URL:

https://go.microsoft.com/fwlink/?linkid=873217

Full analysis: https://app.any.run/tasks/0e1bba05-5d1d-4f27-b648-470bda084f13
Verdict: No threats detected
Analysis date: July 17, 2019, 19:55:26
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

FED4BAAAF2A4CAA72ABA1C5113955A96

SHA1:

9D9538914D98717B838F7F410B20313E6C622244

SHA256:

650D582E87DC81C3BA421ACDF47314F01EE8A40552480538D1CF1F38F10FF063

SSDEEP:

3:N8r8etR7LO+BYgSn:2geDPO+YgSn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 3828)

    • Dropped object may contain Bitcoin addresses

      • iexplore.exe (PID: 1212)

    • Application launched itself

      • iexplore.exe (PID: 3828)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3828)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3828)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3828)

    • Creates files in the user directory

      • iexplore.exe (PID: 1212)

    • Reads internet explorer settings

      • iexplore.exe (PID: 1212)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 1212)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3828"C:\Program Files\Internet Explorer\iexplore.exe" "https://go.microsoft.com/fwlink/?linkid=873217"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1212"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3828 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
491
Read events
399
Write events
89
Delete events
3

Modification events

(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000077000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{DA6B197F-A8CC-11E9-B2FD-5254004A04AF}
Value:
0
(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
1
(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E3070700030011001300370029001D02
Executable files
0
Suspicious files
0
Text files
51
Unknown types
7

Dropped files

PID
Process
Filename
Type
3828iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
MD5:
SHA256:
3828iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
1212iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@bing[2].txt
MD5:
SHA256:
1212iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9O5HPBRA\bing_com[1].txt
MD5:
SHA256:
1212iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DATsmt
MD5:1FC52CABA5245EEE4E2329B3DF25947F
SHA256:79C8B01B03B047F18814F7664DD12E3E4F45527B0513C9E5890F25DA92212AB4
1212iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9O5HPBRA\bing_com[1].htmhtml
MD5:996B2B0E0A53E4992EDBEB08055B7FF8
SHA256:18B0E8B18F95D19153B08C336F6A21A30B34AF708D6081E4FEEAAB888336E27C
1212iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txttext
MD5:B19778413D9DC15516F4E1DF92B69709
SHA256:0388E68D88E7609AADB29E3989239A863BFB2D523F9F71DF9A6C4F44E96E73CB
1212iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@bing[1].txttext
MD5:722415B719D07D1A5B86D56E435F6134
SHA256:0DE10566A1EBC02A380D48E0B96CC1792680D900A24846164205FE3B7E619FA4
1212iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:F9A89DF8E954170A40C95404ACFBEC5D
SHA256:25F17F9E5554972236558407EA55A7F2DED356AED56BF564CB35311E76212747
1212iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:2A3BCE5DD1583EA8E13AA15A03D63E59
SHA256:74B6DBCE0CDEA706436F3F828312AD8B89D27B63856167A5B368A6914FA2568B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
14
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3828
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1212
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3828
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3828
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
1212
iexplore.exe
13.107.21.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
1212
iexplore.exe
2.19.38.59:443
go.microsoft.com
Akamai International B.V.
whitelisted
1212
iexplore.exe
40.90.23.217:443
login.live.com
Microsoft Corporation
US
unknown
13.107.246.10:443
logincdn.msauth.net
Microsoft Corporation
US
whitelisted
1212
iexplore.exe
13.107.246.10:443
logincdn.msauth.net
Microsoft Corporation
US
whitelisted

DNS requests

Domain
IP
Reputation
go.microsoft.com
  • 2.19.38.59
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
login.live.com
  • 40.90.23.217
  • 40.90.23.244
  • 40.90.23.224
whitelisted
logincdn.msauth.net
  • 13.107.246.10
malicious
ipv6.login.live.com
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://go.microsoft.com/fwlink/?linkid=873217