URL:

https://www.youtube.com/redirect?event=video_description&v=EjcyiOXWnlc&redir_token=vpypJkdPcBMmRljjeZ_IjO7urzB8MTU4NTcwMDIwOEAxNTg1NjEzODA4&q=https%3A%2F%2Flink-to.net%2F59342%2FProxy

Full analysis: https://app.any.run/tasks/36b6ba18-51ca-4b67-98f1-89d4e0b0df50
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: March 31, 2020, 00:18:13
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
Indicators:
MD5:

FBA4F6489E4C2B19369F2F84BEB9CE0E

SHA1:

BC5283FE4CE93BE717EA84407AEAA28FF476C79E

SHA256:

844DA678CF1670F57CFF7052315F294BF50E8F90D3F2795A9EA923EF3081D91C

SSDEEP:

3:N8DSLUxGTKXtRAZBv6NVLMq1YhcFOFvpCPds1AZCRCyRlNRRRWCXjInGXjgc:2OLUxGKmKDLMcYhcFEvpCls1AqRBR3zv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • ProxyTool - Linkvertise Downloader_3086758609.exe (PID: 2828)
      • ProxyTool - Linkvertise Downloader_3086758609.exe (PID: 740)
      • Rathens_Scraper.exe (PID: 3824)
      • Rathens_Scraper.exe (PID: 748)
      • Proxy checker.exe (PID: 3332)

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 2912)
      • Rathens_Scraper.exe (PID: 3824)
      • Rathens_Scraper.exe (PID: 748)
      • ProxyTool - Linkvertise Downloader_3086758609.exe (PID: 740)
      • Proxy checker.exe (PID: 3332)

  • SUSPICIOUS

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 3544)

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 3144)
      • ProxyTool - Linkvertise Downloader_3086758609.exe (PID: 740)
      • WinRAR.exe (PID: 3220)

    • Reads Environment values

      • ProxyTool - Linkvertise Downloader_3086758609.exe (PID: 740)
      • Rathens_Scraper.exe (PID: 3824)
      • Rathens_Scraper.exe (PID: 748)

    • Cleans NTFS data-stream (Zone Identifier)

      • ProxyTool - Linkvertise Downloader_3086758609.exe (PID: 2828)

    • Application launched itself

      • ProxyTool - Linkvertise Downloader_3086758609.exe (PID: 2828)

    • Reads internet explorer settings

      • ProxyTool - Linkvertise Downloader_3086758609.exe (PID: 740)

    • Executed via COM

      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 604)
      • explorer.exe (PID: 1412)

    • Connects to unusual port

      • Proxy checker.exe (PID: 3332)

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3144)
      • iexplore.exe (PID: 676)
      • iexplore.exe (PID: 548)

    • Changes internet zones settings

      • iexplore.exe (PID: 3144)

    • Application launched itself

      • iexplore.exe (PID: 3144)
      • chrome.exe (PID: 3544)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 548)
      • chrome.exe (PID: 2636)
      • iexplore.exe (PID: 3144)
      • Proxy checker.exe (PID: 3332)

    • Reads internet explorer settings

      • iexplore.exe (PID: 548)
      • iexplore.exe (PID: 676)

    • Creates files in the user directory

      • iexplore.exe (PID: 3144)
      • iexplore.exe (PID: 676)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 604)
      • opera.exe (PID: 2564)

    • Dropped object may contain Bitcoin addresses

      • opera.exe (PID: 2564)

    • Reads the hosts file

      • chrome.exe (PID: 3544)
      • chrome.exe (PID: 2636)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 3144)

    • Manual execution by user

      • opera.exe (PID: 2564)
      • chrome.exe (PID: 3544)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3144)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3144)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
95
Monitored processes
48
Malicious processes
6
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start iexplore.exe iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs opera.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs proxytool - linkvertise downloader_3086758609.exe no specs proxytool - linkvertise downloader_3086758609.exe chrome.exe no specs explorer.exe no specs explorer.exe no specs chrome.exe no specs winrar.exe searchprotocolhost.exe no specs rathens_scraper.exe rathens_scraper.exe notepad.exe no specs notepad.exe no specs proxy checker.exe

Process information

PID
CMD
Path
Indicators
Parent process
548"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3144 CREDAT:1316126 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
604C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Exit code:
0
Version:
26,0,0,131
Modules
Images
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
608"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1024,13069874439812393916,1601744482073193147,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10161201840102126393 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
676"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3144 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
3221225547
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
740"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\ProxyTool - Linkvertise Downloader_3086758609.exe" RSF /ppn:YWV4dQ0KChAjb3J1FQUI /ads:1 /mnlC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\ProxyTool - Linkvertise Downloader_3086758609.exe
ProxyTool - Linkvertise Downloader_3086758609.exe
User:
admin
Company:
Integrity Level:
HIGH
Description:
Figebo Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\6z2bcoul\proxytool - linkvertise downloader_3086758609.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
744"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1024,13069874439812393916,1601744482073193147,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=17455646735909304691 --mojo-platform-channel-handle=4000 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
748"C:\Users\admin\Downloads\Proxy Scrapper + Checker\Proxy Scrapper + Checker\Rathens_Scraper.exe" C:\Users\admin\Downloads\Proxy Scrapper + Checker\Proxy Scrapper + Checker\Rathens_Scraper.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Rathens_Scraper
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\downloads\proxy scrapper + checker\proxy scrapper + checker\rathens_scraper.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
952"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1024,13069874439812393916,1601744482073193147,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=11632149673446544759 --mojo-platform-channel-handle=4224 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1232"C:\Windows\explorer.exe" /select, "C:\Users\admin\Downloads\Proxy Scrapper + Checker.rar"C:\Windows\explorer.exeProxyTool - Linkvertise Downloader_3086758609.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1412C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -EmbeddingC:\Windows\explorer.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
12 767
Read events
5 348
Write events
5 201
Delete events
2 218

Modification events

(PID) Process:(676) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(676) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(676) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3144) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
4136946688
(PID) Process:(3144) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30803697
(PID) Process:(3144) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3144) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3144) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3144) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3144) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
Executable files
11
Suspicious files
381
Text files
590
Unknown types
186

Dropped files

PID
Process
Filename
Type
676iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab5FDB.tmp
MD5:
SHA256:
676iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar5FDC.tmp
MD5:
SHA256:
676iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\PGXAICWX.txt
MD5:
SHA256:
676iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\ServiceLogin[1].htm
MD5:
SHA256:
676iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_0B97942EE72A6E3F514E8E84F294CC72binary
MD5:
SHA256:
676iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\3PCSQWH5.txttext
MD5:
SHA256:
676iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\redirect[1].htmhtml
MD5:
SHA256:
676iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_0B97942EE72A6E3F514E8E84F294CC72der
MD5:
SHA256:
676iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288Bder
MD5:
SHA256:
676iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288Bbinary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
179
TCP/UDP connections
926
DNS requests
173
Threats
294

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
676
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrBBNpPfHTPX6Jy6BVzyBPnBWMnQQUPnQtH89FdQR%2BP8Cihz5MQ4NRE8YCEAQ%2FCTodcd0uo5FZpw3NFis%3D
US
der
278 b
whitelisted
676
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrBBNpPfHTPX6Jy6BVzyBPnBWMnQQUPnQtH89FdQR%2BP8Cihz5MQ4NRE8YCEAQ%2FCTodcd0uo5FZpw3NFis%3D
US
der
278 b
whitelisted
676
iexplore.exe
GET
200
172.217.23.163:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
676
iexplore.exe
GET
200
172.217.23.163:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQC0uPjK2cHmvggAAAAAMgqv
US
der
472 b
whitelisted
676
iexplore.exe
GET
200
172.217.23.163:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQC0uPjK2cHmvggAAAAAMgqv
US
der
472 b
whitelisted
676
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrJdiQ%2Ficg9B19asFe73bPYs%2BreAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0%3D
US
der
313 b
whitelisted
676
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrBBNpPfHTPX6Jy6BVzyBPnBWMnQQUPnQtH89FdQR%2BP8Cihz5MQ4NRE8YCEAUI1xTz%2FIA59ca8CEavehY%3D
US
der
280 b
whitelisted
676
iexplore.exe
GET
200
172.217.23.163:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDy4NKedukSQwgAAAAAMgpY
US
der
472 b
whitelisted
676
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.trust-provider.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEENSAj%2F6qJAfE5%2Fj9OXBRE4%3D
US
der
471 b
whitelisted
676
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrJdiQ%2Ficg9B19asFe73bPYs%2BreAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0%3D
US
der
313 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
676
iexplore.exe
172.217.23.163:80
ocsp.pki.goog
Google Inc.
US
whitelisted
676
iexplore.exe
216.58.207.78:443
www.youtube.com
Google Inc.
US
whitelisted
3144
iexplore.exe
216.58.207.78:443
www.youtube.com
Google Inc.
US
whitelisted
676
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
676
iexplore.exe
104.18.45.33:443
link-to.net
Cloudflare Inc
US
shared
676
iexplore.exe
104.31.70.170:443
linkvertise.com
Cloudflare Inc
US
shared
676
iexplore.exe
104.17.65.4:443
cdnjs.cloudflare.com
Cloudflare Inc
US
unknown
676
iexplore.exe
209.197.3.15:443
stackpath.bootstrapcdn.com
Highwinds Network Group, Inc.
US
whitelisted
676
iexplore.exe
209.197.3.24:443
code.jquery.com
Highwinds Network Group, Inc.
US
malicious
676
iexplore.exe
104.16.126.175:443
unpkg.com
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
www.youtube.com
  • 216.58.207.78
  • 216.58.208.46
  • 172.217.16.206
  • 216.58.210.14
  • 172.217.22.46
  • 172.217.22.78
  • 172.217.22.110
  • 172.217.21.238
  • 172.217.21.206
  • 172.217.16.142
  • 172.217.23.174
  • 216.58.205.238
  • 172.217.22.14
  • 216.58.206.14
  • 172.217.18.110
  • 172.217.18.14
whitelisted
ocsp.pki.goog
  • 178.250.0.165
  • 172.217.23.163
whitelisted
fonts.gstatic.com
  • 172.217.22.35
whitelisted
accounts.google.com
  • 172.217.16.205
shared
s.ytimg.com
  • 216.58.206.14
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
link-to.net
  • 104.18.45.33
  • 104.18.44.33
malicious
ocsp.digicert.com
  • 93.184.220.29
whitelisted
linkvertise.com
  • 104.31.70.170
  • 104.31.71.170
whitelisted

Threats

PID
Process
Class
Message
2564
opera.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
2564
opera.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
2564
opera.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
2564
opera.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
2564
opera.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
740
ProxyTool - Linkvertise Downloader_3086758609.exe
A Network Trojan was detected
ADWARE [PTsecurity] InstallCore
3332
Proxy checker.exe
Potential Corporate Privacy Violation
POLICY [PTsecurity] Socks4 Connection
3332
Proxy checker.exe
Potential Corporate Privacy Violation
POLICY [PTsecurity] Socks4 Connection
3332
Proxy checker.exe
Potential Corporate Privacy Violation
POLICY [PTsecurity] Socks4 Connection
3332
Proxy checker.exe
Potential Corporate Privacy Violation
POLICY [PTsecurity] Socks4 Connection
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.youtube.com/redirect?event=video_description&v=EjcyiOXWnlc&redir_token=vpypJkdPcBMmRljjeZ_IjO7urzB8MTU4NTcwMDIwOEAxNTg1NjEzODA4&q=https%3A%2F%2Flink-to.net%2F59342%2FProxy