URL: | https://go.cloudplatformonline.com/dc/I9bA9FdQfZoMOERShMVXdZ4hMzU-SacfCp1Rs5RDZLvbitdKLwCB6bUgdHWrYcW914UoMobsEl9uPf5avX7Pd92MmZ8pNyDVosIruqwc52FV0OeguW-6SuGO6VKl-JOdLm2H_ThPgBL-9AhHMMW1156hTl1IwjhFAEbfjdNzhneGs50fyCC2oNqxhdtTMRJWF3V76XxCScewYhNt_oX1kFxsgrMA_nW05ZbRUemE4o0raNiCBu-QMZPtkcEBPYoRuPMz8or-yGBmHfuiFj6YKZvJhVNuMWOsMTbuKXyazLoS0fUFyauX-6B4mGqEKopBS4F9F-7vFG_Cfj4g3hrpbrJj0BScmRexvpH-QMIViAo=/ODA4LUdKVy0zMTQAAAGCK5Oi2_3OmtKhGB7xrGSjV5Hd2V_7z0HiF1CMgqxl_9BeqJJ2xnK2pYrM2pvgCjtSDKkaW-I= |
Full analysis: | https://app.any.run/tasks/587b4bdb-83b5-4b02-9b62-6fd5c821ec89 |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 22:30:10 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 5154E2ADE4E834DB785D370788CE202D |
SHA1: | CC41DA4FF7451FE407AF69312D79349DBDC5A3A4 |
SHA256: | 3ABF7A47073FC2CB9EF07523DB5EACEA28C2E2F0731DCCCA015C5994AA9C3352 |
SSDEEP: | 12:2uFMDpW5wsRcL8tg1lqg7ngeCFq7felXm/l/5jK:2uFWW2PL8KHqI1v+m/lBW |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1404 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://go.cloudplatformonline.com/dc/I9bA9FdQfZoMOERShMVXdZ4hMzU-SacfCp1Rs5RDZLvbitdKLwCB6bUgdHWrYcW914UoMobsEl9uPf5avX7Pd92MmZ8pNyDVosIruqwc52FV0OeguW-6SuGO6VKl-JOdLm2H_ThPgBL-9AhHMMW1156hTl1IwjhFAEbfjdNzhneGs50fyCC2oNqxhdtTMRJWF3V76XxCScewYhNt_oX1kFxsgrMA_nW05ZbRUemE4o0raNiCBu-QMZPtkcEBPYoRuPMz8or-yGBmHfuiFj6YKZvJhVNuMWOsMTbuKXyazLoS0fUFyauX-6B4mGqEKopBS4F9F-7vFG_Cfj4g3hrpbrJj0BScmRexvpH-QMIViAo=/ODA4LUdKVy0zMTQAAAGCK5Oi2_3OmtKhGB7xrGSjV5Hd2V_7z0HiF1CMgqxl_9BeqJJ2xnK2pYrM2pvgCjtSDKkaW-I=" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2204 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1404 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3132 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" /o /eo /l /b /id 2204 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | — | iexplore.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe Acrobat Reader DC Exit code: 0 Version: 20.13.20064.405839 | ||||
3484 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" /o /eo /l /b /id 2204 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | iexplore.exe | |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe Acrobat Reader DC Version: 20.13.20064.405839 | ||||
3708 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer /o /eo /l /b /id 2204 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | — | AcroRd32.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe Acrobat Reader DC Version: 20.13.20064.405839 | ||||
3492 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | AcroRd32.exe | |
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Version: 20.13.20064.405839 | ||||
2792 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1172,14016979856695041089,15490836517861468709,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12211085806721434904 --renderer-client-id=2 --mojo-platform-channel-handle=1180 --allow-no-sandbox-job /prefetch:1 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | RdrCEF.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Version: 20.13.20064.405839 | ||||
3672 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1172,14016979856695041089,15490836517861468709,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=6662343693924202040 --mojo-platform-channel-handle=1216 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | RdrCEF.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Exit code: 1 Version: 20.13.20064.405839 | ||||
3808 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1172,14016979856695041089,15490836517861468709,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=10592643615040108339 --mojo-platform-channel-handle=1200 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | RdrCEF.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Exit code: 1 Version: 20.13.20064.405839 | ||||
2504 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1172,14016979856695041089,15490836517861468709,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=5010874836353703756 --mojo-platform-channel-handle=1472 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | RdrCEF.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Exit code: 1 Version: 20.13.20064.405839 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2204 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | der | |
MD5:0213524244EAF6A7E638BB1910432065 | SHA256:2CCB09AE116851A6DFF4849062A18092D522A05897CECB74DFCA383AA2DEA296 | |||
1404 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\ZBSCIOD9.txt | text | |
MD5:D7E1B880AA754DC1A6FA977975326B79 | SHA256:D9B394F60603894B8CD26F2E079AED5E6A39E22905F2BF22F7E806C75A6272D9 | |||
1404 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:FC990EAA7247546FB67C18916A4CAC9B | SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993 | |||
2204 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarF810.tmp | cat | |
MD5:D99661D0893A52A0700B8AE68457351A | SHA256:BDD5111162A6FA25682E18FA74E37E676D49CAFCB5B7207E98E5256D1EF0D003 | |||
2204 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\7VX24I3N.txt | text | |
MD5:EC1922805E9D9C0E8BB1D2376B4F2427 | SHA256:7F9DBE242664BEDC220D57E23AD73262E390088C4B532D06B0729F0CAB58E93E | |||
2204 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13 | der | |
MD5:34615E035F22E0F62ABB877EF4E65B52 | SHA256:77DA562E421B1004406EBDA1A1E2576B3B04D6D6E62BBDFF40B8C67E0A3C6486 | |||
2204 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13 | binary | |
MD5:40694685722A6AFCDA2D18A8EF1ED1CF | SHA256:8811F9DFD2520CE112FE1EA43619B85929A35A4B59CEF67BC341BA8CC64CEF46 | |||
2204 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:C04CC4D66D614213933B71D8436F0B46 | SHA256:4ACD4397DE6BC8EA15B014AA7056ECBE25258DA1752C7652A756E14186D04074 | |||
2204 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\google_cloud_global_idg_it_leaders_research_report_es[1].pdf | ||
MD5:F505FCC634DCA58FB1E7AC7934F9C401 | SHA256:E1ED3C5BC075276E7F0F7D05DCB59C50ADF641A2C03C2D05F4B16BC98AF42803 | |||
2204 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | binary | |
MD5:028AD946333A0FED08D6AFA1BC6C6924 | SHA256:632FAFABF39F52F7461C7F973C7B21A78AB589ED86ECDEB0E81816EDDEF3F333 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2204 | iexplore.exe | GET | 200 | 142.250.185.163:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIAjrICMzZli2TN25s%3D | US | der | 724 b | whitelisted |
3484 | AcroRd32.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
2204 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?4a60cee1206ff0b1 | US | compressed | 59.9 Kb | whitelisted |
2204 | iexplore.exe | GET | 200 | 142.250.185.163:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
2204 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5b810eac8f0d199b | US | compressed | 4.70 Kb | whitelisted |
1404 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
1404 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1404 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1404 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2204 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
1404 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2204 | iexplore.exe | 142.250.185.163:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
3492 | RdrCEF.exe | 2.21.141.61:443 | geo2.adobe.com | Telia Company AB | — | suspicious |
— | — | 2.21.141.61:443 | geo2.adobe.com | Telia Company AB | — | suspicious |
2204 | iexplore.exe | 104.17.74.206:443 | go.cloudplatformonline.com | Cloudflare Inc | US | shared |
1404 | iexplore.exe | 104.17.72.206:443 | go.cloudplatformonline.com | Cloudflare Inc | US | shared |
2204 | iexplore.exe | 104.17.72.206:443 | go.cloudplatformonline.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
go.cloudplatformonline.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
lp.cloudplatformonline.com |
| suspicious |
ocsp.digicert.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
geo2.adobe.com |
| whitelisted |