URL:

http://ad.leadboltads.net/

Full analysis: https://app.any.run/tasks/040f4816-87bb-42ed-9728-205eec95d05b
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: March 16, 2020, 17:07:11
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
Indicators:
MD5:

2D2ECEFE7CAFE86FAFC15ADF13B52D44

SHA1:

1EF70C81216FC5F9EA94EEBA6B9E488CD1FBF7C9

SHA256:

D8353ACEE696042294B8AA06D329C324C3B70C1E3C22CC5226087F7A5FA31C5A

SSDEEP:

3:N1KfdxSiKARK:CFxBbRK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executed via COM

      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3508)

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2544)
      • iexplore.exe (PID: 3880)
      • iexplore.exe (PID: 3380)
      • iexplore.exe (PID: 3888)
      • iexplore.exe (PID: 3076)

    • Changes internet zones settings

      • iexplore.exe (PID: 2544)

    • Creates files in the user directory

      • iexplore.exe (PID: 3880)
      • iexplore.exe (PID: 2544)
      • iexplore.exe (PID: 3888)
      • iexplore.exe (PID: 3380)
      • iexplore.exe (PID: 3076)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3508)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3880)
      • iexplore.exe (PID: 3380)
      • iexplore.exe (PID: 3888)
      • iexplore.exe (PID: 3076)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3380)
      • iexplore.exe (PID: 3888)
      • iexplore.exe (PID: 2544)
      • iexplore.exe (PID: 3880)
      • iexplore.exe (PID: 3076)

    • Application launched itself

      • iexplore.exe (PID: 2544)

    • Dropped object may contain TOR URL's

      • iexplore.exe (PID: 3076)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2544)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2544)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
6
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2544"C:\Program Files\Internet Explorer\iexplore.exe" "http://ad.leadboltads.net/"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3076"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2544 CREDAT:3347743 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3380"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2544 CREDAT:3413261 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3508C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Exit code:
0
Version:
26,0,0,131
Modules
Images
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3880"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2544 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3888"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2544 CREDAT:791839 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
7 127
Read events
1 654
Write events
3 754
Delete events
1 719

Modification events

(PID) Process:(3880) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3880) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3880) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2544) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
1883252484
(PID) Process:(2544) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30800821
(PID) Process:(2544) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2544) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2544) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2544) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2544) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
Executable files
0
Suspicious files
179
Text files
439
Unknown types
106

Dropped files

PID
Process
Filename
Type
2544iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3880iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\HWYJH8NS.txttext
MD5:2F03205A51CF619F1E79A57A1DCAA390
SHA256:62DB7FE0441328D1197A22CC878449001B891538E2E0574DA72C6F964836287F
3880iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab866E.tmp
MD5:
SHA256:
3880iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar866F.tmp
MD5:
SHA256:
3880iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\style[1].csstext
MD5:96F84D0985AF87B4D4F6AE8816F9C5C5
SHA256:93A1109ADA0CD55DEDEAF7E9C4251A7F91AC3C3E1AB85E25E37B6CD4E47D504B
3880iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\skenzo[1].csstext
MD5:258924C7D7C159A3861E9838F0B40012
SHA256:DB30F3956434FA476F2F5A605696E792A57398E8DED3AF2FEB7913C731AD7AB8
3880iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\4B41T6SL.htmhtml
MD5:44FC24D1BA20B6875EC88028EA7EF9F9
SHA256:0B504237EC979361CE9E2872C25D343A03FB68414C4D24BEF334E01A830D50CF
3880iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\min[1].jstext
MD5:5563332AD6AF63C9C94CEF15761BE544
SHA256:4EFEC11A42893D4DF0249174CBE5AFAE24A5734F5DED35C5E84C56BF9F473EC2
3880iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\8QU1CQCK.htmhtml
MD5:3A6EFCFF878421FF9DE8860955C510E5
SHA256:1663895E86485BAE75F93FA757105B2914BC00E05BDAED268BB5ED95D28F136A
3880iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DC3E633EDFAEFC3AA3C99552548EC2Fbinary
MD5:BC3034D1C18953541D284B423BE28E9D
SHA256:77A9426FE6E774445FBAB5C682B4AA730B0AB9D87999E15A732F635405BA6A44
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
125
TCP/UDP connections
288
DNS requests
83
Threats
14

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3880
iexplore.exe
GET
302
37.48.65.152:80
http://ad.leadboltads.net/
NL
text
11 b
whitelisted
3880
iexplore.exe
GET
200
52.222.168.48:80
http://d1lxhc4jvstzrp.cloudfront.net/themes/assets/skenzo.css
US
text
208 b
shared
3880
iexplore.exe
GET
200
208.91.196.46:80
http://iyfsearch.com/sk-logabpstatus.php?a=UEVCRThsVnZ3QjB2Q1MrbzdaWFd1Q2haWUYwS3BNWmQ4TlE2cUtEUUp4U0VZc25wcGRPV1VkUjZSS1ZjNmdNVUZhVWZYZnR3V2FHbWRiYUZJWHRZQk1oUjlEakZjWnVYT0pKU2pqU2xGM1U9&b=false
VG
text
346 b
suspicious
3880
iexplore.exe
GET
200
208.91.196.46:80
http://iyfsearch.com/px.js?ch=1
VG
text
346 b
suspicious
3880
iexplore.exe
GET
200
208.91.196.46:80
http://iyfsearch.com/?dn=leadboltads.net&pid=9PO755G95
VG
html
9.73 Kb
suspicious
3880
iexplore.exe
GET
200
2.16.186.64:80
http://i4.cdn-image.com/__media__/js/min.js?v2.2
unknown
text
2.97 Kb
whitelisted
3880
iexplore.exe
GET
200
208.91.196.46:80
http://iyfsearch.com/px.js?ch=2
VG
text
346 b
suspicious
3880
iexplore.exe
GET
200
2.16.186.64:80
http://i4.cdn-image.com/__media__/pics/12471/search-icon.png
unknown
image
1.16 Kb
whitelisted
3880
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/rootr1/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDkbwjNvPLFRm7zMB3V80
US
der
1.49 Kb
whitelisted
3880
iexplore.exe
GET
200
2.16.186.106:80
http://i2.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eot?
unknown
eot
110 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3880
iexplore.exe
37.48.65.152:80
LeaseWeb Netherlands B.V.
NL
malicious
3880
iexplore.exe
185.53.179.29:80
ww1.leadboltads.net
Team Internet AG
DE
malicious
2544
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3880
iexplore.exe
52.222.168.48:80
d1lxhc4jvstzrp.cloudfront.net
Amazon.com, Inc.
US
whitelisted
3880
iexplore.exe
208.91.196.46:80
iyfsearch.com
Confluence Networks Inc
VG
malicious
3880
iexplore.exe
2.16.186.64:80
i4.cdn-image.com
Akamai International B.V.
whitelisted
3880
iexplore.exe
2.16.186.106:80
i4.cdn-image.com
Akamai International B.V.
whitelisted
3880
iexplore.exe
151.101.2.110:443
js-agent.newrelic.com
Fastly
US
suspicious
2544
iexplore.exe
208.91.196.46:80
iyfsearch.com
Confluence Networks Inc
VG
malicious
3380
iexplore.exe
208.91.196.46:80
iyfsearch.com
Confluence Networks Inc
VG
malicious

DNS requests

Domain
IP
Reputation
ad.leadboltads.net
  • 52.222.168.140
  • 52.222.168.141
  • 52.222.168.11
  • 52.222.168.83
whitelisted
ww1.leadboltads.net
  • 185.53.179.29
malicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
d1lxhc4jvstzrp.cloudfront.net
  • 52.222.168.48
  • 52.222.168.9
  • 52.222.168.145
  • 52.222.168.196
shared
iyfsearch.com
  • 208.91.196.46
suspicious
i4.cdn-image.com
  • 2.16.186.64
  • 2.16.186.106
whitelisted
i2.cdn-image.com
  • 2.16.186.106
  • 2.16.186.64
whitelisted
i3.cdn-image.com
  • 2.16.186.106
  • 2.16.186.64
whitelisted
js-agent.newrelic.com
  • 151.101.2.110
  • 151.101.66.110
  • 151.101.130.110
  • 151.101.194.110
whitelisted

Threats

PID
Process
Class
Message
3880
iexplore.exe
Misc activity
ADWARE [PTsecurity] InstantAccess
3380
iexplore.exe
Misc activity
SUSPICIOUS [PTsecurity] ipify.org External IP Check
3380
iexplore.exe
Misc activity
SUSPICIOUS [PTsecurity] ipify.org External IP Check
3380
iexplore.exe
Misc activity
SUSPICIOUS [PTsecurity] ipify.org External IP Check
3380
iexplore.exe
Misc activity
SUSPICIOUS [PTsecurity] ipify.org External IP Check
3888
iexplore.exe
Misc activity
SUSPICIOUS [PTsecurity] ipify.org External IP Check
3888
iexplore.exe
Misc activity
SUSPICIOUS [PTsecurity] ipify.org External IP Check
3888
iexplore.exe
Misc activity
SUSPICIOUS [PTsecurity] ipify.org External IP Check
3888
iexplore.exe
Misc activity
SUSPICIOUS [PTsecurity] ipify.org External IP Check
3880
iexplore.exe
Generic Protocol Command Decode
SURICATA HTTP unable to match response to request
4 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://ad.leadboltads.net/