URL: | https://www.auslogics.com |
Full analysis: | https://app.any.run/tasks/3ac0aa70-efd4-4283-a548-59a0321a60e3 |
Verdict: | Malicious activity |
Analysis date: | March 14, 2019, 14:07:48 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 088E5EFBE558904DFD098D756E0CB30F |
SHA1: | 735082AB315607A03300056B0587C5EACC3E696F |
SHA256: | E23E5C075A5BB564075059BC581A79E75039A48B91A16673638BF379688AF78C |
SSDEEP: | 3:N8DSLzPU:2OLDU |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3376 | "C:\Program Files\Internet Explorer\iexplore.exe" https://www.auslogics.com | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
4048 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3376 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3252 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3376 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3376 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
4048 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\en[1].txt | — | |
MD5:— | SHA256:— | |||
4048 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\it[1].svg | image | |
MD5:B5CA7E6FE99A0B9BC83A822B340CA33D | SHA256:B0D95326FE31E2558D55A794BF1984528ED5F2A63E25D5D96AAC83EDA6A857E0 | |||
4048 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\script[1].js | text | |
MD5:7D0F701664EEFCED65E652A66C207CC6 | SHA256:48139233A2D1943C53A5806527832CB28905530B83EFF0428351A9DABD89CC75 | |||
4048 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\logo[1].svg | image | |
MD5:87C971A9487E88DF811F3C506F90A2F7 | SHA256:821AA752462DAD71D9AA47A97B57EC4349845DE7C814D829DD628EED6996A76E | |||
4048 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\css[1].txt | text | |
MD5:57836599D4EC8A170B2AC49A5FFF32B7 | SHA256:07DB849BBB6AD47B40BC4DA57219170637F816A2A0AB583519DDF65CC3C88157 | |||
4048 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\main[1].js | text | |
MD5:8DEAC7BC43DE0C4C2050CDF22AA01917 | SHA256:50CDFC18DAA8FA2D3EB720EAABB08B5112B0636A419BAB2BAD7869330817C42A | |||
4048 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\main[1].css | text | |
MD5:FA6E7F6FE987EEBABF2155448B6D7BBC | SHA256:98700A2343487A197E0A13A08E4116D12B1119743B76620F07049B2F5E2D7B5A | |||
4048 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\en[1].htm | html | |
MD5:F31E0885E218F650CF9D4B86FD82ACBE | SHA256:A92292B77975F3E7CB6434135AFB4318560C8596E9049521EB588B6FC30E7E0C |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
4048 | iexplore.exe | GET | — | 151.139.239.32:80 | http://static.auslogics.com/en/boost-speed/10/boost-speed-setup.exe | US | — | — | malicious |
4048 | iexplore.exe | GET | 200 | 205.185.216.10:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | US | compressed | 55.2 Kb | whitelisted |
4048 | iexplore.exe | GET | 200 | 13.32.222.51:80 | http://x.ss2.us/x.cer | US | der | 1.27 Kb | whitelisted |
3376 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
4048 | iexplore.exe | GET | 302 | 149.56.19.59:80 | http://downloads.auslogics.com/en/boost-speed/10/boost-speed-setup.exe | CA | html | 161 b | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4048 | iexplore.exe | 216.58.205.234:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
4048 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
4048 | iexplore.exe | 216.58.205.238:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
4048 | iexplore.exe | 87.250.251.119:443 | mc.yandex.ru | YANDEX LLC | RU | whitelisted |
4048 | iexplore.exe | 216.58.207.40:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
4048 | iexplore.exe | 157.240.1.23:443 | connect.facebook.net | Facebook, Inc. | US | whitelisted |
3376 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
4048 | iexplore.exe | 172.217.21.227:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
4048 | iexplore.exe | 74.125.133.155:443 | stats.g.doubleclick.net | Google Inc. | US | whitelisted |
4048 | iexplore.exe | 45.33.8.241:443 | www.auslogics.com | Linode, LLC | US | malicious |
Domain | IP | Reputation |
---|---|---|
www.auslogics.com |
| whitelisted |
www.bing.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
mc.yandex.ru |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
stats.g.doubleclick.net |
| whitelisted |
bat.bing.com |
| whitelisted |
connect.facebook.net |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
4048 | iexplore.exe | Generic Protocol Command Decode | SURICATA STREAM excessive retransmissions |
4048 | iexplore.exe | Generic Protocol Command Decode | SURICATA STREAM excessive retransmissions |
4048 | iexplore.exe | Generic Protocol Command Decode | SURICATA STREAM excessive retransmissions |
4048 | iexplore.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |