URL: | https://live-nba.stream/watch/43062/2/portland-trail-blazers-golden-state-warriors-live.html |
Full analysis: | https://app.any.run/tasks/1d32bde1-a317-409b-8b69-59d0d4b59f02 |
Verdict: | Malicious activity |
Analysis date: | May 15, 2019, 06:27:55 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 0A9216A1AA760487AE1DC296C72BE3A2 |
SHA1: | E41AB8063C36D1C24B9752E113523E830D0E7BBA |
SHA256: | D22485A9A81D97F9D388625CF4469B95F8CEBFDBA6364285F6E1516600448025 |
SSDEEP: | 3:N8MT6iG9zXKXViBwc2AxacrhMTAwJ:2Mm9Oq2yaPJ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3660 | "C:\Program Files\Opera\opera.exe" https://live-nba.stream/watch/43062/2/portland-trail-blazers-golden-state-warriors-live.html | C:\Program Files\Opera\opera.exe | explorer.exe | |
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera Internet Browser Version: 1748 | ||||
2856 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" /o /eo /l /b /id 3660 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | — | opera.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe Acrobat Reader DC Version: 15.23.20070.215641 | ||||
1684 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer /o /eo /l /b /id 3660 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | — | AcroRd32.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe Acrobat Reader DC Version: 15.23.20070.215641 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3660 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprFB07.tmp | — | |
MD5:— | SHA256:— | |||
3660 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\oprFB27.tmp | — | |
MD5:— | SHA256:— | |||
3660 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\oprFBC4.tmp | — | |
MD5:— | SHA256:— | |||
3660 | opera.exe | C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00001.tmp | — | |
MD5:— | SHA256:— | |||
3660 | opera.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\S4KD4BA1XE0HANVX6Z70.temp | — | |
MD5:— | SHA256:— | |||
3660 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr1289.tmp | — | |
MD5:— | SHA256:— | |||
3660 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini | text | |
MD5:A446B1A8D21B10E8D4D96CF2F2EB9662 | SHA256:4D4B397B4AA9D3680EA9706C4E2B18D126814C6CD3777DE397CE9E94D9487012 | |||
3660 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml | xml | |
MD5:73D1408704BCCD9142E5F520535261B7 | SHA256:40B0ACF7BA27A3637C8B78FBA12B6B5BF90277D5717BA59B6C354291B6DB1A45 | |||
3660 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat | binary | |
MD5:C231CE06258CAC1A27B7797C5C6119B8 | SHA256:354657E42DC273494D4ACD52E6C9F5E4C89868C4825DE9D9B02F1338E2464EC4 | |||
3660 | opera.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms | binary | |
MD5:9BE9CCC710D3048CFD9BFA594A41206A | SHA256:85766104413F074C4D5A44FE7A2472002A0B99DC59D4224DB4CD1E19072D2903 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3660 | opera.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQAU7Bfe6xSRj1%2Bo83zCN%2BY2wTgIAQU1LD0%2FU%2BcQqRs3D0u7ltBGMmtA%2FYCECpNJaw%2FqAVZDxAFL0VG%2Bnc%3D | US | der | 471 b | whitelisted |
3660 | opera.exe | GET | 200 | 192.35.177.64:80 | http://crl.identrust.com/DSTROOTCAX3CRL.crl | US | der | 896 b | whitelisted |
3660 | opera.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEAJvJGeK%2FtwlV70AH1C0Bso%3D | US | der | 471 b | whitelisted |
3660 | opera.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEAwlX%2BWwe0xUZK7sA79up6Y%3D | US | der | 471 b | whitelisted |
3660 | opera.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAwYRnF7eZBhU2LgcspZxrA%3D | US | der | 471 b | whitelisted |
3660 | opera.exe | GET | 200 | 172.217.22.99:80 | http://crl.pki.goog/gsr2/gsr2.crl | US | der | 546 b | whitelisted |
3660 | opera.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEDVcoTH82eAUPv6eGMIxtds%3D | US | der | 471 b | whitelisted |
3660 | opera.exe | GET | 200 | 151.139.128.14:80 | http://crl.usertrust.com/AddTrustExternalCARoot.crl | US | der | 673 b | whitelisted |
3660 | opera.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca4.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQAU7Bfe6xSRj1%2Bo83zCN%2BY2wTgIAQU1LD0%2FU%2BcQqRs3D0u7ltBGMmtA%2FYCEQDSVJWT1OLxShV3sbdg0rEr | US | der | 472 b | whitelisted |
3660 | opera.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/DigiCertGlobalRootCA.crl | US | der | 581 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3660 | opera.exe | 192.35.177.64:80 | crl.identrust.com | IdenTrust | US | malicious |
3660 | opera.exe | 66.225.197.197:80 | crl4.digicert.com | CacheNetworks, Inc. | US | whitelisted |
3660 | opera.exe | 185.26.182.112:443 | sitecheck2.opera.com | Opera Software AS | — | malicious |
3660 | opera.exe | 185.125.230.221:443 | live-nba.stream | MAROSNET Telecommunication Company LLC | RU | unknown |
3660 | opera.exe | 185.26.182.93:443 | sitecheck2.opera.com | Opera Software AS | — | whitelisted |
3660 | opera.exe | 104.19.195.151:443 | cdnjs.cloudflare.com | Cloudflare Inc | US | shared |
3660 | opera.exe | 31.13.90.36:443 | www.facebook.com | Facebook, Inc. | IE | whitelisted |
3660 | opera.exe | 195.181.170.18:443 | 1079020916.rsc.cdn77.org | Datacamp Limited | DE | suspicious |
3660 | opera.exe | 93.184.220.66:443 | platform.twitter.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3660 | opera.exe | 151.139.128.14:80 | crl.comodoca.com | Highwinds Network Group, Inc. | US | suspicious |
Domain | IP | Reputation |
---|---|---|
live-nba.stream |
| suspicious |
sitecheck2.opera.com |
| whitelisted |
certs.opera.com |
| whitelisted |
crl.identrust.com |
| whitelisted |
crl4.digicert.com |
| whitelisted |
1079020916.rsc.cdn77.org |
| whitelisted |
cdnjs.cloudflare.com |
| whitelisted |
www.facebook.com |
| whitelisted |
platform.twitter.com |
| whitelisted |
st.chatango.com |
| whitelisted |