URL: | https://r1ch.net/projects/gameboosthd |
Full analysis: | https://app.any.run/tasks/179b6288-b852-41d3-9c13-950158e0f702 |
Verdict: | No threats detected |
Analysis date: | November 27, 2021, 08:04:33 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 5ACDB24EDA2D7A96602EA2DBC5EDEBA1 |
SHA1: | 51F1AA20E3E8048D98E663BAECC999C5A29B10A4 |
SHA256: | C7DE299061A3FAAC92A9107B92CD1DE1ED6254516695475FD4371A46FCE03A47 |
SSDEEP: | 3:N8KGR9UtPxan:2KGRStw |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1388 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://r1ch.net/projects/gameboosthd" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1984 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1388 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (1388) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (1388) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (1388) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30925669 | |||
(PID) Process: | (1388) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (1388) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30925669 | |||
(PID) Process: | (1388) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (1388) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (1388) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (1388) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (1388) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1984 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\style.min[1].css | text | |
MD5:A8F5A185A819CC7CFDC378AF639BE2CE | SHA256:963F9BD21BA4CBED73E92F10BB399BAE400C08411C7BF2D52522E2FCC05DC563 | |||
1984 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA | der | |
MD5:64E9B8BB98E2303717538CE259BEC57D | SHA256:76BD459EC8E467EFC3E3FB94CB21B9C77A2AA73C9D4C0F3FAF823677BE756331 | |||
1388 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].ico | image | |
MD5:3E009B7825EA27BBC2E6878C68F9E1C7 | SHA256:7609406891F0D602218E2C07F44252D358E7687687E025E0232C0CE705DF0D09 | |||
1984 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 | binary | |
MD5:BEDD00A8193863847656F242388024A4 | SHA256:5E1230A1D88E648F8DE99359820202562F2A2B3E3D790F2996BE2FCCBFE70CD0 | |||
1984 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:1FAEBB8DDD0CBE579445A2B8FBEC6892 | SHA256:C8D1035BC3C1963354BE51BC722CC8DB5CEF2BD8D68E22A71193649BEB71C6A0 | |||
1388 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | der | |
MD5:B7B896FAF221C49B0A63EB3EF40B924E | SHA256:1E9C1A6EFB968F3F254FCB5839CF8F93BE7BFE9757B3CC922B0369AB39C122B6 | |||
1984 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | der | |
MD5:02FE2CBFE0D5F959D6874EE44D155094 | SHA256:80580F65DB38C06AA48E46A440C77B7B207C0832F3E4FFC3D9E0197FBC862941 | |||
1984 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_751FF48C433126F519D73CADF27D4637 | der | |
MD5:5B55E1EC7FD318491E2E1B28F2C1263D | SHA256:CB8591C49DA9C748693130F9B84A3615CB050BFFD573CAD360F1EBBD118858F3 | |||
1984 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA | binary | |
MD5:2D87394EE999767C4E1BBA9AE9B0DCB2 | SHA256:16A59682F75286717E60D8FFC443626D925600FE9CA3FEE5E60FCBD4F72CC100 | |||
1984 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\gameboosthd[1].htm | html | |
MD5:6BEC9A8DEE39546396527573BDD8E0CA | SHA256:B0864CAE454941A1C8F3427A1B584DE4A7B44B2D6BF10BEFDB3227E681CA9C43 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1984 | iexplore.exe | GET | 200 | 142.250.185.131:80 | http://crl.pki.goog/gsr1/gsr1.crl | US | der | 1.61 Kb | whitelisted |
1984 | iexplore.exe | GET | 200 | 104.96.143.115:80 | http://x1.c.lencr.org/ | NL | der | 717 b | whitelisted |
1984 | iexplore.exe | GET | 200 | 142.250.185.131:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
1388 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
1388 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
1984 | iexplore.exe | GET | 200 | 142.250.185.131:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEBNzeIPdyOrFCgAAAAEZU2c%3D | US | der | 471 b | whitelisted |
1984 | iexplore.exe | GET | 200 | 142.250.185.131:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
1984 | iexplore.exe | GET | 200 | 95.100.146.43:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b086c06aba71882d | unknown | compressed | 4.70 Kb | whitelisted |
1984 | iexplore.exe | GET | 200 | 95.100.146.43:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6870b50d7d20fc33 | unknown | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1388 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1388 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1984 | iexplore.exe | 142.250.185.131:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
1388 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1984 | iexplore.exe | 142.4.216.103:443 | r1ch.net | OVH SAS | CA | suspicious |
1388 | iexplore.exe | 142.4.216.103:443 | r1ch.net | OVH SAS | CA | suspicious |
1984 | iexplore.exe | 104.96.143.115:80 | x1.c.lencr.org | Akamai Technologies, Inc. | NL | unknown |
— | — | 142.250.185.131:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
1984 | iexplore.exe | 142.250.184.195:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
1984 | iexplore.exe | 95.100.146.43:80 | ctldl.windowsupdate.com | Akamai Technologies, Inc. | — | unknown |
Domain | IP | Reputation |
---|---|---|
r1ch.net |
| suspicious |
ctldl.windowsupdate.com |
| whitelisted |
x1.c.lencr.org |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
crl.pki.goog |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |