windows\TEMP\b497-2fc8-0e3d-ea1c | — | MailRuUpdater.exe | |||||||||||
User: SYSTEM Company: Mail.Ru Integrity Level: SYSTEM Description: Mail.Ru Update Service Exit code: 0 Version: 3.12.0.10 Modules
| |||||||||||||||
2184 | "C:\Program Files\Mail.Ru\Update Service\mrupdsrv.exe" --s | C:\Program Files\Mail.Ru\Update Service\mrupdsrv.exe | services.exe | ||||||||||||
User: SYSTEM Company: Mail.Ru Integrity Level: SYSTEM Description: Mail.Ru Update Service Exit code: 0 Version: 3.12.0.10 Modules
| |||||||||||||||
3140 | "C:\Windows\system32\taskmgr.exe" /4 | C:\Windows\system32\taskmgr.exe | — | Explorer.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Task Manager Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2448 | "C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater\us\2d0cd78004_d\MailRuUpdater.exe" --update-installation | C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater\us\2d0cd78004_d\MailRuUpdater.exe | MailRuUpdater.exe | ||||||||||||
User: admin Company: Mail.Ru Integrity Level: HIGH Description: Mail.Ru updater Exit code: 0 Version: 5.2.0.13 Modules
|
(PID) Process: | (660) mailruhomesearch.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
(PID) Process: | (660) mailruhomesearch.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | IntranetName |
Value: 1 | |||
(PID) Process: | (660) mailruhomesearch.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 1 | |||
(PID) Process: | (660) mailruhomesearch.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 0 | |||
(PID) Process: | (924) svchost.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1302019708-1500728564-335382590-1000 |
Operation: | write | Name: | RefCount |
Value: 2 | |||
(PID) Process: | (924) svchost.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1302019708-1500728564-335382590-1000 |
Operation: | write | Name: | RefCount |
Value: 1 | |||
(PID) Process: | (400) mailruhomesearch.exe | Key: | HKEY_CURRENT_USER\Software\Mail.Ru\Tech |
Operation: | write | Name: | UserID |
Value: {1386F3CE-2602-4FBF-B6FB-D313F003CB5E} | |||
(PID) Process: | (400) mailruhomesearch.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (400) mailruhomesearch.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer |
Operation: | write | Name: | GlobalAssocChangedCounter |
Value: 101 | |||
(PID) Process: | (400) mailruhomesearch.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer |
Operation: | write | Name: | GlobalAssocChangedCounter |
Value: 102 |
PID | Process | Filename | Type | |
---|---|---|---|---|
400 | mailruhomesearch.exe | C:\Users\admin\Favorites\Искать в Интернете.url | url | |
MD5:EB08378217B4A9D27F46FA00527D778B | SHA256:B0C3586271724BE93C4BA4AF3D9A7DF05462F76B603DD7EF7E5BA4448BB7C244 | |||
400 | mailruhomesearch.exe | C:\Users\admin\AppData\Local\Mail.Ru\Tmp\DeferredTasks\metadata | binary | |
MD5:90F5872A649B9D46EE678E14F74429EF | SHA256:8C0843C34D5C84B4FA3E565F17A9FB4079564E658A3117BBC7AA4970674E4064 | |||
400 | mailruhomesearch.exe | C:\Users\admin\AppData\Local\Temp\5519-3c72-c68a-ec8b\GoMailRu.ico | image | |
MD5:ED62B573B9FF118E3EC726D78C5A099F | SHA256:D8AE22194708322B6CA7C8F5686C85D41EAF847A804657ADEEF6ABCAB74B3270 | |||
400 | mailruhomesearch.exe | C:\ProgramData\Mail.Ru\Id | text | |
MD5:30561981301C4A5DBE2B530A86AA4278 | SHA256:79F9E71774CE1BCA135A9C2B7DF76E2FD407A2038D47C1FE033108C111C2B4D5 | |||
400 | mailruhomesearch.exe | C:\Users\admin\Favorites\Mail.Ru.url | url | |
MD5:28161E54CB3CE3437B812CFFE5D36DFA | SHA256:5E3B71706277050CE3A08F7CBCD45B6D450F0CCA7A84D1EC3A6182B776C68600 | |||
400 | mailruhomesearch.exe | C:\Users\admin\AppData\Local\Mail.Ru\Tmp\DeferredTasks\{CA243D19-1E46-4B13-975D-B688FCF27C3B}\p1a9ab46e4d48da3660c62918298ecaad | compressed | |
MD5:C110516FAC153CAF1DC6955E69570FF0 | SHA256:B562A0F6B5F721C13A531A56AB4005738A621B14285B556611341CBF61E2CBA8 | |||
3896 | na_runner.exe | C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe | executable | |
MD5:FEB798265C24BEB577CB5BCD43CBD158 | SHA256:D9BE17D76DFB9D90246512CE89DD7AAB7CF1CF94D6145429A84094614ABA65E4 | |||
400 | mailruhomesearch.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm | binary | |
MD5:B7C14EC6110FA820CA6B65F5AEC85911 | SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB | |||
400 | mailruhomesearch.exe | C:\Users\admin\AppData\Local\Temp\adbf-17eb-1413-4987\MailRu.ico | image | |
MD5:1B8FB79AAA423BE16049803FD901B79D | SHA256:7F9C40702936F23F24828FB0B49EDD70534F617BFADAC2854061620D6DD435D2 | |||
400 | mailruhomesearch.exe | C:\Users\admin\AppData\Local\Mail.Ru\Tmp\DeferredTasks\{CA243D19-1E46-4B13-975D-B688FCF27C3B}\p0cbb3eb170cb947ca46cb5d2affcb83a | compressed | |
MD5:3AFBCAD27CBF5B5B0C2084AC6366F689 | SHA256:07E5A914348B102A2109B48141E58F0DE0CBA2E1C1303D741CF0BFB13B007BC8 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1984 | MailRuUpdater.exe | GET | 204 | 217.69.139.245:80 | http://mrds.mail.ru/update/2/version.txt?type=task_executed&taskid=%7B901B414B-72A2-48C6-8DCD-29388B8B3E40%7D&done=1&masterid=%7B6D90526D-77A7-4DB6-BFA8-C7B72CCF1237%7D&user_id=%7B1386F3CE-2602-4FBF-B6FB-D313F003CB5E%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.0.0.176&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=10&elapsed_time=1&mr_service=0&os=win6.1&install_id=%7B24102241-FC26-4D48-A98F-E454D47565A8%7D&GUID=%7B24102241-FC26-4D48-A98F-E454D47565A8%7D&tool=mrupdater | RU | — | — | suspicious |
2116 | MailRuUpdater.exe | GET | 204 | 217.69.139.245:80 | http://mrds.mail.ru/update/2/version.txt?type=mru_online_service&masterid=%7B6D90526D-77A7-4DB6-BFA8-C7B72CCF1237%7D&user_id=%7B1386F3CE-2602-4FBF-B6FB-D313F003CB5E%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.0.0.176&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=5&elapsed_time=0&mr_service=1&os=win6.1&install_id=%7B24102241-FC26-4D48-A98F-E454D47565A8%7D&GUID=%7B24102241-FC26-4D48-A98F-E454D47565A8%7D&tool=mrupdater | RU | — | — | suspicious |
400 | mailruhomesearch.exe | GET | 204 | 217.69.139.245:80 | http://mrds.mail.ru/update/2/version.txt?type=setup_unit&id=ie_mailru&event=done&masterid=%7B6D90526D-77A7-4DB6-BFA8-C7B72CCF1237%7D&user_id=%7B1386F3CE-2602-4FBF-B6FB-D313F003CB5E%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=37&elapsed_time=0&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B9F70C2BD-BE62-4029-9F2E-024EAC011C57%7D&common_rfr=&install_id=%7B9F70C2BD-BE62-4029-9F2E-024EAC011C57%7D&rfr_rules= | RU | — | — | suspicious |
400 | mailruhomesearch.exe | GET | 204 | 217.69.139.245:80 | http://mrds.mail.ru/update/2/version.txt?type=setup_unit&id=ie_gomailru&event=done&masterid=%7B6D90526D-77A7-4DB6-BFA8-C7B72CCF1237%7D&user_id=%7B1386F3CE-2602-4FBF-B6FB-D313F003CB5E%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=37&elapsed_time=0&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B9F70C2BD-BE62-4029-9F2E-024EAC011C57%7D&common_rfr=&install_id=%7B9F70C2BD-BE62-4029-9F2E-024EAC011C57%7D&rfr_rules= | RU | — | — | suspicious |
1984 | MailRuUpdater.exe | GET | 204 | 217.69.139.245:80 | http://mrds.mail.ru/update/2/version.txt?type=mru_online&tool=mrupdater&masterid=%7B6D90526D-77A7-4DB6-BFA8-C7B72CCF1237%7D&user_id=%7B1386F3CE-2602-4FBF-B6FB-D313F003CB5E%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.0.0.176&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=5&elapsed_time=0&mr_service=0&os=win6.1&install_id=%7B24102241-FC26-4D48-A98F-E454D47565A8%7D&GUID=%7B24102241-FC26-4D48-A98F-E454D47565A8%7D | RU | — | — | suspicious |
400 | mailruhomesearch.exe | GET | 204 | 217.69.139.245:80 | http://mrds.mail.ru/update/2/version.txt?type=install&bgn=1&standalone=1&masterid=%7B6D90526D-77A7-4DB6-BFA8-C7B72CCF1237%7D&user_id=%7B1386F3CE-2602-4FBF-B6FB-D313F003CB5E%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=38&elapsed_time=0&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B9F70C2BD-BE62-4029-9F2E-024EAC011C57%7D&common_rfr=&install_id=%7B9F70C2BD-BE62-4029-9F2E-024EAC011C57%7D&rfr_rules= | RU | — | — | suspicious |
400 | mailruhomesearch.exe | GET | 204 | 217.69.139.245:80 | http://mrds.mail.ru/update/2/version.txt?type=spparams&raw=--elevation&masterid=%7B6D90526D-77A7-4DB6-BFA8-C7B72CCF1237%7D&user_id=%7B1386F3CE-2602-4FBF-B6FB-D313F003CB5E%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=38&elapsed_time=0&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B9F70C2BD-BE62-4029-9F2E-024EAC011C57%7D&common_rfr=&install_id=%7B9F70C2BD-BE62-4029-9F2E-024EAC011C57%7D&rfr_rules= | RU | — | — | suspicious |
3896 | na_runner.exe | GET | 204 | 217.69.139.245:80 | http://mrds.mail.ru/update/2/version.txt?type=mru_install_service&masterid=%7B6D90526D-77A7-4DB6-BFA8-C7B72CCF1237%7D&user_id=%7B1386F3CE-2602-4FBF-B6FB-D313F003CB5E%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.0.0.176&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=6&elapsed_time=0&mr_service=0&os=win6.1&install_id=%7B24102241-FC26-4D48-A98F-E454D47565A8%7D&GUID=%7B24102241-FC26-4D48-A98F-E454D47565A8%7D&tool=mrupdater | RU | — | — | suspicious |
2116 | MailRuUpdater.exe | GET | 204 | 217.69.139.245:80 | http://mrds.mail.ru/update/2/version.txt?type=mru_iapp&id=waiter&event=done&masterid=%7B6D90526D-77A7-4DB6-BFA8-C7B72CCF1237%7D&user_id=%7B1386F3CE-2602-4FBF-B6FB-D313F003CB5E%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.0.0.176&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=10&elapsed_time=3&mr_service=1&os=win6.1&install_id=%7B24102241-FC26-4D48-A98F-E454D47565A8%7D&GUID=%7B24102241-FC26-4D48-A98F-E454D47565A8%7D&tool=mrupdater | RU | — | — | suspicious |
2184 | mrupdsrv.exe | GET | 204 | 217.69.139.245:80 | http://mrds.mail.ru/update/2/version.txt?type=waiter_online&masterid=%7B6D90526D-77A7-4DB6-BFA8-C7B72CCF1237%7D&user_id=%7B1386F3CE-2602-4FBF-B6FB-D313F003CB5E%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=3.12.0.10&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=5&elapsed_time=0&mr_service=1&os=win6.1&GUID=&install_id=&tool=waiter | RU | — | — | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2116 | MailRuUpdater.exe | 217.69.139.245:80 | mrds.mail.ru | LLC VK | RU | malicious |
1984 | MailRuUpdater.exe | 217.69.139.245:443 | mrds.mail.ru | LLC VK | RU | malicious |
400 | mailruhomesearch.exe | 217.69.139.247:443 | xmlbinupdate.mail.ru | LLC VK | RU | malicious |
— | — | 217.69.139.245:443 | mrds.mail.ru | LLC VK | RU | malicious |
3896 | na_runner.exe | 217.69.139.245:80 | mrds.mail.ru | LLC VK | RU | malicious |
1984 | MailRuUpdater.exe | 217.69.139.247:443 | xmlbinupdate.mail.ru | LLC VK | RU | malicious |
400 | mailruhomesearch.exe | 217.69.139.122:443 | conserv.go.mail.ru | LLC VK | RU | unknown |
— | — | 5.181.61.0:443 | mailruupdater.cdnmail.ru | LLC VK | RU | suspicious |
400 | mailruhomesearch.exe | 217.69.139.245:80 | mrds.mail.ru | LLC VK | RU | malicious |
1984 | MailRuUpdater.exe | 217.69.139.245:80 | mrds.mail.ru | LLC VK | RU | malicious |
Domain | IP | Reputation |
---|---|---|
xmlbinupdate.mail.ru |
| shared |
conserv.go.mail.ru |
| unknown |
mrds.mail.ru |
| suspicious |
mailruupdater.cdnmail.ru |
| unknown |
xtnmailru.cdnmail.ru |
| unknown |
gosoftdl.mail.ru |
| shared |
binupdate.mail.ru |
| shared |
xml.binupdate.mail.ru |
| shared |
mrdistrupd.com |
| unknown |
ctldl.windowsupdate.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3896 | na_runner.exe | Potentially Bad Traffic | ET INFO Terse Request for .txt - Likely Hostile |
1984 | MailRuUpdater.exe | Potentially Bad Traffic | ET INFO Terse Request for .txt - Likely Hostile |
2116 | MailRuUpdater.exe | Potentially Bad Traffic | ET INFO Terse Request for .txt - Likely Hostile |
3896 | na_runner.exe | Potentially Bad Traffic | ET INFO Terse Request for .txt - Likely Hostile |
400 | mailruhomesearch.exe | Potentially Bad Traffic | ET INFO Terse Request for .txt - Likely Hostile |
400 | mailruhomesearch.exe | Potentially Bad Traffic | ET INFO Terse Request for .txt - Likely Hostile |
1984 | MailRuUpdater.exe | Potentially Bad Traffic | ET INFO Terse Request for .txt - Likely Hostile |
400 | mailruhomesearch.exe | Potentially Bad Traffic | ET INFO Terse Request for .txt - Likely Hostile |
1984 | MailRuUpdater.exe | Potentially Bad Traffic | ET INFO Terse Request for .txt - Likely Hostile |
400 | mailruhomesearch.exe | Potentially Bad Traffic | ET INFO Terse Request for .txt - Likely Hostile |
Process | Message |
---|---|
MailRuUpdater.exe | RunAsService: Entry |
MailRuUpdater.exe | Updater.Mail.Ru: SERVICE_CONTROL_STOP |
MailRuUpdater.exe | RunAsService: Exit |
MailRuUpdater.exe | RunAsService: Entry |