URL: | https://get.uhfrl.com/?pid=58491&subid=38863&clickid=4ECCAED0-125E-11EB-9E88-2F0206A31716 |
Full analysis: | https://app.any.run/tasks/6619d78a-d817-4564-8513-dda308ec3a50 |
Verdict: | Malicious activity |
Analysis date: | October 19, 2020, 23:45:21 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 5D4A0D9B2AF20A9C76A2D41BC0143D08 |
SHA1: | 99F351C41D4A66E6F889E59A9F0C2F165CA4371A |
SHA256: | AE2817A1A204913A95D9A7A4AF6EA5773BDB671EAF15821E8D84535BEB19BEBE |
SSDEEP: | 3:N8hmiQqWDGJMSYRgjsNr2zju:2kzqvCrR4sNr2zq |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2804 | "C:\Program Files\Internet Explorer\iexplore.exe" https://get.uhfrl.com/?pid=58491&subid=38863&clickid=4ECCAED0-125E-11EB-9E88-2F0206A31716 | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2564 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2804 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2564 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab595F.tmp | — | |
MD5:— | SHA256:— | |||
2564 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar5960.tmp | — | |
MD5:— | SHA256:— | |||
2564 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\SQ6LE2S0.txt | — | |
MD5:— | SHA256:— | |||
2564 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\18QCRQBW.txt | — | |
MD5:— | SHA256:— | |||
2804 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2564 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_4294EA829AAFEC507E6107814324BB14 | binary | |
MD5:68A0A2427ECF283950AA8462875B4EFB | SHA256:B205F86706D7445D14D0E98E5FEF144BA2E8208E9E919C67C50522B30EDE5A3D | |||
2564 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\L3I6PWH6.txt | text | |
MD5:D93D15073DAF87E77CCD8683DEC3BABF | SHA256:8C4492A60283CFBBCE22FE24137416A38AFE2A2D3F68789699654170E3CE8379 | |||
2564 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | der | |
MD5:3723741C1AA80B2A2A7B00DD6B287332 | SHA256:813E1EB25265A8393B42848323A14C17C233E7DCA9C5E6996C95734F2498969C | |||
2564 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_4294EA829AAFEC507E6107814324BB14 | der | |
MD5:72E5D497CBC4526DAA6813C61DF908D9 | SHA256:7D6CA838EA0CE79E1321D7DB7530F9DCF9FD3C9CAE0201BD7979FC9E65854A15 | |||
2564 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_8DAA92851D43F6A11AC96DE769B27E11 | der | |
MD5:524E23FBC807417159523C10A3172DB6 | SHA256:D0B5EAE596F6F60BCF7170698BA94F878A46C0C6D9DD87EF5AC5E3D5F72C761E |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2564 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | US | der | 471 b | whitelisted |
2564 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D | US | der | 727 b | whitelisted |
2564 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | US | der | 471 b | whitelisted |
2564 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEArTfkPx9Gko3BL%2FgyGh1Xo%3D | US | der | 280 b | whitelisted |
2564 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEArLKLpGXuU5CHZ0cPPNxhI%3D | US | der | 471 b | whitelisted |
2564 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAzhQhgamOjIKzUn9eainUA%3D | US | der | 278 b | whitelisted |
2564 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | US | der | 471 b | whitelisted |
2564 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D | US | der | 727 b | whitelisted |
2564 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
2564 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTnvAI%2FnN49qPTJY2qTQtfkLxjvEAQUo53mH%2FnaOU%2FAbuiRy5Wl2jHiCp8CEAFlK6jKOKePWQ%2BgvKM%2B9nQ%3D | US | der | 313 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2804 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2564 | iexplore.exe | 104.27.153.128:443 | get.uhfrl.com | Cloudflare Inc | US | shared |
2564 | iexplore.exe | 104.27.131.72:443 | get.ourconvertersearch.com | Cloudflare Inc | US | shared |
2564 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2564 | iexplore.exe | 69.16.175.42:443 | b6u2w2z4.ssl.hwcdn.net | Highwinds Network Group, Inc. | US | malicious |
2564 | iexplore.exe | 104.17.78.107:443 | cdnjs.cloudflare.com | Cloudflare Inc | US | unknown |
— | — | 216.58.207.42:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
— | — | 151.139.128.14:80 | ocsp.comodoca.com | Highwinds Network Group, Inc. | US | suspicious |
2564 | iexplore.exe | 216.58.207.42:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2564 | iexplore.exe | 172.217.22.35:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
get.uhfrl.com |
| malicious |
ocsp.digicert.com |
| whitelisted |
get.ourconvertersearch.com |
| suspicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
b6u2w2z4.ssl.hwcdn.net |
| malicious |
cdnjs.cloudflare.com |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |