URL:

https://www.pngwing.com

Full analysis: https://app.any.run/tasks/24abf2c9-1b2b-43da-837c-097f63b78642
Verdict: Malicious activity
Analysis date: November 22, 2023, 17:27:05
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
SHA1:

4DD499BA8223C6D0D4D00D70250955EAE2038932

SHA256:

B7E15BE2CAA603D57550944F9902AB520BE84B73FD1E8175EC32EBC37233FB8E

SSDEEP:

3:N8DSLU/T:2OLg

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3448)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3988)

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 3988)

    • Checks supported languages

      • wmpnscfg.exe (PID: 3988)

    • Reads the computer name

      • wmpnscfg.exe (PID: 3988)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3448"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.pngwing.com"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3484"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3448 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3988"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
Total events
17 219
Read events
17 156
Write events
60
Delete events
3

Modification events

(PID) Process:(3448) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(3448) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(3448) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(3448) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3448) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3448) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3448) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3448) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000059010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3448) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3448) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
0
Suspicious files
39
Text files
29
Unknown types
0

Dropped files

PID
Process
Filename
Type
3484iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:E8115CD4DEB7C7F08D5B40EEA4C336C6
SHA256:792CB4F801FD293ADDB64D6686077EF8B034CDA21DFEE3110F23A995C9DEDF19
3484iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:A8A1A3EB8E7CF4BEF402C19801034D78
SHA256:239EAF29628F4550400D3263F7ADF882B64E0044AE5365C60612CAE6E234970E
3484iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:F0B30E17F196398D6B36F08A87E16126
SHA256:3FB3AFF4FEBFEB708F404A77DA6707506977FABCCA835FC2303CBCC52AFFFB13
3484iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
3484iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\pw[1].jstext
MD5:709689CFC84343CC148D581C8FC04409
SHA256:4852E58B654F278F26B4C5573249D53C3F4E3BAC28389C826188CB51682DE9A6
3484iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464binary
MD5:A31D44D0619C654A84B90DD74A7602A8
SHA256:513D4E64981A97369FD619E9130798EA2A44C8C561503A5E47ED152235E01ABA
3484iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\base[1].csstext
MD5:F037054AC625B59FEDFFD22FF14408C9
SHA256:B76D745E00B46747ED39C9A15AFB3334BAEDAFA583FEA7110B282C929F798D4C
3484iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464binary
MD5:8202A1CD02E7D69597995CABBE881A12
SHA256:58F381C3A0A0ACE6321DA22E40BD44A597BD98B9C9390AB9258426B5CF75A7A5
3484iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\2UIUUB6R.htmhtml
MD5:8C797696C62CED4B9B67BBC5C540B65C
SHA256:38F7A0271FAE6DB50666DF2949FE0406837D38C1A1A1C6CCB7138CD7F795ECCC
3484iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:AC89A852C2AAA3D389B2D2DD312AD367
SHA256:0B720E19270C672F9B6E0EC40B468AC49376807DE08A814573FE038779534F45
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
46
DNS requests
27
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3484
iexplore.exe
GET
200
184.24.77.174:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2747dc4fd30729d5
DE
compressed
4.66 Kb
unknown
3484
iexplore.exe
GET
200
142.250.185.163:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFCjJ1PwkYAi7fE%3D
US
binary
724 b
unknown
3484
iexplore.exe
GET
200
142.250.185.163:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
binary
1.41 Kb
unknown
3484
iexplore.exe
GET
200
184.24.77.174:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e94bb274b63b057c
DE
compressed
4.66 Kb
unknown
3484
iexplore.exe
GET
200
142.250.185.163:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQChuVoVf7HVAxLxWCb2kXo7
US
binary
472 b
unknown
3484
iexplore.exe
GET
200
142.250.185.163:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
binary
724 b
unknown
3484
iexplore.exe
GET
200
142.250.185.163:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEDBPk217SOCuEsxRjJqpuUQ%3D
US
binary
471 b
unknown
3484
iexplore.exe
GET
200
184.24.77.174:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0905fc2fb85b0f60
DE
compressed
61.6 Kb
unknown
3484
iexplore.exe
GET
200
23.212.210.158:80
http://x1.c.lencr.org/
AU
binary
717 b
unknown
3484
iexplore.exe
GET
200
184.24.77.174:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?7b116f0a0a0d9e12
DE
compressed
61.6 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2588
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
3484
iexplore.exe
172.64.193.31:443
www.pngwing.com
CLOUDFLARENET
US
unknown
3484
iexplore.exe
184.24.77.174:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
3484
iexplore.exe
142.250.185.163:80
ocsp.pki.goog
GOOGLE
US
whitelisted
3484
iexplore.exe
172.217.18.2:443
pagead2.googlesyndication.com
GOOGLE
US
whitelisted
3484
iexplore.exe
142.250.185.232:443
www.googletagmanager.com
GOOGLE
US
unknown
3484
iexplore.exe
173.233.137.36:443
custodycraveretard.com
SERVERS-COM
US
unknown
3484
iexplore.exe
142.250.184.194:443
googleads.g.doubleclick.net
GOOGLE
US
unknown
3484
iexplore.exe
142.250.74.206:443
www.google-analytics.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
www.pngwing.com
  • 172.64.192.31
  • 172.64.193.31
unknown
ctldl.windowsupdate.com
  • 184.24.77.174
  • 184.24.77.184
  • 184.24.77.186
  • 184.24.77.173
  • 184.24.77.202
  • 184.24.77.205
  • 184.24.77.203
  • 184.24.77.206
  • 184.24.77.209
whitelisted
ocsp.pki.goog
  • 142.250.185.163
whitelisted
pagead2.googlesyndication.com
  • 172.217.18.2
whitelisted
www.googletagmanager.com
  • 142.250.185.232
whitelisted
assets.pngwing.com
  • 172.64.193.31
  • 172.64.192.31
unknown
custodycraveretard.com
  • 173.233.137.36
  • 173.233.137.52
  • 192.243.61.225
  • 192.243.59.20
  • 192.243.59.12
  • 173.233.137.44
  • 192.243.61.227
  • 173.233.137.60
  • 192.243.59.13
  • 173.233.139.164
malicious
googleads.g.doubleclick.net
  • 142.250.184.194
whitelisted
www.google-analytics.com
  • 142.250.74.206
whitelisted
region1.google-analytics.com
  • 216.239.34.36
  • 216.239.32.36
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.pngwing.com