URL:

https://www.bing.com/search?q=TEST&qs=n&form=QBRE&sp=-1&ghc=1&lq=0&pq=test&sc=10-4&sk=&cvid=ED507D1A9D8E40F09A9008A1AF2691FC&ghsh=0&ghacc=0&ghpl=

Full analysis: https://app.any.run/tasks/9d452634-5a95-42cd-9369-dd6f826d9de9
Verdict: Malicious activity
Analysis date: April 17, 2023, 07:27:02
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

17154D053AF189E11D56CBFB2101E1C1

SHA1:

A67314B1734D5B55C27664844770A91649F13C40

SHA256:

5EB6353E2DA49B085A319720A64A5216E6861CC5B5703052D77F5BD43849A8C7

SSDEEP:

3:N8DSLsBAEXGpcSLfK1/SPa3A058uQdgFjaws:2OLsBBGWSKqi3J8tdBn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Create files in a temporary directory

      • iexplore.exe (PID: 1372)
      • iexplore.exe (PID: 2468)

    • Application launched itself

      • iexplore.exe (PID: 2468)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1372"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2468 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2468"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.bing.com/search?q=TEST&qs=n&form=QBRE&sp=-1&ghc=1&lq=0&pq=test&sc=10-4&sk=&cvid=ED507D1A9D8E40F09A9008A1AF2691FC&ghsh=0&ghacc=0&ghpl="C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\windows\system32\kernel32.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\rpcrt4.dll
3068"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2468 CREDAT:3872012 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
87 334
Read events
86 784
Write events
540
Delete events
10

Modification events

(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
302
Text files
1 331
Unknown types
105

Dropped files

PID
Process
Filename
Type
2468iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:F7DCB24540769805E5BB30D193944DCE
SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
2468iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:BB318A2BEB85343E1E3B62113A35DD23
SHA256:46E039CA07D22D6643137A002FD23CBE1A416F9C5BA2E91A2F6F5AB9B11E59E4
2468iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
1372iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y1EZS5II.txttext
MD5:47D949E9C56756770D4A5243DD2A3A01
SHA256:44DA53D04895067C760105DE565D3F299D861D6A9AD87A779AA676CAADB422F3
2468iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
1372iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:B3C2413D9D13715DC52EE9C50A5D8E64
SHA256:F461083BBB7C342293FC164C7EF9DB175CCC2CFE9EFF9820AF113BAE2654A8E9
1372iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\tfpoqzYv42r7UjQvzw0PVIoT2nY[1].pngimage
MD5:83C9AF188DAEA75971437F3F67DAA05F
SHA256:96054AD091360D568C6D01633833AC8988981696E14B1EC230E96A2457884990
1372iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\EIVRT3AF.txttext
MD5:B3DAC27F07C0684B74CC80CBC297D2BC
SHA256:3BAC59571D1D4D7C16DDEB27530303C16891D9D6F1A4E6A797255F16520F8457
2468iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8Fder
MD5:408D97801538CC3B9650815F65F7D4F8
SHA256:0D3933A6487113E038434B75E55F08B0CE441FA5FAE58F92083716745C3866DE
1372iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\784SMI8J.txttext
MD5:5A849D31785B8FDF4D2C849E1F077B66
SHA256:4A76A748E9CFAFF2EE45EDD23EF63ECD4CAA00F9734B5D07E29E8F711ADE28AA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
81
TCP/UDP connections
256
DNS requests
94
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
3068
iexplore.exe
GET
200
172.64.155.188:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEAXk3DuUOKs7hZfLpqGYUOM%3D
US
der
2.18 Kb
whitelisted
1372
iexplore.exe
GET
200
23.37.62.128:80
http://x1.c.lencr.org/
DE
der
717 b
whitelisted
3068
iexplore.exe
GET
200
52.222.226.205:80
http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEA6tELOm1jlqT90Z1c5ecKE%3D
US
der
471 b
whitelisted
1372
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?70597944179657b7
US
compressed
61.1 Kb
whitelisted
1372
iexplore.exe
GET
200
2.16.186.10:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRTfxlZFbWXBS8PYPCZPFYFWA%3D%3D
unknown
der
503 b
shared
3068
iexplore.exe
GET
200
52.222.226.205:80
http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEA7POWUiXTT1gBnjvd86LYQ%3D
US
der
471 b
whitelisted
3068
iexplore.exe
GET
200
152.199.19.74:80
http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEEsrARXN5cdIGzzd%2Ft4RFp4%3D
US
der
1.53 Kb
shared
1372
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
2468
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1372
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
1372
iexplore.exe
40.126.31.71:443
login.microsoftonline.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2468
iexplore.exe
152.199.19.161:443
r20swj13mr.microsoft.com
EDGECAST
US
whitelisted
2468
iexplore.exe
2.23.209.130:443
www.bing.com
Akamai International B.V.
GB
malicious
2468
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2468
iexplore.exe
88.221.62.148:443
go.microsoft.com
AKAMAI-AS
DE
malicious
2.16.187.19:443
Akamai International B.V.
DE
whitelisted
1372
iexplore.exe
2.23.209.179:443
www.bing.com
Akamai International B.V.
GB
suspicious
1372
iexplore.exe
23.37.62.128:80
x1.c.lencr.org
AKAMAI-AS
DE
suspicious
2.23.209.140:443
www.bing.com
Akamai International B.V.
GB
suspicious

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 93.184.221.240
  • 209.197.3.8
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 2.23.209.130
  • 2.23.209.140
  • 2.23.209.187
  • 2.23.209.179
  • 2.23.209.133
  • 2.23.209.182
  • 2.23.209.189
  • 2.23.209.165
  • 2.23.209.149
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl3.digicert.com
  • 192.229.221.95
whitelisted
r.bing.com
  • 2.23.209.179
  • 2.23.209.150
  • 2.23.209.189
  • 2.23.209.193
  • 2.23.209.176
  • 2.23.209.148
  • 2.23.209.165
  • 2.23.209.149
  • 2.23.209.158
whitelisted
th.bing.com
  • 2.23.209.150
  • 2.23.209.179
  • 2.23.209.182
  • 2.23.209.189
  • 2.23.209.149
  • 2.23.209.193
  • 2.23.209.148
  • 2.23.209.185
  • 2.23.209.158
whitelisted
login.microsoftonline.com
  • 40.126.31.71
  • 20.190.159.23
  • 40.126.31.73
  • 40.126.31.67
  • 20.190.159.64
  • 20.190.159.0
  • 20.190.159.71
  • 20.190.159.73
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted

Threats

PID
Process
Class
Message
3068
iexplore.exe
Misc activity
ET INFO Observed ZeroSSL SSL/TLS Certificate
3068
iexplore.exe
Misc activity
ET INFO Observed ZeroSSL SSL/TLS Certificate
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.bing.com/search?q=TEST&qs=n&form=QBRE&sp=-1&ghc=1&lq=0&pq=test&sc=10-4&sk=&cvid=ED507D1A9D8E40F09A9008A1AF2691FC&ghsh=0&ghacc=0&ghpl=