URL:

https://flixhq.ws/movie/the-godfather-94668/

Full analysis: https://app.any.run/tasks/50f2bcf1-a2b1-44d5-af1a-5d0ca9ad9b19
Verdict: Malicious activity
Analysis date: November 09, 2023, 06:56:00
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
SHA1:

A7DBA67E592D28FE2B02BB77A4F009BB9AF3EDA5

SHA256:

1778BB5841ADCCD3D70A3F6BF731D6DDB3E8516B5CCE503D706961B4B1B27B27

SSDEEP:

3:N8IdjBTdCsj:2aTdCU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Checks supported languages

      • wmpnscfg.exe (PID: 3972)

    • Application launched itself

      • iexplore.exe (PID: 3156)

    • Reads the computer name

      • wmpnscfg.exe (PID: 3972)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3972)

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 3972)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2912"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3156 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3156"C:\Program Files\Internet Explorer\iexplore.exe" "https://flixhq.ws/movie/the-godfather-94668/"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3972"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
Total events
30 479
Read events
30 410
Write events
66
Delete events
3

Modification events

(PID) Process:(3156) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(3156) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(3156) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(3156) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3156) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3156) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3156) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3156) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3156) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3156) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
66
Text files
83
Unknown types
0

Dropped files

PID
Process
Filename
Type
2912iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:607AA5C8EF5DA7B7CEA6938A65837823
SHA256:F65C8D151364A4702D7A905676886B3FE3C73D41F06C36B979D87413373C6BE0
2912iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464binary
MD5:8202A1CD02E7D69597995CABBE881A12
SHA256:58F381C3A0A0ACE6321DA22E40BD44A597BD98B9C9390AB9258426B5CF75A7A5
2912iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464binary
MD5:8FDB31003B639DF4B3B6C21E91FCAE61
SHA256:7B37634E6AF212DACD18ECAE85182F59874E1E44ABE16C804F84C304601DCAFE
2912iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:07106CDB44691C95D5DBAD70FA36E715
SHA256:CCE084C69AB30BF45ADD2827BB8C7014CC1C0B96D90417242930FDC6A982A218
2912iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\logo[1].pngimage
MD5:9696491193D9A4B5287EB9C479E9FBBE
SHA256:96C937D6DFD04B687A0076292203B7366091021459C815BFD9C21E93757835D8
2912iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
2912iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:444A619B93895E22FFA21094E11762B7
SHA256:52868C327862347F4A5626A4C1EDFC436145482A148DA3FC5A0D00F2371328EA
2912iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\4HPI38DZ.txttext
MD5:3F1CBEE59A7C5FC164DFD9EE27A137F3
SHA256:81D22FC83EE42BBC4C5CBE266B743D04E0819EFD82A4E966FF842B02F09C78F6
2912iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\the-godfather-94668[1].htmhtml
MD5:BE2DFDC8062E8BD9DB2B0E3BCAA01FB4
SHA256:3FC36749ABCA84E9E3EE6FD065E96EAAE63CDE280F6ADA7B530D9A4666D5CD00
2912iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\jquery.easing.min[1].jstext
MD5:7EBB5E58E81EE2D8D265DECFF175442B
SHA256:E39CB8BD115A92149FCA8F878D44416F879E4AF375B4E9F806BC00C6BEE7F3EF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
23
TCP/UDP connections
95
DNS requests
40
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2912
iexplore.exe
GET
142.250.186.67:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
unknown
2912
iexplore.exe
GET
200
18.66.142.79:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEjgLnWaIozse2b%2BczaaODg8%3D
unknown
binary
1.39 Kb
unknown
GET
200
108.138.2.195:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
unknown
binary
2.02 Kb
unknown
2912
iexplore.exe
GET
200
23.212.210.158:80
http://x1.c.lencr.org/
unknown
binary
717 b
unknown
2912
iexplore.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEEmN8dqkpTDaIdyr8SXRVPc%3D
unknown
binary
471 b
unknown
2912
iexplore.exe
GET
200
23.212.210.158:80
http://x2.c.lencr.org/
unknown
binary
300 b
unknown
2912
iexplore.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHuZGUA1HQsMJVDG4unv6Fc%3D
unknown
binary
471 b
unknown
2912
iexplore.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
binary
2.18 Kb
unknown
2912
iexplore.exe
GET
200
142.250.186.67:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCSbiqNK5280hBN2lVZWzUN
unknown
binary
472 b
unknown
2912
iexplore.exe
GET
200
18.66.142.79:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
unknown
binary
1.51 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2912
iexplore.exe
23.53.40.35:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
4
System
192.168.100.255:137
whitelisted
2912
iexplore.exe
142.250.186.67:80
ocsp.pki.goog
GOOGLE
US
whitelisted
2912
iexplore.exe
104.21.81.199:443
CLOUDFLARENET
unknown
2912
iexplore.exe
104.17.25.14:443
cdnjs.cloudflare.com
CLOUDFLARENET
unknown
2912
iexplore.exe
151.101.194.137:443
code.jquery.com
FASTLY
US
unknown
2912
iexplore.exe
104.16.87.20:443
cdn.jsdelivr.net
CLOUDFLARENET
shared
2912
iexplore.exe
172.217.18.8:443
www.googletagmanager.com
GOOGLE
US
whitelisted
2912
iexplore.exe
172.67.190.196:443
photocdn.stream
CLOUDFLARENET
US
unknown
2912
iexplore.exe
104.18.38.233:80
ocsp.comodoca.com
CLOUDFLARENET
shared

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 23.53.40.35
  • 23.53.40.83
  • 23.53.40.49
whitelisted
ocsp.pki.goog
  • 142.250.186.67
whitelisted
cdnjs.cloudflare.com
  • 104.17.25.14
  • 104.17.24.14
whitelisted
code.jquery.com
  • 151.101.194.137
  • 151.101.130.137
  • 151.101.2.137
  • 151.101.66.137
whitelisted
cdn.jsdelivr.net
  • 104.16.87.20
  • 104.16.85.20
  • 104.16.86.20
  • 104.16.89.20
  • 104.16.88.20
whitelisted
www.googletagmanager.com
  • 172.217.18.8
whitelisted
photocdn.stream
  • 172.67.190.196
  • 104.21.20.11
unknown
ocsp.digicert.com
  • 192.229.221.95
whitelisted
ocsp.comodoca.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
ocsp.usertrust.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted

Threats

PID
Process
Class
Message
1080
svchost.exe
Potentially Bad Traffic
ET INFO DNS Query for Suspicious .icu Domain
2912
iexplore.exe
Potentially Bad Traffic
ET INFO Suspicious Domain (*.icu) in TLS SNI
2912
iexplore.exe
Potentially Bad Traffic
ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.icu)
2912
iexplore.exe
Potentially Bad Traffic
ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.icu)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://flixhq.ws/movie/the-godfather-94668/