URL:

l.linklyhq.com

Full analysis: https://app.any.run/tasks/c041fdbf-3820-4447-b6a4-c4ce09c194d2
Verdict: Malicious activity
Analysis date: November 24, 2023, 08:38:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

02D38FA38A1584AE7E992793586F1CAF

SHA1:

DC674E43A5EC57D2B6C5D6C0680E90C26C03C04D

SHA256:

C7FECD432F936B2F70DC844A00722DB8051D570B4FCBFECBF7AABB0A176F95EE

SSDEEP:

3:I:I

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 2252)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2252)

    • Application launched itself

      • iexplore.exe (PID: 2168)

    • Reads the computer name

      • wmpnscfg.exe (PID: 2252)

    • Checks supported languages

      • wmpnscfg.exe (PID: 2252)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2168"C:\Program Files\Internet Explorer\iexplore.exe" "l.linklyhq.com"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2252"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
3320"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2168 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
14 508
Read events
14 450
Write events
55
Delete events
3

Modification events

(PID) Process:(2168) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(2168) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(2168) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(2168) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2168) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2168) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2168) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2168) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2168) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2168) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
65
Text files
61
Unknown types
0

Dropped files

PID
Process
Filename
Type
3320iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\P6SLHJC6.htmhtml
MD5:341FC39934AECADB90D77CBD9CB98B59
SHA256:998C6839A92657FBEF6193BA76E12803C2561B1783AF5FE109A72893A51E1A69
3320iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751binary
MD5:60FE01DF86BE2E5331B0CDBE86165686
SHA256:C08CCBC876CD5A7CDFA9670F9637DA57F6A1282198A9BC71FC7D7247A6E5B7A8
3320iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:9349ABE8CB0196655F78BD302390994F
SHA256:26FB08A83D02F84C0CDCE021A89BFBA9C5A48E667C855B4DD86FB981F68C8B0C
3320iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:327C15CD72E48CED5FD2EBA715C408DF
SHA256:8078CB0E6F487FC5AA9ACD4753CCABDCA8C0F74AB2BF152D74068F861786FCA2
3320iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04binary
MD5:969F9A2BAE328B492E83D4B5BA5B0CB2
SHA256:A3BFA2C0ADC2ABA48D3EB83D1F9562969336A29FD8D8E2F19839CBC41FCFBFD2
3320iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\CabE933.tmpcompressed
MD5:F3441B8572AAE8801C04F3060B550443
SHA256:6720349E7D82EE0A8E73920D3C2B7CB2912D9FCF2EDB6FD98F2F12820158B0BF
3320iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\C53GUPJQ.htmhtml
MD5:B05A54AD509052B450A824425A6B38DB
SHA256:A074192A1D026C1E056790C5D53F1C6A9AFBC52BDC0F373F2F72D82E630B2248
3320iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarE934.tmpbinary
MD5:9441737383D21192400ECA82FDA910EC
SHA256:BC3A6E84E41FAEB57E7C21AA3B60C2A64777107009727C5B7C0ED8FE658909E5
3320iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:AC89A852C2AAA3D389B2D2DD312AD367
SHA256:0B720E19270C672F9B6E0EC40B468AC49376807DE08A814573FE038779534F45
3320iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:3ABFF65C325C30DF7B3E5AE5EC599745
SHA256:5D398EB4819DDEF520CBBD77F2FB2047E0B3FE7F0188B3D3B16DB9E57521F573
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
27
TCP/UDP connections
75
DNS requests
41
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3320
iexplore.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCVN9Jf3G%2B1pAqd7QzTt1vx
unknown
binary
472 b
unknown
3320
iexplore.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQChuVoVf7HVAxLxWCb2kXo7
unknown
binary
472 b
unknown
2168
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D
unknown
binary
471 b
unknown
3320
iexplore.exe
GET
200
184.24.77.54:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRyMELfKSYAwsNOMDKFoGjUrA%3D%3D
unknown
binary
503 b
unknown
3320
iexplore.exe
GET
200
108.138.2.10:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
unknown
binary
2.02 Kb
unknown
3320
iexplore.exe
GET
302
35.226.132.161:80
http://l.linklyhq.com/
unknown
html
86 b
unknown
3320
iexplore.exe
GET
200
23.32.238.177:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?54014302e5746df7
unknown
compressed
4.66 Kb
unknown
3320
iexplore.exe
GET
200
23.32.238.177:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5bc56ae4141f0eb3
unknown
compressed
4.66 Kb
unknown
3320
iexplore.exe
GET
200
23.32.238.177:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?ea59115432673591
unknown
compressed
61.6 Kb
unknown
3320
iexplore.exe
GET
200
23.212.210.158:80
http://x1.c.lencr.org/
unknown
binary
717 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
3320
iexplore.exe
35.226.132.161:80
l.linklyhq.com
GOOGLE-CLOUD-PLATFORM
US
unknown
2588
svchost.exe
239.255.255.250:1900
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3320
iexplore.exe
198.185.159.144:443
linklyhq.com
SQUARESPACE
US
unknown
4
System
192.168.100.255:138
whitelisted
3320
iexplore.exe
23.32.238.177:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
3320
iexplore.exe
23.212.210.158:80
x1.c.lencr.org
AKAMAI-AS
AU
unknown
1080
svchost.exe
23.32.238.177:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
3320
iexplore.exe
142.250.184.234:443
fonts.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
l.linklyhq.com
  • 35.226.132.161
malicious
linklyhq.com
  • 198.185.159.144
  • 198.49.23.144
  • 198.185.159.145
  • 198.49.23.145
unknown
ctldl.windowsupdate.com
  • 23.32.238.177
  • 23.32.238.233
  • 23.32.238.243
  • 23.32.238.209
  • 23.32.238.240
  • 23.32.238.232
  • 23.32.238.168
  • 23.32.238.219
  • 23.32.238.216
whitelisted
x1.c.lencr.org
  • 23.212.210.158
whitelisted
fonts.googleapis.com
  • 142.250.184.234
whitelisted
assets.squarespace.com
  • 151.101.0.237
  • 151.101.64.237
  • 151.101.128.237
  • 151.101.192.237
whitelisted
static1.squarespace.com
  • 151.101.0.238
  • 151.101.64.238
  • 151.101.128.238
  • 151.101.192.238
whitelisted
images.squarespace-cdn.com
  • 23.48.23.16
  • 23.48.23.34
  • 23.48.23.61
  • 23.48.23.11
whitelisted
code.jquery.com
  • 151.101.194.137
  • 151.101.130.137
  • 151.101.2.137
  • 151.101.66.137
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted

Threats

PID
Process
Class
Message
3320
iexplore.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code.jquery .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
l.linklyhq.com