URL: | https://www.thewindowsclub.com |
Full analysis: | https://app.any.run/tasks/d875e43a-2956-4b41-8e48-26b762c6b876 |
Verdict: | Malicious activity |
Analysis date: | January 25, 2022, 02:00:00 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | C24FF8F4A2DA697123DEF04F69833D8B |
SHA1: | 1613C65493BFF2DBEE53D3E12FE7136E06935865 |
SHA256: | 51F01260D5E3A54BA5F5027BD4E44B626C6DEDECAC861E8B874EB55FD269B004 |
SSDEEP: | 3:N8DSLUSM1KcY2n:2OLLaKcY2n |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1944 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://www.thewindowsclub.com" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3648 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1944 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3648 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | der | |
MD5:8CD7E90C9F52DCC22A188DB1D82D4356 | SHA256:F3F9DC32585CEBC0A478458DF911980CF546F8DAB032649EC676B7D243A4F46F | |||
3648 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\nmash[1].js | text | |
MD5:B898FF9F849D68A8087270787BE559C4 | SHA256:FFB648200F12E9E83C7A7D94892271C74F23B39D6F77B9DF5E21C96166A41ECB | |||
3648 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:898A9C5CD08CE2C8486F9DA90CDC6082 | SHA256:0EB7EF151C4531203194AD423DA23D7A622CEFC27FC4FBF0D2F54398CC47F938 | |||
3648 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\8VO4EV34.txt | text | |
MD5:94985A1B9B8A585B144E5B9853D9AE78 | SHA256:623D9C8180142E009402EBAB3C4438B4218A640F14D82F3DF8C665E65F6AA182 | |||
3648 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\3O0QVCA1.htm | html | |
MD5:0F99CB94A5F2BE31937DDF3ED795A9A9 | SHA256:4461415A9CE3C2718E4260B11DD4EF2B2863B37205F3D3BE9D3362B9309CFCBE | |||
3648 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\R8M0IWIT.txt | text | |
MD5:FE34A49833ED17B0B00140E1814A90FF | SHA256:3FFD08BC56D69B2E7DB8E8F5CDA1D741A8A6E1F420D0685C277A70361F6D4DBC | |||
3648 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y2PCAOW3.txt | text | |
MD5:5CEB12FA52E7B46713C03D3BC35BF73B | SHA256:1BEB8F8FF2E32BEEE3B93AF8DE86C1CD9327405BB96420A521979CC7FAA6DB17 | |||
3648 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\4F4BWBJW.txt | text | |
MD5:D576CEDC883F08D8B7988B50B9628C03 | SHA256:F3F63EB68555070DC6C8F41A604D7C6DC7C5AB228EC0C6A5A3FCC528C0FC861B | |||
3648 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\52MGEK67.txt | text | |
MD5:C997E1210E4A6D4974C6E42FFA77CBAB | SHA256:757B8CFC3512D5503385C22AB897B67CE03020D310237CDE4E77B4D773C94912 | |||
3648 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\PGLMABXR.txt | text | |
MD5:9A67175D834CF6D989126A6BE77BB012 | SHA256:3E21A934C13666D33497AF7FCC761F25398B9BA49EFE28E33DF2A631DB852E6C |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3648 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
3648 | iexplore.exe | GET | 200 | 104.73.131.204:80 | http://x1.c.lencr.org/ | NL | der | 717 b | whitelisted |
3648 | iexplore.exe | GET | 200 | 95.100.96.192:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgOl8EtXdRi%2BYHzRh7CMwrmtJw%3D%3D | unknown | der | 503 b | shared |
3648 | iexplore.exe | GET | 200 | 142.251.36.3:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCrvyQ4GllugQoAAAABK4Az | US | der | 472 b | whitelisted |
3648 | iexplore.exe | GET | 200 | 18.66.242.45:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D | US | der | 1.39 Kb | shared |
1944 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
3648 | iexplore.exe | GET | 200 | 18.66.242.155:80 | http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | US | der | 1.51 Kb | whitelisted |
3648 | iexplore.exe | GET | 200 | 142.251.36.35:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQC2PrP09fGo%2BgoAAAABK3x6 | US | der | 472 b | whitelisted |
3648 | iexplore.exe | GET | 200 | 142.251.36.35:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
1944 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3648 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
3648 | iexplore.exe | 104.26.11.55:443 | www.thewindowsclub.com | Cloudflare Inc | US | unknown |
3648 | iexplore.exe | 142.250.179.138:443 | ajax.googleapis.com | Google Inc. | US | whitelisted |
3648 | iexplore.exe | 142.251.36.35:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
3648 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3648 | iexplore.exe | 142.251.36.3:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
3648 | iexplore.exe | 18.66.242.188:80 | o.ss2.us | Massachusetts Institute of Technology | US | unknown |
3648 | iexplore.exe | 65.9.79.193:443 | c.amazon-adsystem.com | AT&T Services, Inc. | US | unknown |
3648 | iexplore.exe | 65.9.82.129:443 | go.ezoic.net | AT&T Services, Inc. | US | unknown |
3648 | iexplore.exe | 172.217.168.200:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.thewindowsclub.com |
| malicious |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
c.amazon-adsystem.com |
| whitelisted |
ajax.googleapis.com |
| whitelisted |
go.ezoic.net |
| shared |
www.googletagmanager.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
o.ss2.us |
| whitelisted |
api.bing.com |
| whitelisted |