URL:

https://google.com

Full analysis: https://app.any.run/tasks/655a3b0f-0209-44b6-9035-5106d00821e8
Verdict: Malicious activity
Analysis date: January 19, 2024, 13:18:50
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

99999EBCFDB78DF077AD2727FD00969F

SHA1:

72FE95C5576EC634E214814A32AB785568EDA76A

SHA256:

05046F26C83E8C88B3DDAB2EAB63D0D16224AC1E564535FC75CDCEEE47A0938D

SSDEEP:

3:N8r3uK:2LuK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 124)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Program Files\Internet Explorer\iexplore.exe" "https://google.com"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2204"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:124 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
24 970
Read events
24 747
Write events
221
Delete events
2

Modification events

(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
76
Text files
244
Unknown types
0

Dropped files

PID
Process
Filename
Type
2204iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:AC89A852C2AAA3D389B2D2DD312AD367
SHA256:0B720E19270C672F9B6E0EC40B468AC49376807DE08A814573FE038779534F45
2204iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_ACE741CAE478F9E8195FFCECA66B0544der
MD5:E7E55265CCFDDD060C81EA8D029B87CB
SHA256:1EF9D9F2683777642E7A361A2AB9E2786FE2F70E576F86D3F9D84C87AB69A088
2204iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\NMO1EF4Y.htmhtml
MD5:276BBB20C29087E88DB63899FD8F9129
SHA256:5B61B0C2032B4AA9519D65CC98C6416C12415E02C7FBBAA1BE5121DC75162EDB
2204iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_ACE741CAE478F9E8195FFCECA66B0544binary
MD5:35385E00A17148E9839E929D316C7E5F
SHA256:C5D09610251554627D7CFC762A820F34EABCC146C75A1B7247282658A8C04B87
2204iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:5E90FD4F239B0A4CC37DF3E3310B6CED
SHA256:97C84ECDF847C3E60107F1F75303EF81E13CD595FEB1F70D1E3F5E3A7F7FBF67
2204iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:24EAF8EBB870A7A9845BB67B36F8B09E
SHA256:664C7F51001E7A9D1D5B32E88B202593B2B4BD383E8620847A931020F84916F9
2204iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\googlelogo_white_background_color_272x92dp[1].pngimage
MD5:B593548AC0F25135C059A0AAE302AB4D
SHA256:44FC041CB8145B4EF97007F85BDB9ABDB9A50D744E258B0C4BB01F1D196BF105
2204iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\SCH1AV09.txttext
MD5:F0B3D8E9BAEAA58FFA93A62B39D22450
SHA256:7FB11118D2180E5D7D578C15B397F8F732966D66D2AD974C0806F3F015F56B05
2204iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\CO2ZQRAV.txttext
MD5:2EE0A05C1E782F8A42028BCAAD2F3449
SHA256:CD200D909F466163B9AD6A5F7EDA364D4CFB5A044244AC01D1BFFC43952127D3
2204iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_F6683F4776D0303FB83B8F5DA6BFA751binary
MD5:511C2E989AD7D1EEA773F94E5F9D5903
SHA256:84CC34D791BC9925A947D628D9E9AA660DA7527A6C6C68283608CC01BE4874DA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
40
TCP/UDP connections
134
DNS requests
79
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2204
iexplore.exe
GET
200
23.53.40.56:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?608cb4ab6d3f68d3
unknown
compressed
4.66 Kb
unknown
2204
iexplore.exe
GET
200
23.53.40.56:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f6bf34dbb61e71d7
unknown
compressed
4.66 Kb
unknown
2204
iexplore.exe
GET
200
142.250.185.163:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
2204
iexplore.exe
GET
200
142.250.185.163:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
binary
724 b
unknown
2204
iexplore.exe
GET
200
142.250.185.163:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCc21SZGmxMgAqM79mihzX3
unknown
binary
472 b
unknown
2204
iexplore.exe
GET
200
142.250.185.163:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCECbzjAowsPTyEMLulIc7EGw%3D
unknown
binary
471 b
unknown
2204
iexplore.exe
GET
200
142.250.185.163:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCAPCRpfvazdAnzYNtm9aj3
unknown
binary
472 b
unknown
2204
iexplore.exe
GET
200
142.250.185.163:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDG7Gp%2BrTCD1hArSp%2FkcvFM
unknown
binary
472 b
unknown
124
iexplore.exe
GET
304
23.53.40.56:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d8f761b8c0f86c21
unknown
unknown
124
iexplore.exe
GET
304
23.53.40.56:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1a6e676fbb64f2cc
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
2204
iexplore.exe
216.58.206.46:443
google.com
GOOGLE
US
whitelisted
2204
iexplore.exe
23.53.40.56:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
2204
iexplore.exe
142.250.185.163:80
ocsp.pki.goog
GOOGLE
US
whitelisted
2204
iexplore.exe
142.250.185.164:443
www.google.com
GOOGLE
US
whitelisted
2204
iexplore.exe
142.250.186.67:443
ssl.gstatic.com
GOOGLE
US
whitelisted
2204
iexplore.exe
142.250.186.35:443
www.gstatic.com
GOOGLE
US
whitelisted
124
iexplore.exe
142.250.185.164:443
www.google.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.46
whitelisted
ctldl.windowsupdate.com
  • 23.53.40.56
  • 23.53.40.18
  • 23.53.40.32
  • 23.53.40.35
  • 23.53.40.48
  • 23.53.40.25
  • 23.53.40.40
  • 23.53.40.49
  • 23.53.40.19
whitelisted
ocsp.pki.goog
  • 142.250.185.163
  • 142.250.184.195
whitelisted
www.google.com
  • 142.250.185.164
whitelisted
ssl.gstatic.com
  • 142.250.186.67
whitelisted
clients1.google.com
  • 216.58.206.46
whitelisted
www.gstatic.com
  • 142.250.186.35
whitelisted
apis.google.com
  • 142.250.184.238
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 23.15.178.201
  • 23.15.178.219
  • 23.15.178.242
  • 23.15.178.211
  • 23.15.178.233
  • 23.15.178.203
  • 23.15.178.208
  • 23.15.178.234
  • 23.15.178.226
  • 2.23.209.187
  • 2.23.209.133
  • 2.23.209.130
  • 2.23.209.193
  • 2.23.209.177
  • 2.23.209.182
  • 2.23.209.150
  • 2.23.209.149
  • 2.23.209.161
  • 104.126.37.147
  • 104.126.37.154
  • 104.126.37.155
  • 104.126.37.152
  • 104.126.37.160
  • 104.126.37.137
  • 104.126.37.153
  • 104.126.37.139
  • 104.126.37.131
  • 2.23.209.176
  • 2.23.209.148
  • 23.53.43.136
  • 23.53.43.120
  • 23.53.43.145
  • 23.53.43.139
  • 23.53.43.147
  • 23.53.43.144
  • 23.53.43.146
  • 23.53.43.122
  • 23.53.43.138
  • 2.23.209.185
  • 2.19.96.104
  • 2.19.96.97
  • 2.19.96.120
  • 2.19.96.106
  • 2.19.96.81
  • 2.19.96.88
  • 2.19.96.98
  • 2.19.96.90
  • 2.19.96.112
  • 23.15.178.138
  • 23.15.178.170
  • 23.15.178.147
  • 23.15.178.249
  • 23.15.178.248
  • 23.15.178.146
  • 23.15.178.163
whitelisted

Threats

PID
Process
Class
Message
1080
svchost.exe
A Network Trojan was detected
ET MALWARE Malicious Domain in DNS Lookup (jscloud .biz)
1080
svchost.exe
Potentially Bad Traffic
ET INFO Observed DNS Query to .biz TLD
1080
svchost.exe
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
2204
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.top domain
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://google.com