URL:

https://theflixer.one

Full analysis: https://app.any.run/tasks/cce90e3c-b3a8-4d49-a30f-30b02181abaf
Verdict: Malicious activity
Analysis date: June 27, 2023, 11:01:08
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

A6265BBF16411FD82867C0A237DD8651

SHA1:

34283310E231745A05902E612F12EAD7693A8A42

SHA256:

DF74B5CF1E2C2018D138650B19AD53293F49FC25BBD38993F7E25680855D5EBE

SSDEEP:

3:N8FAD/LV:2k

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3524)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3524"C:\Program Files\Internet Explorer\iexplore.exe" "https://theflixer.one"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3608"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3524 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
21 913
Read events
21 768
Write events
145
Delete events
0

Modification events

(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
51
Text files
23
Unknown types
0

Dropped files

PID
Process
Filename
Type
3524iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442binary
MD5:E1257F5A0F0037C061C835B9B7894DD3
SHA256:0FD4F7EE47C38A83F405E34F3805AB58D23C0DE6D232385C2A0D8BA3330566E3
3524iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:F7DCB24540769805E5BB30D193944DCE
SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
3524iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:C996AA996979A15399FB48FF20E9FA61
SHA256:45B61256DB490AF22439A6D730C24906E7568DE271C6E2E4F26527993B358690
3524iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3524iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442der
MD5:B2F0488C8A296EAC4C89FE8815687E2C
SHA256:94600972380FA4E60D46E7BABDFEC0EEE81182DA9C7C1AED074E2603A7BD1993
3524iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3608iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarE87A.tmpcat
MD5:4FF65AD929CD9A367680E0E5B1C08166
SHA256:C8733C93CC5AAF5CA206D06AF22EE8DBDEC764FB5085019A6A9181FEB9DFDEE6
3608iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\CabE879.tmpcompressed
MD5:3AC860860707BAAF32469FA7CC7C0192
SHA256:D015145D551ECD14916270EFAD773BBC9FD57FAD2228D2C24559F696C961D904
3608iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:26EC9A9748C5BED90553ECCA8EEDCF97
SHA256:11962CB8B13FAEBA6EFAA1B60E42ED23E8CEC74769588E7F9B496B2ADFAA85B4
3608iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:6B26A998E3139C751990EB774D56A6D8
SHA256:F46E0A27C8668D21B6F52EBB6A9F0471EF78A377F1515F01CF5E454570ACF9BD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
23
TCP/UDP connections
65
DNS requests
31
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3608
iexplore.exe
GET
200
64.190.63.136:80
http://ww16.theflixer.tc/search/tsc.php?200=NDY1MzMzODg4&21=ODUuMjA2LjE3NS4yMjE=&681=MTY4Nzg2MzY4NDI2ZWRlMzlkNzVlMDM0OTEyNWFlMGY0ZTRmMDllYzk1&crc=2c685daa61abd0e8a1d9e83cb07a5d349a078d43&cv=1
US
malicious
3608
iexplore.exe
GET
64.190.63.136:80
http://ww16.theflixer.tc/search/tsc.php?200=NDY1MzMzODg4&21=ODUuMjA2LjE3NS4yMjE=&681=MTY4Nzg2MzY4NDI2ZWRlMzlkNzVlMDM0OTEyNWFlMGY0ZTRmMDllYzk1&crc=2c685daa61abd0e8a1d9e83cb07a5d349a078d43&cv=1
US
malicious
3608
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?695caddc7e0c7e2d
US
compressed
62.3 Kb
whitelisted
3608
iexplore.exe
GET
200
23.53.40.161:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgNStIcHrsg2fg2yCAERhjgmgw%3D%3D
NL
der
503 b
shared
3608
iexplore.exe
GET
200
142.250.186.68:80
http://www.google.com/adsense/domains/caf.js
US
text
52.4 Kb
malicious
3608
iexplore.exe
GET
200
23.56.202.135:80
http://x1.c.lencr.org/
GB
der
717 b
whitelisted
3524
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?dcd0cc5da0250c5f
US
compressed
4.70 Kb
whitelisted
3608
iexplore.exe
GET
172.217.18.3:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFCjJ1PwkYAi7fE%3D
US
whitelisted
3608
iexplore.exe
GET
200
172.217.18.3:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
binary
1.41 Kb
whitelisted
3608
iexplore.exe
GET
200
172.217.18.3:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDyr10XQBrjbwld7Q3cSzAq
US
binary
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2328
svchost.exe
239.255.255.250:1900
whitelisted
3524
iexplore.exe
13.107.21.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3608
iexplore.exe
103.224.182.244:443
theflixer.tc
Trellian Pty. Limited
AU
unknown
3524
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3524
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
3608
iexplore.exe
23.56.202.135:80
x1.c.lencr.org
AKAMAI-AS
GB
suspicious
3608
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
3608
iexplore.exe
23.53.40.161:80
r3.o.lencr.org
Akamai International B.V.
DE
unknown
3608
iexplore.exe
64.190.63.136:80
ww16.theflixer.tc
SEDO GmbH
DE
malicious

DNS requests

Domain
IP
Reputation
theflixer.one
unknown
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
  • 2.23.209.149
  • 2.23.209.185
  • 2.23.209.130
  • 2.23.209.140
  • 2.23.209.133
  • 2.23.209.189
  • 2.23.209.182
  • 2.23.209.179
  • 2.23.209.187
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
theflixer.tc
  • 103.224.182.244
unknown
ocsp.digicert.com
  • 192.229.221.95
whitelisted
x1.c.lencr.org
  • 23.56.202.135
whitelisted
r3.o.lencr.org
  • 23.53.40.161
  • 23.53.40.89
shared
ww16.theflixer.tc
  • 64.190.63.136
malicious
www.google.com
  • 142.250.186.68
malicious

Threats

PID
Process
Class
Message
3608
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.tc domain
3608
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.tc domain
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://theflixer.one