URL: | http://us06web.zoom.us/ |
Full analysis: | https://app.any.run/tasks/f7a22079-1dc2-4c1c-949d-bf542f7108a2 |
Verdict: | No threats detected |
Analysis date: | December 01, 2020, 01:49:59 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | A65EA87D6224FEAD5F5E2806488C8E7B |
SHA1: | 5EE014E4A285BFB59A4311177D261B7E02108BDE |
SHA256: | 55DF31CE9B9AE23DAAA998886288270FAD2F6B8AE93399F9EAF26207BCEEF028 |
SSDEEP: | 3:N1KLSeAHVILQNn:CrA19n |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2372 | "C:\Program Files\Internet Explorer\iexplore.exe" http://us06web.zoom.us/ | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
688 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2372 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
688 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab39AC.tmp | — | |
MD5:— | SHA256:— | |||
688 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar39AD.tmp | — | |
MD5:— | SHA256:— | |||
688 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\4R08ZCSK.txt | — | |
MD5:— | SHA256:— | |||
688 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E11E75149C17A93653DA7DC0B8CF53F_2173A5671C7C600DA09AB50BB10ACD80 | — | |
MD5:— | SHA256:— | |||
688 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\solution_marketplace[1].png | image | |
MD5:607F178E60E5E2DBAA8D8F9666D4D8C1 | SHA256:36EC2FFC13D36C303DF0ED5DA3F68A689A72EE325D2D57CDA71BE0CA7F5502FA | |||
688 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 | der | |
MD5:E19B68DD67112E91F6968B816E1D410D | SHA256:758E5892536C8DCEBEC776A594B53534CACDE68BD9815B6B1C2CAF5FD89AF915 | |||
688 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 | binary | |
MD5:D66C086E6925CC80701AD87304364BD7 | SHA256:1DBB72E9CBDF22AD0A84EB2E0215620E9A6C42ADDEDEEA7A1A9CA515CDE3D805 | |||
688 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1E11E75149C17A93653DA7DC0B8CF53F_2173A5671C7C600DA09AB50BB10ACD80 | der | |
MD5:0694E603CA2A06BFFB852033C4E6B917 | SHA256:1D792CA0E755828ADDC20CF31D4A19106542936C8BDBAD81B2F8D3D70E54AEB9 | |||
688 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\JYK7K7B1.txt | text | |
MD5:A3D4A6F87A55B3B3A7859DEA7BE711B5 | SHA256:42796694901E1D77B626C0CFF731DEE5E186BF31D1D839F4E80B16656DDE5C20 | |||
688 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\EDCDM9OF.htm | html | |
MD5:7089A8788103F2941B6B7E981954E543 | SHA256:FE3CC99F214AE528066A9A71E341ACE2CEB8A40E8CFE20288C3688E29A5B13AA |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
688 | iexplore.exe | GET | 304 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEAiD6oCkBJ7Dc0p019Hmj9U%3D | US | der | 471 b | whitelisted |
688 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEAiD6oCkBJ7Dc0p019Hmj9U%3D | US | der | 471 b | whitelisted |
688 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
688 | iexplore.exe | GET | 301 | 3.235.71.222:80 | http://us06web.zoom.us/ | US | html | 161 b | suspicious |
688 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEAiD6oCkBJ7Dc0p019Hmj9U%3D | US | der | 471 b | whitelisted |
688 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEAiD6oCkBJ7Dc0p019Hmj9U%3D | US | der | 471 b | whitelisted |
688 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEAiD6oCkBJ7Dc0p019Hmj9U%3D | US | der | 471 b | whitelisted |
688 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEAiD6oCkBJ7Dc0p019Hmj9U%3D | US | der | 471 b | whitelisted |
688 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEAiD6oCkBJ7Dc0p019Hmj9U%3D | US | der | 471 b | whitelisted |
688 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEAiD6oCkBJ7Dc0p019Hmj9U%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
688 | iexplore.exe | 3.235.71.222:443 | us06web.zoom.us | — | US | unknown |
688 | iexplore.exe | 65.9.68.2:443 | us06st1.zoom.us | AT&T Services, Inc. | US | unknown |
688 | iexplore.exe | 65.9.68.109:443 | us06st1.zoom.us | AT&T Services, Inc. | US | malicious |
688 | iexplore.exe | 3.235.71.222:80 | us06web.zoom.us | — | US | unknown |
688 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
688 | iexplore.exe | 65.9.68.121:443 | consent.trustarc.com | AT&T Services, Inc. | US | unknown |
688 | iexplore.exe | 23.51.123.27:80 | s.symcd.com | Akamai Technologies, Inc. | NL | whitelisted |
688 | iexplore.exe | 65.9.68.72:443 | static.ada.support | AT&T Services, Inc. | US | suspicious |
688 | iexplore.exe | 65.9.70.66:443 | d24cgw3uvb9a9h.cloudfront.net | AT&T Services, Inc. | US | unknown |
— | — | 142.250.74.200:443 | www.googletagmanager.com | Google Inc. | US | suspicious |
Domain | IP | Reputation |
---|---|---|
us06web.zoom.us |
| suspicious |
ocsp.digicert.com |
| whitelisted |
us06st1.zoom.us |
| suspicious |
us06st2.zoom.us |
| suspicious |
us06st3.zoom.us |
| suspicious |
d24cgw3uvb9a9h.cloudfront.net |
| shared |
static.ada.support |
| whitelisted |
consent.trustarc.com |
| shared |
s.symcd.com |
| shared |
o.ss2.us |
| whitelisted |