General Info

File name

sample_72.zip

Full analysis
https://app.any.run/tasks/2a23e45b-ffac-4fee-8cd6-ef251504c7fd
Verdict
Malicious activity
Analysis date
6/12/2019, 11:51:59
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v2.0 to extract
MD5

ba88ed3dbc3d47bf7a1c1f4c5db60692

SHA1

9bf477f8d8dd492b96fd0b35c90ba1e6f5cf54e0

SHA256

70bbdf93f0103bc8202cec82096f47d8731319343480f29951c20eb93ce04f06

SSDEEP

12288:thFq4EUwKpQFJKzW10Ik9WNJiOBCC1AdlxFEAk:RLxpQrKzFIkk9gC1il/EAk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • sample_72.exe (PID: 3908)
  • sample_72.exe (PID: 2900)
Reads internet explorer settings
  • sample_72.exe (PID: 3908)
Executable content was dropped or overwritten
  • sample_72.exe (PID: 3908)
  • WinRAR.exe (PID: 3660)
Application launched itself
  • sample_72.exe (PID: 2900)
Manual execution by user
  • sample_72.exe (PID: 2900)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
20
ZipBitFlag:
null
ZipCompression:
None
ZipModifyDate:
2018:05:01 18:48:23
ZipCRC:
0x00000000
ZipCompressedSize:
null
ZipUncompressedSize:
null
ZipFileName:
sample_72/

Screenshots

Processes

Total processes
38
Monitored processes
3
Malicious processes
1
Suspicious processes
1

Behavior graph

+
start winrar.exe sample_72.exe no specs sample_72.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3660
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\sample_72.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll

PID
2900
CMD
"C:\Users\admin\Desktop\sample_72\sample_72.exe"
Path
C:\Users\admin\Desktop\sample_72\sample_72.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\sample_72\sample_72.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll

PID
3908
CMD
"C:\Users\admin\Desktop\sample_72\sample_72.exe" /RSF
Path
C:\Users\admin\Desktop\sample_72\sample_72.exe
Indicators
Parent process
sample_72.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\sample_72\sample_72.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mlang.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\users\admin\appdata\local\temp\icreinstall_sample_72.exe
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\fwpuclnt.dll

Registry activity

Total events
955
Read events
907
Write events
48
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
3660
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\sample_72.zip
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
0
C:\Users\admin\Desktop
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface
ShowPassword
0
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General
LastFolder
C:\Users\admin\AppData\Local\Temp
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
name
120
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
size
80
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
psize
80
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
type
120
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
mtime
100
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
crc
70
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_0
38000000730100000402000000000000D4D0C8000000000000000000000000006C0104000000000039000000B40200000000000001000000
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_1
38000000730100000500000000000000D4D0C8000000000000000000000000002201050000000000160000002A0000000000000002000000
3660
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_2
38000000730100000400000000000000D4D0C800000000000000000000000000EC0006000000000016000000640000000000000003000000
2900
sample_72.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2900
sample_72.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3908
sample_72.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3908
sample_72.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3908
sample_72.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sample_72_RASAPI32
EnableFileTracing
0
3908
sample_72.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sample_72_RASAPI32
EnableConsoleTracing
0
3908
sample_72.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sample_72_RASAPI32
FileTracingMask
4294901760
3908
sample_72.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sample_72_RASAPI32
ConsoleTracingMask
4294901760
3908
sample_72.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sample_72_RASAPI32
MaxFileSize
1048576
3908
sample_72.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sample_72_RASAPI32
FileDirectory
%windir%\tracing
3908
sample_72.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sample_72_RASMANCS
EnableFileTracing
0
3908
sample_72.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sample_72_RASMANCS
EnableConsoleTracing
0
3908
sample_72.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sample_72_RASMANCS
FileTracingMask
4294901760
3908
sample_72.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sample_72_RASMANCS
ConsoleTracingMask
4294901760
3908
sample_72.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sample_72_RASMANCS
MaxFileSize
1048576
3908
sample_72.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sample_72_RASMANCS
FileDirectory
%windir%\tracing
3908
sample_72.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3908
sample_72.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3908
sample_72.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Name
sample_72.exe
3908
sample_72.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
ID
708992537

Files activity

Executable files
2
Suspicious files
0
Text files
57
Unknown types
1

Dropped files

PID
Process
Filename
Type
3660
WinRAR.exe
C:\Users\admin\Desktop\sample_72\sample_72
executable
MD5: 83c41792a835c39acbee18f833069a17
SHA256: d3d683a2a23e1149c78c5ecba8246693e3564875dd67c82375fe9966f72e2fc0
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ICReinstall_sample_72.exe
executable
MD5: 83c41792a835c39acbee18f833069a17
SHA256: d3d683a2a23e1149c78c5ecba8246693e3564875dd67c82375fe9966f72e2fc0
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\is135653842\216422020.cfg
text
MD5: 00ad6961bc71f3a939b5200ec4a3d662
SHA256: 5976e285385c8482a19bb69d9a0a46762c701880c3b17c3a01e6e997012b88af
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\00128749.log
––
MD5:  ––
SHA256:  ––
3908
sample_72.exe
C:\Users\admin\Desktop\Continue GameNutt Activation.lnk
lnk
MD5: 6405c874186b020085c9118b037b7b3a
SHA256: ce543182555e9e94437df437525ad7075b3ae6040a705afe3c13fb8e6b1c5092
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\001299B8.log
––
MD5:  ––
SHA256:  ––
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\0012749C.log
––
MD5:  ––
SHA256:  ––
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\bootstrap_33563.html
html
MD5: 1ea9e5b417811379e874ad4870d5c51a
SHA256: f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\locale\EN.locale
html
MD5: d6bb477a9585a427be528493c9ea6250
SHA256: e28e5da664b491af4f2593e822b46d67193358c730e4c94ff340bbf602e1a621
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\locale\DE.locale
html
MD5: 07b5c69a143d4ed4dfb31e19de45fe88
SHA256: 222792deda5c8c2229e12205a14ea8fc04bec798de596f27574ed47377d6dcdd
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\images\ProgressBar.png
image
MD5: 830234f26fce01833c8f74f1829d7717
SHA256: fa8bfed0f1e98d212938e307160d1c5b68f134f67ea0826b9f75f2284be9e2f2
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\images\Games_Pics.jpg
image
MD5: 7208763bb45e5cd23305c00aacbc1981
SHA256: bdf98681a3e74856a14d5d0857ed434afaa82afacaab9d0ca87f863ae8b2a585
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\images\Color_Button_Hover.png
image
MD5: 9775ecccbe3a96a4a6ff159c12c5c75a
SHA256: b8f73314d652d0d572c3a63f7797dc04bc959f2dfc659905fe8ac2f9f2f6ff30
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\images\Progress.png
image
MD5: 6e729d132f975194c6d3975cad7d5ee4
SHA256: 85f2a178f1b32d85a162b68590b526c50ce70e82e04c508597476da67b962856
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\images\loader.gif
image
MD5: 360281e85620142c3329848262da263d
SHA256: 6c7d0d5402ebcf34cb6280473b4dac5966aae2a4bdadf80c796245663e2d9b55
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\images\Gray_Button.png
image
MD5: 35800b05c4334c3a5cddf4260ac9d4b9
SHA256: d36de61d654cccf61b8767923efaecfea8b79e013aa0d0d1b832d23b9ab811ea
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\images\Close_Hover.png
image
MD5: 0294fe3135ddb5537282a6b7bbc2300c
SHA256: c247c19dd3072264d855207e7cf5c727e2a84c075d9ec3f14f494f2adfc314c3
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\images\Gray_Button_Hover.png
image
MD5: 740657c54d80379fc548e0daabfd7e2a
SHA256: 2bb2d4cdeaef6a089b057baf116d61be1fd71c13601026c132f238cce65c149b
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\images\Color_Button.png
image
MD5: 233e3ecaf8b6f0a9f82ca79ccd1788a1
SHA256: 8b0bf039e841739da7555d8b2348b02111b9a00cca8f654ae73953778155f638
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\images\Close.png
image
MD5: 13e974317abaf08aa7aad7dc164d8ac0
SHA256: 9bdc0a4226491ffc64c7f23c384d04ca2403952519bf44478ea01184b4eeca8b
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\defaultOffer\offer_html.txt
html
MD5: 8867335d0eb07d83ff205ddf127dd3c3
SHA256: 663759da214c10324ec30427e6e9a25d84a19954fb2f6f39d71bc0ceca1c4e19
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\css\sdk-ui\progress-bar.css
text
MD5: 5335f1c12201b5f7cf5f8b4f5692e3d1
SHA256: 974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\defaultOffer\offer_code.txt
text
MD5: 7b4144dbde53afec68826f47e6c4e015
SHA256: b538b2475b91e2e3f1df6e7bdbeead8b1b791af9658d1b3c63b5262854e369c0
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\css\sdk-ui\images\progress-bg2.png
image
MD5: b582d9a67bfe77d523ba825fd0b9dae3
SHA256: ab4eeb3ea1eef4e84cb61eccb0ba0998b32108d70b3902df3619f4d9393f74c3
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\images\BG.jpg
image
MD5: dcf8583e3cbc79d7cbe4124b8239edf6
SHA256: 2f1051de724651d5f7c80285172d7ba06c57aee132a8b77b3831a7e4a5b9986c
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\defaultOffer\images\toolbar.png
image
MD5: 8bbebf07ef6c78deab8f91850100a816
SHA256: f2a4f2596f8d846dc886781c256fab97a4f52b36035bf9a65f039a7b67378331
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\css\sdk-ui\images\progress-bg.png
image
MD5: e9f12f92a9eeb8ebe911080721446687
SHA256: c1cf449536bc2778e27348e45f0f53d04c284109199fb7a9af7a61016b91f8bc
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\csshover3.htc
html
MD5: 52fa0da50bf4b27ee625c80d36c67941
SHA256: e37e99ddfc73ac7ba774e23736b2ef429d9a0cb8c906453c75b14c029bdd5493
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\css\sdk-ui\images\button-bg.png
image
MD5: 98b1de48dfa64dc2aa1e52facfbee3b0
SHA256: 2693930c474fe640e2fe8d6ef98abe2ecd303d2392c3d8b2e006e8942ba8f534
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\css\sdk-ui\browse.css
text
MD5: 6009d6e864f60aea980a9df94c1f7e1c
SHA256: 5ef48a8c8c3771b4f233314d50dd3b5afdcd99dd4b74a9745c8fe7b22207056d
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\css\sdk-ui\checkbox.css
text
MD5: 64773c6b0e3413c81aebc46cce8c9318
SHA256: b09504c1bf0486d3ec46500592b178a3a6c39284672af8815c3687cc3d29560d
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\css\sdk-ui\button.css
text
MD5: 37e1ff96e084ec201f0d95feef4d5e94
SHA256: 8e806f5b94fc294e918503c8053ef1284e4f4b1e02c7da4f4635e33ec33e0534
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\css\sdk-ui\images\progress-bg-corner.png
image
MD5: 608f1f20cd6ca9936eaa7e8c14f366be
SHA256: 86b6e6826bcde2955d64d4600a4e01693522c1fddf156ce31c4ba45b3653a7bd
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\css\main.css
text
MD5: ceec7ef9d2b2161421b843782577ba15
SHA256: aa312ebaf436cb8a041a42c446e2b1509b97337a0968a2d7fee22444b02bb906
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1208937\css\ie6_main.css
text
MD5: 94b29bb4559b10f46b6abe3137d23847
SHA256: 251340aea1eac86cb0d89dd0d3bd2f109c9fc8f194bae4355102433c24bdc60b
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\00127269.log
––
MD5:  ––
SHA256:  ––
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\001271DC.log
––
MD5:  ––
SHA256:  ––
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\locale\EN.locale
html
MD5: d6bb477a9585a427be528493c9ea6250
SHA256: e28e5da664b491af4f2593e822b46d67193358c730e4c94ff340bbf602e1a621
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\locale\DE.locale
html
MD5: 07b5c69a143d4ed4dfb31e19de45fe88
SHA256: 222792deda5c8c2229e12205a14ea8fc04bec798de596f27574ed47377d6dcdd
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\images\Games_Pics.jpg
image
MD5: 7208763bb45e5cd23305c00aacbc1981
SHA256: bdf98681a3e74856a14d5d0857ed434afaa82afacaab9d0ca87f863ae8b2a585
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\images\Gray_Button_Hover.png
image
MD5: 740657c54d80379fc548e0daabfd7e2a
SHA256: 2bb2d4cdeaef6a089b057baf116d61be1fd71c13601026c132f238cce65c149b
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\images\loader.gif
image
MD5: 360281e85620142c3329848262da263d
SHA256: 6c7d0d5402ebcf34cb6280473b4dac5966aae2a4bdadf80c796245663e2d9b55
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\images\ProgressBar.png
image
MD5: 830234f26fce01833c8f74f1829d7717
SHA256: fa8bfed0f1e98d212938e307160d1c5b68f134f67ea0826b9f75f2284be9e2f2
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\images\Color_Button_Hover.png
image
MD5: 9775ecccbe3a96a4a6ff159c12c5c75a
SHA256: b8f73314d652d0d572c3a63f7797dc04bc959f2dfc659905fe8ac2f9f2f6ff30
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\images\Gray_Button.png
image
MD5: 35800b05c4334c3a5cddf4260ac9d4b9
SHA256: d36de61d654cccf61b8767923efaecfea8b79e013aa0d0d1b832d23b9ab811ea
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\images\Progress.png
image
MD5: 6e729d132f975194c6d3975cad7d5ee4
SHA256: 85f2a178f1b32d85a162b68590b526c50ce70e82e04c508597476da67b962856
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\images\Color_Button.png
image
MD5: 233e3ecaf8b6f0a9f82ca79ccd1788a1
SHA256: 8b0bf039e841739da7555d8b2348b02111b9a00cca8f654ae73953778155f638
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\defaultOffer\offer_code.txt
text
MD5: 7b4144dbde53afec68826f47e6c4e015
SHA256: b538b2475b91e2e3f1df6e7bdbeead8b1b791af9658d1b3c63b5262854e369c0
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\images\BG.jpg
image
MD5: dcf8583e3cbc79d7cbe4124b8239edf6
SHA256: 2f1051de724651d5f7c80285172d7ba06c57aee132a8b77b3831a7e4a5b9986c
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\images\Close_Hover.png
image
MD5: 0294fe3135ddb5537282a6b7bbc2300c
SHA256: c247c19dd3072264d855207e7cf5c727e2a84c075d9ec3f14f494f2adfc314c3
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\images\Close.png
image
MD5: 13e974317abaf08aa7aad7dc164d8ac0
SHA256: 9bdc0a4226491ffc64c7f23c384d04ca2403952519bf44478ea01184b4eeca8b
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\defaultOffer\images\toolbar.png
image
MD5: 8bbebf07ef6c78deab8f91850100a816
SHA256: f2a4f2596f8d846dc886781c256fab97a4f52b36035bf9a65f039a7b67378331
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\defaultOffer\offer_html.txt
html
MD5: 8867335d0eb07d83ff205ddf127dd3c3
SHA256: 663759da214c10324ec30427e6e9a25d84a19954fb2f6f39d71bc0ceca1c4e19
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\css\sdk-ui\progress-bar.css
text
MD5: 5335f1c12201b5f7cf5f8b4f5692e3d1
SHA256: 974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\csshover3.htc
html
MD5: 52fa0da50bf4b27ee625c80d36c67941
SHA256: e37e99ddfc73ac7ba774e23736b2ef429d9a0cb8c906453c75b14c029bdd5493
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\css\sdk-ui\images\progress-bg-corner.png
image
MD5: 608f1f20cd6ca9936eaa7e8c14f366be
SHA256: 86b6e6826bcde2955d64d4600a4e01693522c1fddf156ce31c4ba45b3653a7bd
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\css\sdk-ui\checkbox.css
text
MD5: 64773c6b0e3413c81aebc46cce8c9318
SHA256: b09504c1bf0486d3ec46500592b178a3a6c39284672af8815c3687cc3d29560d
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\css\sdk-ui\images\button-bg.png
image
MD5: 98b1de48dfa64dc2aa1e52facfbee3b0
SHA256: 2693930c474fe640e2fe8d6ef98abe2ecd303d2392c3d8b2e006e8942ba8f534
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\css\sdk-ui\images\progress-bg2.png
image
MD5: b582d9a67bfe77d523ba825fd0b9dae3
SHA256: ab4eeb3ea1eef4e84cb61eccb0ba0998b32108d70b3902df3619f4d9393f74c3
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\css\sdk-ui\images\progress-bg.png
image
MD5: e9f12f92a9eeb8ebe911080721446687
SHA256: c1cf449536bc2778e27348e45f0f53d04c284109199fb7a9af7a61016b91f8bc
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\css\sdk-ui\button.css
text
MD5: 37e1ff96e084ec201f0d95feef4d5e94
SHA256: 8e806f5b94fc294e918503c8053ef1284e4f4b1e02c7da4f4635e33ec33e0534
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\css\ie6_main.css
text
MD5: 94b29bb4559b10f46b6abe3137d23847
SHA256: 251340aea1eac86cb0d89dd0d3bd2f109c9fc8f194bae4355102433c24bdc60b
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\css\main.css
text
MD5: ceec7ef9d2b2161421b843782577ba15
SHA256: aa312ebaf436cb8a041a42c446e2b1509b97337a0968a2d7fee22444b02bb906
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\ish1207953\css\sdk-ui\browse.css
text
MD5: 6009d6e864f60aea980a9df94c1f7e1c
SHA256: 5ef48a8c8c3771b4f233314d50dd3b5afdcd99dd4b74a9745c8fe7b22207056d
2900
sample_72.exe
C:\Users\admin\AppData\Local\Temp\00126E91.log
––
MD5:  ––
SHA256:  ––
3908
sample_72.exe
C:\Users\admin\AppData\Local\Temp\is135653842\57544588.cfg
text
MD5: e664c9c9883366bca42d45aba98390e2
SHA256: df553f290b3393a1ac3114c1fc8e251e87fc73b41a689b671cc37210e708a275

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
63
TCP/UDP connections
23
DNS requests
4
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3908 sample_72.exe GET 403 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
xml
suspicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET 403 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
xml
suspicious
3908 sample_72.exe GET 403 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
xml
suspicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET 403 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
xml
suspicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET 403 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
xml
suspicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET 403 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
xml
suspicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET 403 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
xml
suspicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET –– 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
––
––
suspicious
3908 sample_72.exe GET –– 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
––
––
suspicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET –– 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
––
––
suspicious
3908 sample_72.exe GET –– 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
––
––
suspicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET –– 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
––
––
suspicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET 403 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
xml
suspicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET 403 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
xml
suspicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET –– 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
––
––
suspicious
3908 sample_72.exe GET –– 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
––
––
suspicious
3908 sample_72.exe GET –– 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
––
––
suspicious
3908 sample_72.exe GET –– 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
––
––
suspicious
3908 sample_72.exe GET –– 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
––
––
malicious
3908 sample_72.exe GET –– 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
––
––
suspicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET –– 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
––
––
suspicious
3908 sample_72.exe GET –– 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
––
––
malicious
3908 sample_72.exe GET 403 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
xml
suspicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET 403 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
xml
suspicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET –– 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
––
––
suspicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET –– 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
––
––
malicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET 403 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
xml
suspicious
3908 sample_72.exe GET 403 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
xml
suspicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET 403 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
xml
suspicious
3908 sample_72.exe GET 403 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
xml
suspicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET 403 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
xml
suspicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET –– 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
––
––
suspicious
3908 sample_72.exe GET –– 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
––
––
malicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET 403 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
xml
suspicious
3908 sample_72.exe GET 403 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
xml
malicious
3908 sample_72.exe GET 403 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
xml
suspicious
3908 sample_72.exe GET –– 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
––
––
suspicious
3908 sample_72.exe GET –– 95.211.184.67:80 http://cdneu.kitaracdn.com/ofr/BabylonToolbarV5.cis NL
––
––
malicious
3908 sample_72.exe GET –– 192.96.201.161:80 http://cdnus.kitaracdn.com/ofr/BabylonToolbarV5.cis US
––
––
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3908 sample_72.exe 192.96.201.161:80 Leaseweb USA, Inc. US suspicious
3908 sample_72.exe 95.211.184.67:80 LeaseWeb Netherlands B.V. NL malicious
3908 sample_72.exe 52.214.73.247:80 Amazon.com, Inc. IE malicious
–– –– 95.211.184.67:80 LeaseWeb Netherlands B.V. NL malicious
–– –– 192.96.201.161:80 Leaseweb USA, Inc. US suspicious

DNS requests

Domain IP Reputation
os.kitaracdn.com No response unknown
cdnus.kitaracdn.com 192.96.201.161
suspicious
cdneu.kitaracdn.com 95.211.184.67
unknown
rp.kitaracdn.com 52.214.73.247
54.194.149.175
malicious

Threats

No threats detected.

Debug output strings

No debug info.