URL: | https://www.mediafire.com/file/gjw7c3g1bgd8xgh/List_of_all_AC_tracks_WITH_LINKS.txt/file |
Full analysis: | https://app.any.run/tasks/2cd71251-fb9f-436e-b42e-8e434705f622 |
Verdict: | Malicious activity |
Analysis date: | January 15, 2022, 02:05:05 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 61ABF5633A5EBE5618E8B5FFBDCBD0A0 |
SHA1: | EA8CCDDAF4C47099035639EB02A10208ECA2B9E7 |
SHA256: | 6C8D4BE1A4DF364C9D48EF35D821DE6FB68A10FF0A7DDC5B837280B5F17B5803 |
SSDEEP: | 3:N8DSLw3eGUoT1WydANu6X7ysySdlTKDIA:2OLw3eGtJdAQ6XpfY9 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3132 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://www.mediafire.com/file/gjw7c3g1bgd8xgh/List_of_all_AC_tracks_WITH_LINKS.txt/file" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3668 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3132 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
556 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\List of all AC tracks WITH LINKS.txt | C:\Windows\system32\NOTEPAD.EXE | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
|
(PID) Process: | (3132) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (3132) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (3132) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30935476 | |||
(PID) Process: | (3132) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (3132) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30935476 | |||
(PID) Process: | (3132) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (3132) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (3132) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (3132) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (3132) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3668 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E | binary | |
MD5:312F062554BA74067E32B6D328C77E31 | SHA256:42E15C3C3BA8DE874AD8927FBECCB028FB2F96AFA8360DD39117890E881D7E84 | |||
3668 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\67025LME.txt | text | |
MD5:D72C9A3B5825219C66746B26D81C4ED0 | SHA256:18A0850BE81134C233B0730757EBD1FC0BC29041E11CCBC3A2AF3E6D416E6CF2 | |||
3668 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B | der | |
MD5:796B200A8EF84ED3A6DCAD135DB38647 | SHA256:8616DF7D2D7A69B5CE4872F37C2CC9329B81A50C9CEE29B8D4043953693992AF | |||
3668 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B | binary | |
MD5:94F1D9713D2F6233F46F09688A05E38C | SHA256:BC13DA0BD3CBAC0BD690D1529A7B716D1F9326BA674432AE6864DC3AE42B4E72 | |||
3668 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:00CF65FBD1311CDFAF110689B3009129 | SHA256:2D968E663901970288ABDA562F0285C221895E35E9B4FC515C678666CDE32430 | |||
3668 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\EUC0KL3K.txt | text | |
MD5:265B2AB304FEE0ED2A521B6243F6240C | SHA256:5336B4744D54E4B3FEC82B89E80DD5D93561DACDB38DFC3BC71E09C24250AED6 | |||
3668 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\file[1].htm | html | |
MD5:03B231EAE1D58250288EFAB0E1638CA6 | SHA256:F46E7748D98F63888B9DA2895136D8EDDD1FF5B258A0857E25D39077DE3D44E3 | |||
3668 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\9JDHSNIY.txt | text | |
MD5:7FD845AC832932591C706CE872AC3300 | SHA256:2F921D6E523846AA5049A8EF671C80ECC8B53BF624DE34EB33A96599BE0CBE4E | |||
3668 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E | der | |
MD5:6DC758DAFCA329C85C8BBC01CC0AD57B | SHA256:A3D5AFDA772958B0AE1A2F3CC1F2657836A732C54266EF7EB9DF5844E4A19973 | |||
3668 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\VFJY7C4Z.txt | text | |
MD5:E88C1BE6D55272A2C94987B21E2EC21A | SHA256:7E264BAE36735F3E010C814EA15DFB51915B0B04D03B4EADDDD92237D05C7CDE |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3668 | iexplore.exe | GET | 200 | 142.250.186.99:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
3668 | iexplore.exe | GET | 200 | 18.66.92.207:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
3668 | iexplore.exe | GET | 200 | 104.18.31.182:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | US | der | 471 b | whitelisted |
3668 | iexplore.exe | GET | 200 | 104.18.31.182:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEBN9U5yqfDGppDNwGWiEeo0%3D | US | der | 727 b | whitelisted |
3668 | iexplore.exe | GET | 200 | 142.250.186.99:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGmSmALa8169CgAAAAEn3NM%3D | US | der | 471 b | whitelisted |
3668 | iexplore.exe | GET | 200 | 142.250.186.99:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
3668 | iexplore.exe | GET | 200 | 142.250.186.99:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD1gKWbifArxwoAAAABJ9nk | US | der | 472 b | whitelisted |
3668 | iexplore.exe | GET | 200 | 142.250.186.99:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEE6xdoJrIAA%2BCgAAAAEn3EY%3D | US | der | 471 b | whitelisted |
3668 | iexplore.exe | GET | 200 | 142.250.186.99:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCAnDacZA1UWwoAAAABJ9nq | US | der | 472 b | whitelisted |
3668 | iexplore.exe | GET | 200 | 142.250.186.35:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD0u1o6ejgsaAoAAAABJ949 | US | der | 472 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3668 | iexplore.exe | 142.250.186.40:443 | www.googletagmanager.com | Google Inc. | US | suspicious |
3668 | iexplore.exe | 104.16.95.65:443 | static.cloudflareinsights.com | Cloudflare Inc | US | shared |
3668 | iexplore.exe | 104.18.31.182:80 | ocsp.comodoca.com | Cloudflare Inc | US | unknown |
3668 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
3668 | iexplore.exe | 142.250.74.206:443 | translate.google.com | Google Inc. | US | whitelisted |
3668 | iexplore.exe | 104.26.7.139:443 | btloader.com | Cloudflare Inc | US | suspicious |
3668 | iexplore.exe | 104.16.202.237:443 | www.mediafire.com | Cloudflare Inc | US | unknown |
3668 | iexplore.exe | 104.16.203.237:443 | www.mediafire.com | Cloudflare Inc | US | unknown |
3668 | iexplore.exe | 142.250.186.99:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
3668 | iexplore.exe | 142.250.186.174:443 | fundingchoicesmessages.google.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.mediafire.com |
| shared |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |
ocsp.usertrust.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
btloader.com |
| whitelisted |
translate.google.com |
| whitelisted |
static.cloudflareinsights.com |
| whitelisted |