URL:

https://adclick.g.doubleclick.net/aclk?sa=l&ai=CB2MJgGrkZNa7G8bOgAfW-aWoB7SupvNU5-j2id0R15aWjsAWEAEg2c-WImDhBKAB88nA_wPIAQmoAwHIA8sEqgTOAU_QaO1fWiI8mT993_6fwMWju59Ec564eCF4DpuWdJIcvNqXrXFjgv6Gs1WtEwT293fcT65p3TQ6SscCZJakuWH_b4PKjda16VSJITvtnCgqkTdGh55skCFcUZjvgV_qNgRRnyzVyr3HA5ysbeBlpeja-e5IQ3TmenU4VWQ3plbMpYkHXpe55N0OVUL0d1Qg7HQxl2EUxPwt7AqPohd9-3L7f4vwoBMO43Cvs7LC51iPO9HDo_IxMBkPZofPdqUJo2Vk6qaylHv3uvIrvE95wATJuu3wBYgFyd6gG6AGLoAH9bU_qAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB8yAooCOgKAQEi9_cE6sQleb0PNhEY0iIAKAZgLAcgLAYAMAaoNAlBIyA0B2BMK0BUBmBYB-BYBgBcB&ae=1&gclid=EAIaIQobChMI1vvZ0OXvgAMVRifgCh3WfAl1EAEYASAAEgLul_D_BwE&num=1&cid=CAQSSwBpAlJW9WNXaxEYjkbr2HxIBX8TzQTrLk8eLzZi-yRDqhhbjZYGjB14Irhe0KzlSSM9MyAF7FLkdo_odZbQ4LgrKtjJocBJmU-rXBgB&sig=AOD64_0i3VbWRLhoTyneNzzdlwyniq0Tyg&client=ca-pub-1452786187751943&rf=1&nb=9&adurl=https://ipfs.io/bafybeig2un5cqyllsugdr3xl2hu6yukloyvai75j5yenidrah6uhc2x54e/fizaindexii.html%3Fgclid%3DEAIaIQobChMI1vvZ0OXvgAMVRifgCh3WfAl1EAEYASAAEgLul_D_BwE#ZHluaXNjb0BkaWdpdHJvbC5jb20uYnI=

Full analysis: https://app.any.run/tasks/70c3c941-2997-4228-b789-193752ca654c
Verdict: Malicious activity
Analysis date: August 24, 2023, 13:19:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

9BACD9608B86AB887FCF73C4AF4BD2B3

SHA1:

1F1808ACC8C8917E1D8FC460DB222EC205F8BA33

SHA256:

DFE7FB8F355A93ED71CF9363E1A0F0B408751F1DEFE1D26F4F1E175124BCB044

SSDEEP:

24:2gixH4pUtl8XZtzu1qXEX9S1bLGOU+blD8kfwuxR5fhDxMUVOx6:xixYpEeXZtzuzmLhrllfLvk6

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 1048)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1048"C:\Program Files\Internet Explorer\iexplore.exe" "https://adclick.g.doubleclick.net/aclk?sa=l&ai=CB2MJgGrkZNa7G8bOgAfW-aWoB7SupvNU5-j2id0R15aWjsAWEAEg2c-WImDhBKAB88nA_wPIAQmoAwHIA8sEqgTOAU_QaO1fWiI8mT993_6fwMWju59Ec564eCF4DpuWdJIcvNqXrXFjgv6Gs1WtEwT293fcT65p3TQ6SscCZJakuWH_b4PKjda16VSJITvtnCgqkTdGh55skCFcUZjvgV_qNgRRnyzVyr3HA5ysbeBlpeja-e5IQ3TmenU4VWQ3plbMpYkHXpe55N0OVUL0d1Qg7HQxl2EUxPwt7AqPohd9-3L7f4vwoBMO43Cvs7LC51iPO9HDo_IxMBkPZofPdqUJo2Vk6qaylHv3uvIrvE95wATJuu3wBYgFyd6gG6AGLoAH9bU_qAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB8yAooCOgKAQEi9_cE6sQleb0PNhEY0iIAKAZgLAcgLAYAMAaoNAlBIyA0B2BMK0BUBmBYB-BYBgBcB&ae=1&gclid=EAIaIQobChMI1vvZ0OXvgAMVRifgCh3WfAl1EAEYASAAEgLul_D_BwE&num=1&cid=CAQSSwBpAlJW9WNXaxEYjkbr2HxIBX8TzQTrLk8eLzZi-yRDqhhbjZYGjB14Irhe0KzlSSM9MyAF7FLkdo_odZbQ4LgrKtjJocBJmU-rXBgB&sig=AOD64_0i3VbWRLhoTyneNzzdlwyniq0Tyg&client=ca-pub-1452786187751943&rf=1&nb=9&adurl=https://ipfs.io/bafybeig2un5cqyllsugdr3xl2hu6yukloyvai75j5yenidrah6uhc2x54e/fizaindexii.html%3Fgclid%3DEAIaIQobChMI1vvZ0OXvgAMVRifgCh3WfAl1EAEYASAAEgLul_D_BwE#ZHluaXNjb0BkaWdpdHJvbC5jb20uYnI="C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2508"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1048 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
11 174
Read events
11 119
Write events
55
Delete events
0

Modification events

(PID) Process:(1048) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(1048) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(1048) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(1048) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1048) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1048) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(1048) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1048) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(1048) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(1048) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
22
Text files
13
Unknown types
2

Dropped files

PID
Process
Filename
Type
2508iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:60C804CA037EE969F1F17260C966814E
SHA256:882F2CDD363B28452650FE576B96926D4897F8D998F2EB940F2271DC895FDBF0
2508iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:F7DCB24540769805E5BB30D193944DCE
SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
2508iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:327BF422FA729CA6273AB82B8CF81F59
SHA256:49A1587225A58AA1961D4F6AFF4E7853E2092306069011C489ECD3842DF1075D
2508iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\CYXBKVQP.txttext
MD5:114FB782885981AABDE3094D1AD45C39
SHA256:5A605F31C0C850FA1BACF907B5D8D98E352B92B34A0565B5AA763010EA7C34F5
2508iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_D59278CD4E39CACD4B8DB18AD1269CC4der
MD5:297DFDE7B87B443E484119DA3B854E01
SHA256:A77DDA2E2650DFB0E8A6670E1CD1452483430A91E2010942916A3235605A11E9
2508iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:3A62B0B5F8E042A9D785B6512FD1C4F5
SHA256:DDBDCABE518142E742BC0B6754CE6FD6DFBC6FDBAE68ADB80D4336E94478D039
2508iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_6363676F7D5E1F36EC0BF57DE6A205E7der
MD5:5CDD9B32CB777D1E48D74F9A92173077
SHA256:FAEF1C1AFB632E720AFEDB602638A15D1C33E8E8B7B2575CE7261054715A9C2C
2508iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_D59278CD4E39CACD4B8DB18AD1269CC4binary
MD5:0CFC7A5818E420CAC853D7CDEC4F33A3
SHA256:CBD5821C7A85118799F91772E003F8ED4983EFDABDEFC3A68B7C0B580ACE36D6
2508iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:CC14950804D32F16EFB5C0A841C2F3A3
SHA256:AB2322A8F10F18A6D69E1A62FDAA0E579415669A268C9E85474B638AB1F62748
2508iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\K14JCJ5Z.txttext
MD5:D801E48E4D0DC3C1F1E0EBDD03C6F127
SHA256:132AA9CE2F9F48239452256F2E9B51BA780D5517FFE7F260FE1B7D17E2ABC772
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
30
DNS requests
17
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1048
iexplore.exe
GET
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
whitelisted
2508
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD5oGbf3mY9EAnXN0%2B0qDnZ
US
der
472 b
whitelisted
2508
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD0YGGtNHUx6RBLB3GtoPzX
US
der
472 b
whitelisted
2508
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
2508
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?caf4ea83d6ad000f
US
compressed
4.70 Kb
whitelisted
2508
iexplore.exe
GET
200
23.201.254.55:80
http://x1.c.lencr.org/
CH
der
717 b
whitelisted
2508
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?ab1371f194f13545
US
compressed
61.6 Kb
whitelisted
1048
iexplore.exe
GET
200
192.229.221.95:80
http://crl3.digicert.com/Omniroot2025.crl
US
der
7.78 Kb
whitelisted
2508
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5f36ff51f9d64b46
US
compressed
4.70 Kb
whitelisted
1048
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2508
iexplore.exe
172.217.23.98:443
adclick.g.doubleclick.net
GOOGLE
US
whitelisted
4
System
192.168.100.255:137
whitelisted
3284
svchost.exe
239.255.255.250:1900
whitelisted
1048
iexplore.exe
23.53.43.179:443
www.bing.com
Akamai International B.V.
DE
unknown
2508
iexplore.exe
172.217.23.99:80
ocsp.pki.goog
GOOGLE
US
whitelisted
2508
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2508
iexplore.exe
142.250.186.98:443
www.googleadservices.com
GOOGLE
US
suspicious
1048
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1048
iexplore.exe
23.53.43.186:443
www.bing.com
Akamai International B.V.
DE
unknown
2508
iexplore.exe
169.150.247.39:443
ipfs.tech
GB
malicious

DNS requests

Domain
IP
Reputation
adclick.g.doubleclick.net
  • 172.217.23.98
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 23.53.43.179
  • 23.53.43.162
  • 23.53.43.186
  • 23.53.43.169
  • 23.53.43.168
  • 23.53.43.170
  • 23.53.43.171
  • 23.53.43.178
  • 23.53.43.185
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.pki.goog
  • 172.217.23.99
whitelisted
www.googleadservices.com
  • 142.250.186.98
whitelisted
ipfs.io
  • 209.94.90.1
malicious
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
x1.c.lencr.org
  • 23.201.254.55
whitelisted

Threats

PID
Process
Class
Message
1088
svchost.exe
Potentially Bad Traffic
ET INFO Peer-to-Peer File Sharing Service Domain in DNS Lookup (ipfs .io)
2508
iexplore.exe
Potentially Bad Traffic
ET INFO Observed Peer-to-Peer File Sharing Service Domain (ipfs .io in TLS SNI)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://adclick.g.doubleclick.net/aclk?sa=l&ai=CB2MJgGrkZNa7G8bOgAfW-aWoB7SupvNU5-j2id0R15aWjsAWEAEg2c-WImDhBKAB88nA_wPIAQmoAwHIA8sEqgTOAU_QaO1fWiI8mT993_6fwMWju59Ec564eCF4DpuWdJIcvNqXrXFjgv6Gs1WtEwT293fcT65p3TQ6SscCZJakuWH_b4PKjda16VSJITvtnCgqkTdGh55skCFcUZjvgV_qNgRRnyzVyr3HA5ysbeBlpeja-e5IQ3TmenU4VWQ3plbMpYkHXpe55N0OVUL0d1Qg7HQxl2EUxPwt7AqPohd9-3L7f4vwoBMO43Cvs7LC51iPO9HDo_IxMBkPZofPdqUJo2Vk6qaylHv3uvIrvE95wATJuu3wBYgFyd6gG6AGLoAH9bU_qAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB8yAooCOgKAQEi9_cE6sQleb0PNhEY0iIAKAZgLAcgLAYAMAaoNAlBIyA0B2BMK0BUBmBYB-BYBgBcB&ae=1&gclid=EAIaIQobChMI1vvZ0OXvgAMVRifgCh3WfAl1EAEYASAAEgLul_D_BwE&num=1&cid=CAQSSwBpAlJW9WNXaxEYjkbr2HxIBX8TzQTrLk8eLzZi-yRDqhhbjZYGjB14Irhe0KzlSSM9MyAF7FLkdo_odZbQ4LgrKtjJocBJmU-rXBgB&sig=AOD64_0i3VbWRLhoTyneNzzdlwyniq0Tyg&client=ca-pub-1452786187751943&rf=1&nb=9&adurl=https://ipfs.io/bafybeig2un5cqyllsugdr3xl2hu6yukloyvai75j5yenidrah6uhc2x54e/fizaindexii.html%3Fgclid%3DEAIaIQobChMI1vvZ0OXvgAMVRifgCh3WfAl1EAEYASAAEgLul_D_BwE#ZHluaXNjb0BkaWdpdHJvbC5jb20uYnI=