URL: | https://www.wintips.org/fix-windows-spotlight-not-working-in-windows-10/ |
Full analysis: | https://app.any.run/tasks/685fc9d6-ab01-4b39-bba2-299f79f091e5 |
Verdict: | Malicious activity |
Analysis date: | November 29, 2020, 20:50:32 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | B366561F9D4C106F51528EFA4249D198 |
SHA1: | 1C0C6578015B002F4FB147540F693AA59C99199D |
SHA256: | 4FAA5E9DC2959E469866AC48299F5521F4FEA33477C29133526750A9FCB4C046 |
SSDEEP: | 3:N8DSL0XJQKvnJMCUgKLBJzn:2OL0Xe2nJMZBJzn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2488 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://www.wintips.org/fix-windows-spotlight-not-working-in-windows-10/" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2320 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2488 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
(PID) Process: | (2488) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: 1653855362 | |||
(PID) Process: | (2488) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30852753 | |||
(PID) Process: | (2488) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (2488) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2488) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2488) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2488) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | write | Name: | ProxyEnable |
Value: 0 | |||
(PID) Process: | (2488) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
Operation: | write | Name: | SavedLegacySettings |
Value: 46000000A5000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000 | |||
(PID) Process: | (2488) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (2488) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2320 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab108.tmp | — | |
MD5:— | SHA256:— | |||
2320 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar109.tmp | — | |
MD5:— | SHA256:— | |||
2320 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\fix-windows-spotlight-not-working-in-windows-10[1].htm | html | |
MD5:7B9287ADE14CB27FD71B2B24F8FB74BE | SHA256:867A9FC8F453CCE49D9FD1D64DE038664091C718D9590F527F7443665EE8FDBC | |||
2320 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D | binary | |
MD5:A16D0484BD99C20052B0CE4765DB96E6 | SHA256:FA5143A8D962BF21307BC463ACD965EC61196022AAEA5235C700C7B48A611D8F | |||
2320 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\themify.common.min[1].css | text | |
MD5:3C8BB18EBDC43C7D6EC08C4D1CE54888 | SHA256:663E0AF0C5B75B44DDB5CB13E8D52EF5BB56803925C3C8FF182A9EA4960C4976 | |||
2320 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AB2D162084647023BAA247647AC86D73 | binary | |
MD5:112B9FAF42BA78E086CB943EFBB250DB | SHA256:D36BD8906420EAD9FDC8305CDDBD01EE1C1947974AC6AAEFC5675CA5CB642C42 | |||
2320 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AB2D162084647023BAA247647AC86D73 | der | |
MD5:0639449FD9C8CAF5B8B5575FFFEE96DA | SHA256:3CEEEEEB3A8C5C84909DB2450040B24E277524D78638B9252E46A09C39E8EA52 | |||
2320 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D | der | |
MD5:16986898F5EB5B997247119BD7AB7899 | SHA256:E6E2A5E9BEA4E7A7D6F6C928581842631741905B7F4ABEE95EBC77C274CC4787 | |||
2320 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E | binary | |
MD5:56BED2B1B0977D93CE3AC67F809B4456 | SHA256:561CAC58B1D766D6D652071519348AF1733E60B478B23613CFCCB03A9E0B23B6 | |||
2320 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E | der | |
MD5:CA57489FA2F5B061504F0D1F9DB09E44 | SHA256:862EA67B7FEA748A32F4AACB82523A4243B6911AAD51EF8FDD80D742FE31ACA6 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2320 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D | US | der | 471 b | whitelisted |
2320 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAQP1VfHStqP6z8BbhQy82Q%3D | US | der | 280 b | whitelisted |
2320 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D | US | der | 727 b | whitelisted |
2320 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | US | der | 471 b | whitelisted |
2320 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D | US | der | 727 b | whitelisted |
2320 | iexplore.exe | GET | 200 | 172.217.16.131:80 | http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDa2MTpyZrzlQgAAAAAYth4 | US | der | 472 b | whitelisted |
2320 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHyS0n8a7XlkXPybkI8Z7h4%3D | US | der | 471 b | whitelisted |
2320 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D | US | der | 471 b | whitelisted |
2320 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
2320 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2320 | iexplore.exe | 172.217.16.194:443 | pagead2.googlesyndication.com | Google Inc. | US | whitelisted |
2320 | iexplore.exe | 151.139.128.14:80 | ocsp.comodoca.com | Highwinds Network Group, Inc. | US | suspicious |
2320 | iexplore.exe | 172.217.12.170:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2320 | iexplore.exe | 151.139.240.28:443 | www.wintips.org | netDNA | US | unknown |
— | — | 151.139.128.14:80 | ocsp.comodoca.com | Highwinds Network Group, Inc. | US | suspicious |
2320 | iexplore.exe | 23.212.156.24:443 | contextual.media.net | GTT Communications Inc. | US | unknown |
2320 | iexplore.exe | 104.26.3.65:443 | cdn.orangeclickmedia.com | Cloudflare Inc | US | unknown |
2320 | iexplore.exe | 151.101.1.21:443 | www.paypal.com | Fastly | US | suspicious |
2320 | iexplore.exe | 151.101.12.157:443 | platform.twitter.com | Fastly | US | suspicious |
2320 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.wintips.org |
| suspicious |
ocsp.comodoca.com |
| whitelisted |
ocsp.usertrust.com |
| whitelisted |
ocsp.sectigo.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
pagead2.googlesyndication.com |
| whitelisted |
cdn.orangeclickmedia.com |
| unknown |
contextual.media.net |
| shared |
www.paypal.com |
| whitelisted |
www.lduhtrp.net |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
2320 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
2320 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |