URL:

https://go.microsoft.com/fwlink/?linkid=2126594&pc=w045&icid=mscom_marcom_dlc

Full analysis: https://app.any.run/tasks/a5944016-d699-4d4b-9a5e-d499107df0e3
Verdict: Malicious activity
Analysis date: January 27, 2021, 16:38:53
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

818E52DD4BBF7241A448C43A95AC9D96

SHA1:

C75C854136D23AF97803B28FB211925C29B8E581

SHA256:

0B0A3ED21566C7962A572A3705FD45967A943287AFBAD036F6CCB1712BEA7A20

SSDEEP:

3:N8r8etR7LO+BYsw/7QTM2dp4n:2geDPO+YfQTtdp4n

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • BingWallpaper.exe (PID: 2012)
      • StartupInstaller.exe (PID: 4000)
      • BWInstaller.exe (PID: 2396)
      • BingWallpaperApp.exe (PID: 3136)
    • Drops executable file immediately after starts

      • BingWallpaper.exe (PID: 2012)
      • rundll32.exe (PID: 3504)
      • rundll32.exe (PID: 2212)
    • Actions looks like stealing of personal data

      • BWInstaller.exe (PID: 2396)
      • DefaultSetup.exe (PID: 3240)
    • Loads dropped or rewritten executable

      • BWInstaller.exe (PID: 2396)
      • rundll32.exe (PID: 3504)
      • rundll32.exe (PID: 2384)
      • rundll32.exe (PID: 2212)
      • BingWallpaperApp.exe (PID: 3136)
    • Steals credentials from Web Browsers

      • BWInstaller.exe (PID: 2396)
      • DefaultSetup.exe (PID: 3240)
    • Changes the autorun value in the registry

      • BWInstaller.exe (PID: 2396)
  • SUSPICIOUS

    • Drops a file with too old compile date

      • iexplore.exe (PID: 2420)
      • iexplore.exe (PID: 2540)
      • BingWallpaper.exe (PID: 2012)
      • msiexec.exe (PID: 3520)
    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 2420)
      • iexplore.exe (PID: 2540)
      • BingWallpaper.exe (PID: 2012)
      • msiexec.exe (PID: 3520)
      • rundll32.exe (PID: 3504)
      • rundll32.exe (PID: 2212)
      • BingWallpaperApp.exe (PID: 3136)
    • Drops a file that was compiled in debug mode

      • iexplore.exe (PID: 2420)
      • iexplore.exe (PID: 2540)
      • BingWallpaper.exe (PID: 2012)
      • msiexec.exe (PID: 3520)
      • rundll32.exe (PID: 3504)
      • rundll32.exe (PID: 2212)
      • BingWallpaperApp.exe (PID: 3136)
    • Drops a file with a compile date too recent

      • BingWallpaper.exe (PID: 2012)
      • msiexec.exe (PID: 3520)
      • rundll32.exe (PID: 3504)
      • rundll32.exe (PID: 2212)
    • Reads Environment values

      • BWInstaller.exe (PID: 2396)
      • BingWallpaperApp.exe (PID: 3136)
    • Creates files in the user directory

      • msiexec.exe (PID: 3520)
      • DefaultSetup.exe (PID: 3240)
    • Uses RUNDLL32.EXE to load library

      • MsiExec.exe (PID: 3224)
    • Changes the autorun value in the registry

      • msiexec.exe (PID: 3520)
    • Starts Internet Explorer

      • BingWallpaperApp.exe (PID: 3136)
    • Changes the desktop background image

      • BingWallpaperApp.exe (PID: 3136)
  • INFO

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2420)
      • iexplore.exe (PID: 2540)
      • iexplore.exe (PID: 3016)
      • iexplore.exe (PID: 300)
    • Changes internet zones settings

      • iexplore.exe (PID: 2540)
      • iexplore.exe (PID: 3016)
    • Application launched itself

      • iexplore.exe (PID: 2540)
      • msiexec.exe (PID: 3520)
      • firefox.exe (PID: 3028)
      • firefox.exe (PID: 3980)
      • iexplore.exe (PID: 3016)
    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 2540)
    • Changes settings of System certificates

      • iexplore.exe (PID: 2540)
      • iexplore.exe (PID: 3016)
      • pingsender.exe (PID: 2616)
      • pingsender.exe (PID: 3816)
      • pingsender.exe (PID: 3420)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2540)
      • iexplore.exe (PID: 3016)
      • pingsender.exe (PID: 3816)
      • pingsender.exe (PID: 2616)
      • pingsender.exe (PID: 3420)
    • Creates a software uninstall entry

      • msiexec.exe (PID: 3520)
    • Reads CPU info

      • firefox.exe (PID: 3028)
    • Creates files in the user directory

      • firefox.exe (PID: 3028)
      • iexplore.exe (PID: 2540)
    • Dropped object may contain Bitcoin addresses

      • firefox.exe (PID: 3028)
      • iexplore.exe (PID: 3016)
    • Reads internet explorer settings

      • iexplore.exe (PID: 300)
    • Creates files in the program directory

      • firefox.exe (PID: 3028)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
64
Monitored processes
25
Malicious processes
11
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start drop and start iexplore.exe iexplore.exe bingwallpaper.exe startupinstaller.exe no specs bwinstaller.exe msiexec.exe no specs msiexec.exe bingwallpaperapp.exe msiexec.exe no specs rundll32.exe rundll32.exe no specs rundll32.exe defaultsetup.exe firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe firefox.exe pingsender.exe pingsender.exe pingsender.exe iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2540"C:\Program Files\Internet Explorer\iexplore.exe" "https://go.microsoft.com/fwlink/?linkid=2126594&pc=w045&icid=mscom_marcom_dlc"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2420"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2540 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2012"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\BingWallpaper.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\BingWallpaper.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
BingWallpaper
Exit code:
0
Version:
1.0.8.2
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\6z2bcoul\bingwallpaper.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
4000C:\Users\admin\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeBingWallpaper.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\ixp000.tmp\startupinstaller.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
2396"C:\Users\admin\AppData\Local\Temp\IXP000.TMP\BWInstaller.exe"C:\Users\admin\AppData\Local\Temp\IXP000.TMP\BWInstaller.exe
StartupInstaller.exe
User:
admin
Integrity Level:
MEDIUM
Description:
BWInstaller
Exit code:
0
Version:
1.0.8.2
Modules
Images
c:\users\admin\appdata\local\temp\ixp000.tmp\bwinstaller.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
2220"C:\Windows\System32\msiexec.exe" /q /i BWCInstaller.msi /norestartC:\Windows\System32\msiexec.exeBWInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3520C:\Windows\system32\msiexec.exe /VC:\Windows\system32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3136"C:\Users\admin\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe"C:\Users\admin\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Bing Wallpaper
Version:
1.0.8.2
Modules
Images
c:\users\admin\appdata\local\microsoft\bingwallpaperapp\bingwallpaperapp.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3224C:\Windows\system32\MsiExec.exe -Embedding A01518031554CE810E89BB5603C0521CC:\Windows\system32\MsiExec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3504rundll32.exe "C:\Windows\Installer\MSI8559.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1415921 1 CustomActions!CustomActions.CustomActions.InstallPingC:\Windows\system32\rundll32.exe
MsiExec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imagehlp.dll
Total events
3 079
Read events
2 677
Write events
379
Delete events
23

Modification events

(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
33515748
(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30864587
(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
46000000A5000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
23
Suspicious files
220
Text files
127
Unknown types
84

Dropped files

PID
Process
Filename
Type
2420iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab3E89.tmp
MD5:
SHA256:
2420iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar3E8A.tmp
MD5:
SHA256:
2420iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\BingWallpaper[1].exe
MD5:
SHA256:
2540iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFD5F8337DE9CB21FF.TMP
MD5:
SHA256:
2540iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\BingWallpaper.exe.glxi45t.partial:Zone.Identifier
MD5:
SHA256:
2012BingWallpaper.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\BWCInstaller.msi
MD5:
SHA256:
2420iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442der
MD5:2ABF646F63AD1ECA5A2345C91EC46DE1
SHA256:5E84E6985E911A73B6A83FD6FE51F9325930898CC0C0A674808DE8BFB2D7691E
2420iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8A07532D6AAE6A04052D31515DB38D1D_CA882703125241C37BA7EFB65CEA8710binary
MD5:1F2C878B934D3D4CB671A41CBEC737DB
SHA256:078DF35F3AEF0410781EC50CC3E1398892EE1F7265F9D148562548974215CCA0
2420iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:BC935C223BCEAC8631494C33158D8801
SHA256:FE3F940ED07F61A1F4BC3B6DEFDA2C52D2D10B9A3CCB663A5D8A3FA0E3271D28
2420iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04der
MD5:8A08690292CEDD4B1FDBA03E25620C55
SHA256:907318F2F162A22082A817B9552D20FB3646FA3EBAED7F786DBF224D267DF40D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
137
TCP/UDP connections
103
DNS requests
144
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2396
BWInstaller.exe
GET
200
20.41.62.11:80
http://g.ceipmsn.com/8SE/44?MI=8929C91FFFA147AE9FCB2CB59F391AB9&LV=1.0.8.2&OS=6.1.7601.1&TE=40&TV=isW045%7cpkBWInstaller%7ctmen-us%7chdIE2%2cMF1%2cGC1%7csdIE2%2cMF1%2cGC1%7chpBing%7cdbIE%7crt2%7cpt1
US
suspicious
3240
DefaultSetup.exe
GET
200
20.41.62.11:80
http://g.ceipmsn.com/8SE/44?MI=8929C91FFFA147AE9FCB2CB59F391AB9&LV=1.7.74.0&OS=6.1.7601.1&TE=25&TV=isW045%7cpkBrowserDefMgr%7crt1%7ctmen-us%7chdIE11.0.9600.17843%2c0%7csdIE11.0.9600.17843%2c0%7cse%7chp%7ccd2021-01-27%7cct16:39:55:540
US
suspicious
3504
rundll32.exe
GET
200
20.41.62.11:80
http://g.ceipmsn.com/8SE/44?MI=8929C91FFFA147AE9FCB2CB59F391AB9&LV=6.1.7600.16385&OS=6.1.7601.1&TE=40&TV=isW045%7cpkBingWallpaper%7ctmen-us%7cvr1.0.8.2%7cat1%7crt1%7cpt2
US
suspicious
3240
DefaultSetup.exe
GET
200
20.41.62.11:80
http://g.ceipmsn.com/8SE/44?MI=8929C91FFFA147AE9FCB2CB59F391AB9&LV=1.7.74.0&OS=6.1.7601.1&TE=24&TV=isW045%7cpkBrowserDefMgr%7crt1%7ctmen-us%7chdGC75.0.3770.100%2c1%7csdGC75.0.3770.100%2c1%7cseGC75.0.3770.100%2c1%7chpGC75.0.3770.100%2c1%7ccd2021-01-27%7cct16:39:55:540
US
suspicious
3028
firefox.exe
GET
200
20.41.62.11:80
http://g.ceipmsn.com/8SE/44?MI=B3D6ECDB15E7850D69246872CDD0B741&LV=0.0.0.9&OS=WindowsNT6.1;rv:68.0&TE=37&TV=isW045%7CpkMicrosoftBingSearchEngine%7Ctmen-US%7CbvFirefox68.0%[email protected]%7Ces1
US
suspicious
2420
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
3240
DefaultSetup.exe
GET
200
20.41.62.11:80
http://g.ceipmsn.com/8SE/44?MI=8929C91FFFA147AE9FCB2CB59F391AB9&LV=1.7.74.0&OS=6.1.7601.1&TE=23&TV=isW045%7cpkBrowserDefMgr%7crt1%7ctmen-us%7chdMF68.0.0.0%2c1%7csdMF68.0.0.0%2c1%7cseMF68.0.0.0%2c1%7chpMF68.0.0.0%2c1%7ccd2021-01-27%7cct16:39:55:540
US
suspicious
2420
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D
US
der
1.47 Kb
whitelisted
2420
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D
US
der
1.47 Kb
whitelisted
3028
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3136
BingWallpaperApp.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2420
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3028
firefox.exe
34.107.221.82:80
detectportal.firefox.com
US
whitelisted
3504
rundll32.exe
20.41.62.11:80
g.ceipmsn.com
US
suspicious
2420
iexplore.exe
104.79.88.34:443
download.microsoft.com
Time Warner Cable Internet LLC
US
malicious
3136
BingWallpaperApp.exe
52.173.134.115:443
bingwallpaper.microsoft.com
Microsoft Corporation
US
unknown
2420
iexplore.exe
52.173.134.115:443
bingwallpaper.microsoft.com
Microsoft Corporation
US
unknown
2420
iexplore.exe
23.205.239.104:443
go.microsoft.com
GTT Communications Inc.
NL
unknown
3028
firefox.exe
92.123.16.55:443
go.microsoft.com
Telia Company AB
FR
malicious
2420
iexplore.exe
104.18.24.243:80
ocsp.msocsp.com
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
go.microsoft.com
  • 23.205.239.104
  • 92.123.16.55
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
bingwallpaper.microsoft.com
  • 52.173.134.115
whitelisted
api.bing.com
  • 13.107.13.80
whitelisted
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
ocsp.msocsp.com
  • 104.18.24.243
  • 104.18.25.243
whitelisted
download.microsoft.com
  • 104.79.88.34
whitelisted
g.ceipmsn.com
  • 20.41.62.11
suspicious
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO Observed DNS Query to .cloud TLD
Potentially Bad Traffic
ET INFO Observed DNS Query to .cloud TLD
Potentially Bad Traffic
ET INFO Observed DNS Query to .cloud TLD
Potentially Bad Traffic
ET INFO Observed DNS Query to .cloud TLD
No debug info