URL: | http://fwtrack.onlinecomplianceexperts.com/v1/clk/J9XhUUeDQqObm53L-mEkZA,bOzwuwbPR-O1ULgEme9VmA,1,aHR0cHM6Ly9vbmxpbmVjb21wbGlhbmNlZXhwZXJ0cy5jb20vd2ViaW5hci92YWxpZGF0aW9uLW9mLWhwbGMtdXBsYy1tZXRob2RvbG9naWVzLS01MDAxNTRMSVZFP2NoYW5uZWw9bWFpbGVyJmNhbXA9d2ViaW5hciZBZEdyb3VwPUpPSE5fRkVUWkVSX0pBTjEyX05PVjI0X0ZX |
Full analysis: | https://app.any.run/tasks/30e0ac45-3374-4c4b-8a1e-795831517df2 |
Verdict: | Malicious activity |
Analysis date: | January 14, 2022, 20:08:35 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | DDF0461455067B560AEFE644B6B369F7 |
SHA1: | C03BB7525EFF991596C940AA2182CC19EC9B1272 |
SHA256: | 8D3F04E804CA3D0FBFD308DF2CB59410A8AD2A2F82281406F9D139A79A37687E |
SSDEEP: | 6:CY06uqBqod8rAq7leSCbSdXjljllJcLDx1p7e5a6HnVRPR26:N06Lko5q7YS+SVjTgDx77e5nHVRPRR |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2520 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://fwtrack.onlinecomplianceexperts.com/v1/clk/J9XhUUeDQqObm53L-mEkZA,bOzwuwbPR-O1ULgEme9VmA,1,aHR0cHM6Ly9vbmxpbmVjb21wbGlhbmNlZXhwZXJ0cy5jb20vd2ViaW5hci92YWxpZGF0aW9uLW9mLWhwbGMtdXBsYy1tZXRob2RvbG9naWVzLS01MDAxNTRMSVZFP2NoYW5uZWw9bWFpbGVyJmNhbXA9d2ViaW5hciZBZEdyb3VwPUpPSE5fRkVUWkVSX0pBTjEyX05PVjI0X0ZX" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3608 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2520 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3608 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\RQ9S7RGC.txt | text | |
MD5:7084DC533821B4E2329DCAB1E76C9628 | SHA256:8779939199C0EC28CE4F9D6548C6E7FA3FB3387044EB9CE4C9DD8D7A8FEAAB73 | |||
3608 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D | der | |
MD5:9F5C332539FF7C2BF0BA9B99444156A9 | SHA256:83A27C09074691CE88573138CADFF27A8DB9F7914219DAC3987CF5C9ECA68A28 | |||
2520 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:FB0E2C2BF4A3B1E818EA81D9338DE714 | SHA256:38F6E0FF7F6DF185C8E0D8676B7F0DC11B8910AF3E095BD76F2E42DD1FE47C31 | |||
3608 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | binary | |
MD5:5616A564A310A397DDC1D2EE9CC119AD | SHA256:1841A1E4C104D2356C587C6AF2DD013699C11A3EFDFCB4FF67BF79BE03E4B93E | |||
3608 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\22ED6C3CFEB1FE4BC6E2F7C8576F6050_7B7E12AAF4FED208F53CC9E5D4C72288 | der | |
MD5:89BA2789DA6F98CDE7A9F2CF4A62D704 | SHA256:78D0962DC2D11FD05C78BC414BFA68F91F4836E2DDAEC597BEBBD0D4191BC030 | |||
3608 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_979AB563CEB98F2581C14ED89B8957D4 | binary | |
MD5:8104E5B46AB810B53CC3E13114C83E17 | SHA256:0FB3A6686FC218CD560EAB6F21477CC99D7C1A7C4C3004C76DBA211F900D0BE3 | |||
3608 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771 | der | |
MD5:9049DD95B5F6FCA24CEEE4C6B3E6A5E8 | SHA256:694B2C932E123D40BB3786CE92F9F36AEE9F476089628034C28ECE87EBFDC10A | |||
3608 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_979AB563CEB98F2581C14ED89B8957D4 | der | |
MD5:AB529F1B0045DF11A83724817C0E37CE | SHA256:E25DC402AB339AAD78F82203531562FBD0F14DF21558A329C41ED037B2B4A222 | |||
2520 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:109ED3996715188811F8F367B4D9A64F | SHA256:ED08213CB38100A5079D3E1B01A23CA318D32DB85A71ACB9C622B48E32420C93 | |||
3608 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D | binary | |
MD5:9A0E9A3F9D8BDD9F93D857A5355372BB | SHA256:887CA19DEA4E99D31796CBC2966E12F944938D7E51C046C86F488041A5ACA2DC |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3608 | iexplore.exe | GET | 200 | 192.124.249.23:80 | http://ocsp.godaddy.com//MEowSDBGMEQwQjAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCQDRaSKINJvQwA%3D%3D | US | der | 1.74 Kb | whitelisted |
3608 | iexplore.exe | GET | 302 | 15.207.128.156:80 | http://fwtrack.onlinecomplianceexperts.com/v1/clk/J9XhUUeDQqObm53L-mEkZA,bOzwuwbPR-O1ULgEme9VmA,1,aHR0cHM6Ly9vbmxpbmVjb21wbGlhbmNlZXhwZXJ0cy5jb20vd2ViaW5hci92YWxpZGF0aW9uLW9mLWhwbGMtdXBsYy1tZXRob2RvbG9naWVzLS01MDAxNTRMSVZFP2NoYW5uZWw9bWFpbGVyJmNhbXA9d2ViaW5hciZBZEdyb3VwPUpPSE5fRkVUWkVSX0pBTjEyX05PVjI0X0ZX | US | html | 372 b | unknown |
3608 | iexplore.exe | GET | 200 | 216.58.212.163:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
3608 | iexplore.exe | GET | 200 | 104.18.30.182:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | US | der | 471 b | whitelisted |
3608 | iexplore.exe | GET | 200 | 104.18.30.182:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | US | der | 471 b | whitelisted |
3608 | iexplore.exe | GET | 200 | 216.58.212.163:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
3608 | iexplore.exe | GET | 200 | 104.18.30.182:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEBblhnjgcJQ5S9%2FbTvymO98%3D | US | der | 471 b | whitelisted |
3608 | iexplore.exe | GET | 200 | 192.124.249.23:80 | http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D | US | der | 1.66 Kb | whitelisted |
2520 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
3608 | iexplore.exe | GET | 200 | 192.124.249.23:80 | http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D | US | der | 1.69 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2520 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 15.207.128.156:80 | fwtrack.onlinecomplianceexperts.com | Hewlett-Packard Company | US | unknown |
3608 | iexplore.exe | 192.124.249.23:80 | ocsp.godaddy.com | Sucuri | US | suspicious |
3608 | iexplore.exe | 199.119.121.22:443 | onlinecomplianceexperts.com | Contegix | US | suspicious |
3608 | iexplore.exe | 15.206.62.69:80 | fwtrack.onlinecomplianceexperts.com | Hewlett-Packard Company | US | unknown |
3608 | iexplore.exe | 104.18.70.113:443 | static.zdassets.com | Cloudflare Inc | US | shared |
3608 | iexplore.exe | 15.207.128.156:80 | fwtrack.onlinecomplianceexperts.com | Hewlett-Packard Company | US | unknown |
2520 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2520 | iexplore.exe | 67.27.157.126:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
3608 | iexplore.exe | 142.250.186.78:443 | apis.google.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
fwtrack.onlinecomplianceexperts.com |
| unknown |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
onlinecomplianceexperts.com |
| suspicious |
ocsp.godaddy.com |
| whitelisted |
static.zdassets.com |
| whitelisted |
seal.godaddy.com |
| whitelisted |
script.opentracker.net |
| unknown |