analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://go.microsoft.com/fwlink/?linkid=2126594&pc=w045&icid=mscom_marcom_dlc

Full analysis: https://app.any.run/tasks/a5944016-d699-4d4b-9a5e-d499107df0e3
Verdict: Malicious activity
Analysis date: January 27, 2021, 16:38:53
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

818E52DD4BBF7241A448C43A95AC9D96

SHA1:

C75C854136D23AF97803B28FB211925C29B8E581

SHA256:

0B0A3ED21566C7962A572A3705FD45967A943287AFBAD036F6CCB1712BEA7A20

SSDEEP:

3:N8r8etR7LO+BYsw/7QTM2dp4n:2geDPO+YfQTtdp4n

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • BingWallpaper.exe (PID: 2012)
      • StartupInstaller.exe (PID: 4000)
      • BWInstaller.exe (PID: 2396)
      • BingWallpaperApp.exe (PID: 3136)
    • Drops executable file immediately after starts

      • BingWallpaper.exe (PID: 2012)
      • rundll32.exe (PID: 3504)
      • rundll32.exe (PID: 2212)
    • Loads dropped or rewritten executable

      • BWInstaller.exe (PID: 2396)
      • rundll32.exe (PID: 2384)
      • rundll32.exe (PID: 3504)
      • rundll32.exe (PID: 2212)
      • BingWallpaperApp.exe (PID: 3136)
    • Actions looks like stealing of personal data

      • BWInstaller.exe (PID: 2396)
      • DefaultSetup.exe (PID: 3240)
    • Steals credentials from Web Browsers

      • BWInstaller.exe (PID: 2396)
      • DefaultSetup.exe (PID: 3240)
    • Changes the autorun value in the registry

      • BWInstaller.exe (PID: 2396)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 2540)
      • iexplore.exe (PID: 2420)
      • BingWallpaper.exe (PID: 2012)
      • msiexec.exe (PID: 3520)
      • rundll32.exe (PID: 3504)
      • rundll32.exe (PID: 2212)
      • BingWallpaperApp.exe (PID: 3136)
    • Drops a file with too old compile date

      • iexplore.exe (PID: 2540)
      • iexplore.exe (PID: 2420)
      • BingWallpaper.exe (PID: 2012)
      • msiexec.exe (PID: 3520)
    • Drops a file that was compiled in debug mode

      • iexplore.exe (PID: 2420)
      • iexplore.exe (PID: 2540)
      • BingWallpaper.exe (PID: 2012)
      • msiexec.exe (PID: 3520)
      • rundll32.exe (PID: 3504)
      • rundll32.exe (PID: 2212)
      • BingWallpaperApp.exe (PID: 3136)
    • Drops a file with a compile date too recent

      • BingWallpaper.exe (PID: 2012)
      • msiexec.exe (PID: 3520)
      • rundll32.exe (PID: 3504)
      • rundll32.exe (PID: 2212)
    • Reads Environment values

      • BWInstaller.exe (PID: 2396)
      • BingWallpaperApp.exe (PID: 3136)
    • Creates files in the user directory

      • msiexec.exe (PID: 3520)
      • DefaultSetup.exe (PID: 3240)
    • Uses RUNDLL32.EXE to load library

      • MsiExec.exe (PID: 3224)
    • Changes the autorun value in the registry

      • msiexec.exe (PID: 3520)
    • Starts Internet Explorer

      • BingWallpaperApp.exe (PID: 3136)
    • Changes the desktop background image

      • BingWallpaperApp.exe (PID: 3136)
  • INFO

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2420)
      • iexplore.exe (PID: 2540)
      • iexplore.exe (PID: 3016)
      • iexplore.exe (PID: 300)
    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 2540)
    • Changes internet zones settings

      • iexplore.exe (PID: 2540)
      • iexplore.exe (PID: 3016)
    • Application launched itself

      • iexplore.exe (PID: 2540)
      • msiexec.exe (PID: 3520)
      • firefox.exe (PID: 3980)
      • firefox.exe (PID: 3028)
      • iexplore.exe (PID: 3016)
    • Changes settings of System certificates

      • iexplore.exe (PID: 2540)
      • iexplore.exe (PID: 3016)
      • pingsender.exe (PID: 3816)
      • pingsender.exe (PID: 2616)
      • pingsender.exe (PID: 3420)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2540)
      • pingsender.exe (PID: 2616)
      • pingsender.exe (PID: 3420)
      • pingsender.exe (PID: 3816)
      • iexplore.exe (PID: 3016)
    • Creates a software uninstall entry

      • msiexec.exe (PID: 3520)
    • Reads CPU info

      • firefox.exe (PID: 3028)
    • Creates files in the user directory

      • firefox.exe (PID: 3028)
      • iexplore.exe (PID: 2540)
    • Creates files in the program directory

      • firefox.exe (PID: 3028)
    • Dropped object may contain Bitcoin addresses

      • firefox.exe (PID: 3028)
      • iexplore.exe (PID: 3016)
    • Reads internet explorer settings

      • iexplore.exe (PID: 300)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
64
Monitored processes
25
Malicious processes
11
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start drop and start iexplore.exe iexplore.exe bingwallpaper.exe startupinstaller.exe no specs bwinstaller.exe msiexec.exe no specs msiexec.exe bingwallpaperapp.exe msiexec.exe no specs rundll32.exe rundll32.exe no specs rundll32.exe defaultsetup.exe firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe firefox.exe pingsender.exe pingsender.exe pingsender.exe iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2540"C:\Program Files\Internet Explorer\iexplore.exe" "https://go.microsoft.com/fwlink/?linkid=2126594&pc=w045&icid=mscom_marcom_dlc"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2420"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2540 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2012"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\BingWallpaper.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\BingWallpaper.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
BingWallpaper
Exit code:
0
Version:
1.0.8.2
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\6z2bcoul\bingwallpaper.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
4000C:\Users\admin\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeBingWallpaper.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\ixp000.tmp\startupinstaller.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
2396"C:\Users\admin\AppData\Local\Temp\IXP000.TMP\BWInstaller.exe"C:\Users\admin\AppData\Local\Temp\IXP000.TMP\BWInstaller.exe
StartupInstaller.exe
User:
admin
Integrity Level:
MEDIUM
Description:
BWInstaller
Exit code:
0
Version:
1.0.8.2
Modules
Images
c:\users\admin\appdata\local\temp\ixp000.tmp\bwinstaller.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
2220"C:\Windows\System32\msiexec.exe" /q /i BWCInstaller.msi /norestartC:\Windows\System32\msiexec.exeBWInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3520C:\Windows\system32\msiexec.exe /VC:\Windows\system32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3136"C:\Users\admin\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe"C:\Users\admin\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Bing Wallpaper
Version:
1.0.8.2
Modules
Images
c:\users\admin\appdata\local\microsoft\bingwallpaperapp\bingwallpaperapp.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3224C:\Windows\system32\MsiExec.exe -Embedding A01518031554CE810E89BB5603C0521CC:\Windows\system32\MsiExec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3504rundll32.exe "C:\Windows\Installer\MSI8559.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1415921 1 CustomActions!CustomActions.CustomActions.InstallPingC:\Windows\system32\rundll32.exe
MsiExec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imagehlp.dll
Total events
3 079
Read events
2 677
Write events
379
Delete events
23

Modification events

(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
33515748
(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30864587
(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
46000000A5000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2540) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
23
Suspicious files
220
Text files
127
Unknown types
84

Dropped files

PID
Process
Filename
Type
2420iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab3E89.tmp
MD5:
SHA256:
2420iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar3E8A.tmp
MD5:
SHA256:
2420iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\BingWallpaper[1].exe
MD5:
SHA256:
2540iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFD5F8337DE9CB21FF.TMP
MD5:
SHA256:
2540iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\BingWallpaper.exe.glxi45t.partial:Zone.Identifier
MD5:
SHA256:
2012BingWallpaper.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\BWCInstaller.msi
MD5:
SHA256:
2420iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442der
MD5:2ABF646F63AD1ECA5A2345C91EC46DE1
SHA256:5E84E6985E911A73B6A83FD6FE51F9325930898CC0C0A674808DE8BFB2D7691E
2420iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A07532D6AAE6A04052D31515DB38D1D_CA882703125241C37BA7EFB65CEA8710der
MD5:EA7EF22CA276AC02C3E117B3FA79AAE6
SHA256:7A1E9C7C68BBD800820A33D4AA6132020F32CE46BB638A20502A4863C36297BB
2396BWInstaller.exeC:\Users\admin\AppData\Local\Temp\ZMG721C.tmp
MD5:
SHA256:
2396BWInstaller.exeC:\Users\admin\AppData\Local\Temp\ZMG724C.tmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
137
TCP/UDP connections
103
DNS requests
144
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3504
rundll32.exe
GET
200
20.41.62.11:80
http://g.ceipmsn.com/8SE/44?MI=8929C91FFFA147AE9FCB2CB59F391AB9&LV=6.1.7600.16385&OS=6.1.7601.1&TE=40&TV=isW045%7cpkBingWallpaper%7ctmen-us%7cvr1.0.8.2%7cat1%7crt1%7cpt2
US
suspicious
2396
BWInstaller.exe
GET
200
20.41.62.11:80
http://g.ceipmsn.com/8SE/44?MI=8929C91FFFA147AE9FCB2CB59F391AB9&LV=1.0.8.2&OS=6.1.7601.1&TE=40&TV=isW045%7cpkBWInstaller%7ctmen-us%7chdIE2%2cMF1%2cGC1%7csdIE2%2cMF1%2cGC1%7chpBing%7cdbIE%7crt2%7cpt1
US
suspicious
2420
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D
US
der
1.47 Kb
whitelisted
2420
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
3028
firefox.exe
GET
200
20.41.62.11:80
http://g.ceipmsn.com/8SE/44?MI=B3D6ECDB15E7850D69246872CDD0B741&LV=0.0.0.9&OS=WindowsNT6.1;rv:68.0&TE=37&TV=isW045%7CpkMicrosoftBingSearchEngine%7Ctmen-US%7CbvFirefox68.0%[email protected]%7Ces1
US
suspicious
3240
DefaultSetup.exe
GET
200
20.41.62.11:80
http://g.ceipmsn.com/8SE/44?MI=8929C91FFFA147AE9FCB2CB59F391AB9&LV=1.7.74.0&OS=6.1.7601.1&TE=24&TV=isW045%7cpkBrowserDefMgr%7crt1%7ctmen-us%7chdGC75.0.3770.100%2c1%7csdGC75.0.3770.100%2c1%7cseGC75.0.3770.100%2c1%7chpGC75.0.3770.100%2c1%7ccd2021-01-27%7cct16:39:55:540
US
suspicious
3240
DefaultSetup.exe
GET
200
20.41.62.11:80
http://g.ceipmsn.com/8SE/44?MI=8929C91FFFA147AE9FCB2CB59F391AB9&LV=1.7.74.0&OS=6.1.7601.1&TE=25&TV=isW045%7cpkBrowserDefMgr%7crt1%7ctmen-us%7chdIE11.0.9600.17843%2c0%7csdIE11.0.9600.17843%2c0%7cse%7chp%7ccd2021-01-27%7cct16:39:55:540
US
suspicious
3240
DefaultSetup.exe
GET
200
20.41.62.11:80
http://g.ceipmsn.com/8SE/44?MI=8929C91FFFA147AE9FCB2CB59F391AB9&LV=1.7.74.0&OS=6.1.7601.1&TE=23&TV=isW045%7cpkBrowserDefMgr%7crt1%7ctmen-us%7chdMF68.0.0.0%2c1%7csdMF68.0.0.0%2c1%7cseMF68.0.0.0%2c1%7chpMF68.0.0.0%2c1%7ccd2021-01-27%7cct16:39:55:540
US
suspicious
2540
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
2420
iexplore.exe
GET
200
104.18.24.243:80
http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRSHuNsR4EZqcsD%2BrdOV%2BEZevGBiwQUtXYMMBHOx5JCTUzHXCzIqQzoC2QCE2sABS6X6DFrE9H0DdEAAAAFLpc%3D
US
der
1.71 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3136
BingWallpaperApp.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2420
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3028
firefox.exe
34.107.221.82:80
detectportal.firefox.com
US
whitelisted
2420
iexplore.exe
104.79.88.34:443
download.microsoft.com
Time Warner Cable Internet LLC
US
malicious
2420
iexplore.exe
23.205.239.104:443
go.microsoft.com
GTT Communications Inc.
NL
unknown
2420
iexplore.exe
52.173.134.115:443
bingwallpaper.microsoft.com
Microsoft Corporation
US
unknown
3136
BingWallpaperApp.exe
52.173.134.115:443
bingwallpaper.microsoft.com
Microsoft Corporation
US
unknown
3504
rundll32.exe
20.41.62.11:80
g.ceipmsn.com
US
suspicious
2396
BWInstaller.exe
20.41.62.11:80
g.ceipmsn.com
US
suspicious
3136
BingWallpaperApp.exe
92.123.16.55:443
go.microsoft.com
Telia Company AB
FR
malicious

DNS requests

Domain
IP
Reputation
go.microsoft.com
  • 23.205.239.104
  • 92.123.16.55
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
bingwallpaper.microsoft.com
  • 52.173.134.115
whitelisted
api.bing.com
  • 13.107.13.80
whitelisted
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
ocsp.msocsp.com
  • 104.18.24.243
  • 104.18.25.243
whitelisted
download.microsoft.com
  • 104.79.88.34
whitelisted
g.ceipmsn.com
  • 20.41.62.11
suspicious
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO Observed DNS Query to .cloud TLD
Potentially Bad Traffic
ET INFO Observed DNS Query to .cloud TLD
Potentially Bad Traffic
ET INFO Observed DNS Query to .cloud TLD
Potentially Bad Traffic
ET INFO Observed DNS Query to .cloud TLD
No debug info