Edit tour

Windows Analysis Report
http://xn--r1a.website/s/ogorodru

Overview

General Information

Sample URL:	http://xn--r1a.website/s/ogorodru
Analysis ID:	1514812
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Connects to several IPs in different countries

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4900 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1880 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1720,i,7126892294250420465,11752881237129370253,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6356 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://xn--r1a.website/s/ogorodru" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /adfoxhb HTTP/1.1Host: ssp.hybrid.aiConnection: keep-aliveContent-Length: 368sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plainAccept: */*Origin: http://xn--r1a.websiteSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://xn--r1a.website/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Fri, 20 Sep 2024 22:49:21 GMTContent-Type: text/htmlContent-Length: 571Connection: close

Source: chromecache_200.2.dr, chromecache_330.2.dr	String found in binary or memory: http://ads.alfasense.net/adserver/www/delivery/asyncspc.php
Source: chromecache_255.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_255.2.dr	String found in binary or memory: http://getbootstrap.com/customize/?id=92d2ac1b31978642b6b6)
Source: chromecache_190.2.dr, chromecache_240.2.dr	String found in binary or memory: http://my.opera.com/emoller/blog/2011/12/20/requestanimationframe-for-smart-er-animating
Source: chromecache_190.2.dr, chromecache_240.2.dr	String found in binary or memory: http://paulirish.com/2011/requestanimationframe-for-smart-animating/
Source: chromecache_200.2.dr, chromecache_330.2.dr	String found in binary or memory: https://ads.alfasense.net/adserver/www/delivery/asyncspc.php
Source: chromecache_244.2.dr, chromecache_306.2.dr	String found in binary or memory: https://ctx.weborama.com/api/profile
Source: chromecache_244.2.dr, chromecache_306.2.dr	String found in binary or memory: https://dx.frontend.weborama.com/collect
Source: chromecache_244.2.dr, chromecache_306.2.dr	String found in binary or memory: https://dx.frontend.weborama.com/videos
Source: chromecache_255.2.dr	String found in binary or memory: https://gist.github.com/92d2ac1b31978642b6b6
Source: chromecache_255.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_209.2.dr	String found in binary or memory: https://oauth.telegram.org
Source: chromecache_209.2.dr	String found in binary or memory: https://oauth.tg.dev
Source: chromecache_321.2.dr	String found in binary or memory: https://osx.telegram.org/updates/site/artboard.png)
Source: chromecache_321.2.dr	String found in binary or memory: https://osx.telegram.org/updates/site/artboard_2x.png);
Source: chromecache_218.2.dr, chromecache_248.2.dr, chromecache_326.2.dr, chromecache_209.2.dr	String found in binary or memory: https://post.tg.dev
Source: chromecache_218.2.dr, chromecache_248.2.dr, chromecache_326.2.dr, chromecache_209.2.dr	String found in binary or memory: https://t.me
Source: chromecache_218.2.dr, chromecache_248.2.dr, chromecache_326.2.dr, chromecache_209.2.dr	String found in binary or memory: https://telegram-js.azureedge.net
Source: chromecache_218.2.dr, chromecache_248.2.dr, chromecache_326.2.dr, chromecache_209.2.dr	String found in binary or memory: https://telegram.org
Source: chromecache_218.2.dr, chromecache_248.2.dr, chromecache_326.2.dr, chromecache_209.2.dr	String found in binary or memory: https://tg.dev

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 65095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 65036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 65013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 64995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65077
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 65096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65070
Source: unknown	Network traffic detected: HTTP traffic on port 65050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65069
Source: unknown	Network traffic detected: HTTP traffic on port 65012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65084
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 65085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 65001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65080
Source: unknown	Network traffic detected: HTTP traffic on port 65138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65081
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65096
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65097
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65098
Source: unknown	Network traffic detected: HTTP traffic on port 65023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65092
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65090
Source: unknown	Network traffic detected: HTTP traffic on port 65116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 65062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64990
Source: unknown	Network traffic detected: HTTP traffic on port 65022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64988
Source: unknown	Network traffic detected: HTTP traffic on port 65074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64984
Source: unknown	Network traffic detected: HTTP traffic on port 65103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64986
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64999
Source: unknown	Network traffic detected: HTTP traffic on port 65052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64992
Source: unknown	Network traffic detected: HTTP traffic on port 65010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64993
Source: unknown	Network traffic detected: HTTP traffic on port 65033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 65041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 65097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65033
Source: unknown	Network traffic detected: HTTP traffic on port 65092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65032
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65026
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65025
Source: unknown	Network traffic detected: HTTP traffic on port 65108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65029
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65040
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65041
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65042
Source: unknown	Network traffic detected: HTTP traffic on port 65039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65043
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65037
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65036
Source: unknown	Network traffic detected: HTTP traffic on port 64993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65039
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65050
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65054
Source: unknown	Network traffic detected: HTTP traffic on port 65046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65048
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65047
Source: unknown	Network traffic detected: HTTP traffic on port 64992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65062
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65060
Source: unknown	Network traffic detected: HTTP traffic on port 65016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65065
Source: unknown	Network traffic detected: HTTP traffic on port 65058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65059
Source: unknown	Network traffic detected: HTTP traffic on port 65069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65058
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65111
Source: unknown	Network traffic detected: HTTP traffic on port 65038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65109
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 65047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65103
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65120
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 65070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65113
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49768 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@28/232@202/72

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1720,i,7126892294250420465,11752881237129370253,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://xn--r1a.website/s/ogorodru"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1720,i,7126892294250420465,11752881237129370253,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report
http://xn--r1a.website/s/ogorodru

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 193.232.150.148
Source: unknown	TCP traffic detected without corresponding DNS query: 193.232.150.148
Source: unknown	TCP traffic detected without corresponding DNS query: 193.232.150.148
Source: unknown	TCP traffic detected without corresponding DNS query: 167.235.7.148
Source: unknown	TCP traffic detected without corresponding DNS query: 167.235.7.148
Source: unknown	TCP traffic detected without corresponding DNS query: 167.235.7.148
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 167.235.7.148
Source: unknown	TCP traffic detected without corresponding DNS query: 167.235.7.148
Source: unknown	TCP traffic detected without corresponding DNS query: 167.235.7.148
Source: unknown	TCP traffic detected without corresponding DNS query: 167.235.7.148
Source: unknown	TCP traffic detected without corresponding DNS query: 167.235.7.148
Source: unknown	TCP traffic detected without corresponding DNS query: 167.235.7.148
Source: unknown	TCP traffic detected without corresponding DNS query: 193.232.150.148
Source: unknown	TCP traffic detected without corresponding DNS query: 193.232.150.148
Source: unknown	TCP traffic detected without corresponding DNS query: 167.235.7.148
Source: unknown	TCP traffic detected without corresponding DNS query: 193.232.150.148
Source: unknown	TCP traffic detected without corresponding DNS query: 193.232.150.148
Source: unknown	TCP traffic detected without corresponding DNS query: 193.232.150.148
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 193.232.150.148
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.108.196
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.108.196
Source: unknown	TCP traffic detected without corresponding DNS query: 195.201.108.196
Source: unknown	TCP traffic detected without corresponding DNS query: 193.232.150.148
Source: unknown	TCP traffic detected without corresponding DNS query: 193.232.150.148
Source: unknown	TCP traffic detected without corresponding DNS query: 193.232.150.148
Source: unknown	TCP traffic detected without corresponding DNS query: 193.232.150.148
Source: unknown	TCP traffic detected without corresponding DNS query: 193.232.150.148

Source: global traffic	DNS traffic detected: DNS query: xn--r1a.website
Source: global traffic	DNS traffic detected: DNS query: telegram.org
Source: global traffic	DNS traffic detected: DNS query: cdn4.cdn-telegram.org
Source: global traffic	DNS traffic detected: DNS query: yandex.ru
Source: global traffic	DNS traffic detected: DNS query: tttttt.me
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: matchid.adfox.yandex.ru
Source: global traffic	DNS traffic detected: DNS query: ads.digitalcaramel.com
Source: global traffic	DNS traffic detected: DNS query: ads.betweendigital.com
Source: global traffic	DNS traffic detected: DNS query: yhb.p.otm-r.com
Source: global traffic	DNS traffic detected: DNS query: px.adhigh.net
Source: global traffic	DNS traffic detected: DNS query: ad.mail.ru
Source: global traffic	DNS traffic detected: DNS query: ssp.bidvol.com
Source: global traffic	DNS traffic detected: DNS query: ssp-rtb.sape.ru
Source: global traffic	DNS traffic detected: DNS query: exchange.buzzoola.com
Source: global traffic	DNS traffic detected: DNS query: ssp.hybrid.ai
Source: global traffic	DNS traffic detected: DNS query: pb.adriver.ru
Source: global traffic	DNS traffic detected: DNS query: kimberlite.io
Source: global traffic	DNS traffic detected: DNS query: pbs.alfasense.com
Source: global traffic	DNS traffic detected: DNS query: yastatic.net
Source: global traffic	DNS traffic detected: DNS query: avatars.mds.yandex.net
Source: global traffic	DNS traffic detected: DNS query: mc.yandex.ru
Source: global traffic	DNS traffic detected: DNS query: ads.adfox.ru
Source: global traffic	DNS traffic detected: DNS query: cdn.alfasense.net
Source: global traffic	DNS traffic detected: DNS query: cs.alfasense.com
Source: global traffic	DNS traffic detected: DNS query: cstatic.weborama.com
Source: global traffic	DNS traffic detected: DNS query: ad.adriver.ru
Source: global traffic	DNS traffic detected: DNS query: const.uno
Source: global traffic	DNS traffic detected: DNS query: v.alfasrv.com
Source: global traffic	DNS traffic detected: DNS query: dx.frontend.weborama.com
Source: global traffic	DNS traffic detected: DNS query: ssp.otm-r.com
Source: global traffic	DNS traffic detected: DNS query: s.alfasrv.com
Source: global traffic	DNS traffic detected: DNS query: acint.net
Source: global traffic	DNS traffic detected: DNS query: a.videohead.tech
Source: global traffic	DNS traffic detected: DNS query: s.suprion.ru
Source: global traffic	DNS traffic detected: DNS query: sync.bumlam.com
Source: global traffic	DNS traffic detected: DNS query: sync.rambler.ru
Source: global traffic	DNS traffic detected: DNS query: www.acint.net
Source: global traffic	DNS traffic detected: DNS query: cs.agency2.ru
Source: global traffic	DNS traffic detected: DNS query: ssp.al-adtech.com
Source: global traffic	DNS traffic detected: DNS query: sync.adspend.space
Source: global traffic	DNS traffic detected: DNS query: a.adiam.tech
Source: global traffic	DNS traffic detected: DNS query: x01.aidata.io
Source: global traffic	DNS traffic detected: DNS query: alfasense-sync.rutarget.ru
Source: global traffic	DNS traffic detected: DNS query: mc.acint.net
Source: global traffic	DNS traffic detected: DNS query: sm.rtb.mts.ru
Source: global traffic	DNS traffic detected: DNS query: a.utraff.com
Source: global traffic	DNS traffic detected: DNS query: ev.adriver.ru
Source: global traffic	DNS traffic detected: DNS query: match.ohmy.bid
Source: global traffic	DNS traffic detected: DNS query: vma.mts.ru
Source: global traffic	DNS traffic detected: DNS query: rtb.segmel.io
Source: global traffic	DNS traffic detected: DNS query: sync.opendsp.ru
Source: global traffic	DNS traffic detected: DNS query: s.uuidksinc.net
Source: global traffic	DNS traffic detected: DNS query: cm.a.mts.ru
Source: global traffic	DNS traffic detected: DNS query: match.new-programmatic.com
Source: global traffic	DNS traffic detected: DNS query: rtb.dynotech.io
Source: global traffic	DNS traffic detected: DNS query: 2348964281726872543783.cm.a.mts.ru
Source: global traffic	DNS traffic detected: DNS query: sync.dmp.otm-r.com
Source: global traffic	DNS traffic detected: DNS query: sync.programmatica.com
Source: global traffic	DNS traffic detected: DNS query: sape-sync.rutarget.ru
Source: global traffic	DNS traffic detected: DNS query: match.qtarget.tech
Source: global traffic	DNS traffic detected: DNS query: sync.upravel.com
Source: global traffic	DNS traffic detected: DNS query: ads.alfasense.net
Source: global traffic	DNS traffic detected: DNS query: dmp.sbermarketing.ru
Source: global traffic	DNS traffic detected: DNS query: sync.gonet-ads.com
Source: global traffic	DNS traffic detected: DNS query: solta-sync.rutarget.ru
Source: global traffic	DNS traffic detected: DNS query: 1a499899-1e99-4cfb-8b72-6faaa7f572f3.sync.upravel.com
Source: global traffic	DNS traffic detected: DNS query: x.bidswitch.net
Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: oauth.tg.dev

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://xn--r1a.website/s/ogorodru

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
http://xn--r1a.website/s/ogorodru