URL:

https://theflixer.one

Full analysis: https://app.any.run/tasks/cce90e3c-b3a8-4d49-a30f-30b02181abaf
Verdict: Malicious activity
Analysis date: June 27, 2023, 11:01:08
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

A6265BBF16411FD82867C0A237DD8651

SHA1:

34283310E231745A05902E612F12EAD7693A8A42

SHA256:

DF74B5CF1E2C2018D138650B19AD53293F49FC25BBD38993F7E25680855D5EBE

SSDEEP:

3:N8FAD/LV:2k

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3524)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3524"C:\Program Files\Internet Explorer\iexplore.exe" "https://theflixer.one"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3608"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3524 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
21 913
Read events
21 768
Write events
145
Delete events
0

Modification events

(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
51
Text files
23
Unknown types
0

Dropped files

PID
Process
Filename
Type
3524iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:F7DCB24540769805E5BB30D193944DCE
SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
3524iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:C996AA996979A15399FB48FF20E9FA61
SHA256:45B61256DB490AF22439A6D730C24906E7568DE271C6E2E4F26527993B358690
3524iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442binary
MD5:E1257F5A0F0037C061C835B9B7894DD3
SHA256:0FD4F7EE47C38A83F405E34F3805AB58D23C0DE6D232385C2A0D8BA3330566E3
3524iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442der
MD5:B2F0488C8A296EAC4C89FE8815687E2C
SHA256:94600972380FA4E60D46E7BABDFEC0EEE81182DA9C7C1AED074E2603A7BD1993
3524iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[2].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3608iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EC6A43FA1565B97B2336E2D6A8E4B2BCbinary
MD5:DC3B9E16603B0029FF24F548B81407D8
SHA256:61A3AC67AA1B668AF2557443FDB2C8ED3187D3AF55F7521AFB27FBA0C036B614
3608iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EC6A43FA1565B97B2336E2D6A8E4B2BCbinary
MD5:DDE01E6B4C247012521D2607C5A72F7E
SHA256:76821831D799B5DA631DA5D9CA8DE66DAB71624B11EA267DBBCD0C52D8B20C25
3608iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\caf[1].jstext
MD5:388C5D0B05A2E7C5C283DE7144F5B110
SHA256:F2DAC9F0D5B9404C3EB113219968983EB25D72FA460CECFC2208C7DBDC6700F3
3524iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3608iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarE87A.tmpcat
MD5:4FF65AD929CD9A367680E0E5B1C08166
SHA256:C8733C93CC5AAF5CA206D06AF22EE8DBDEC764FB5085019A6A9181FEB9DFDEE6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
23
TCP/UDP connections
65
DNS requests
31
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3608
iexplore.exe
GET
200
64.190.63.136:80
http://ww16.theflixer.tc/search/tsc.php?200=NDY1MzMzODg4&21=ODUuMjA2LjE3NS4yMjE=&681=MTY4Nzg2MzY4NDI2ZWRlMzlkNzVlMDM0OTEyNWFlMGY0ZTRmMDllYzk1&crc=2c685daa61abd0e8a1d9e83cb07a5d349a078d43&cv=1
US
malicious
3524
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D
US
binary
1.47 Kb
whitelisted
3608
iexplore.exe
GET
172.217.18.3:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFCjJ1PwkYAi7fE%3D
US
whitelisted
3608
iexplore.exe
GET
200
23.56.202.135:80
http://x1.c.lencr.org/
GB
der
717 b
whitelisted
3608
iexplore.exe
GET
64.190.63.136:80
http://ww16.theflixer.tc/search/tsc.php?200=NDY1MzMzODg4&21=ODUuMjA2LjE3NS4yMjE=&681=MTY4Nzg2MzY4NDI2ZWRlMzlkNzVlMDM0OTEyNWFlMGY0ZTRmMDllYzk1&crc=2c685daa61abd0e8a1d9e83cb07a5d349a078d43&cv=1
US
malicious
3608
iexplore.exe
GET
200
64.190.63.136:80
http://ww16.theflixer.tc/?sub1=20230627-2101-2409-9363-e0a5e53d3a4c
US
compressed
7.57 Kb
malicious
3608
iexplore.exe
GET
200
23.53.40.161:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgNYBsQ%2FTsfO%2BTsPtUYQLvWywQ%3D%3D
NL
der
503 b
shared
3608
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
US
binary
471 b
whitelisted
3608
iexplore.exe
GET
200
172.217.18.3:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDnKk5m9EQQrhJXhKw12rrx
US
binary
472 b
whitelisted
3608
iexplore.exe
GET
200
172.217.18.3:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDaQqCWnITUZwrTnGlh64Go
US
binary
724 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2328
svchost.exe
239.255.255.250:1900
whitelisted
3608
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
3608
iexplore.exe
64.190.63.136:80
ww16.theflixer.tc
SEDO GmbH
DE
malicious
3608
iexplore.exe
172.217.18.3:80
ocsp.pki.goog
GOOGLE
US
whitelisted
3608
iexplore.exe
142.250.185.226:443
partner.googleadservices.com
GOOGLE
US
suspicious
3524
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
3608
iexplore.exe
23.56.202.135:80
x1.c.lencr.org
AKAMAI-AS
GB
suspicious
4
System
192.168.100.255:138
whitelisted
3608
iexplore.exe
142.250.186.68:80
www.google.com
GOOGLE
US
whitelisted
3608
iexplore.exe
142.250.186.68:443
www.google.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
theflixer.one
unknown
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
  • 2.23.209.149
  • 2.23.209.185
  • 2.23.209.130
  • 2.23.209.140
  • 2.23.209.133
  • 2.23.209.189
  • 2.23.209.182
  • 2.23.209.179
  • 2.23.209.187
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
theflixer.tc
  • 103.224.182.244
unknown
ocsp.digicert.com
  • 192.229.221.95
whitelisted
x1.c.lencr.org
  • 23.56.202.135
whitelisted
r3.o.lencr.org
  • 23.53.40.161
  • 23.53.40.89
shared
ww16.theflixer.tc
  • 64.190.63.136
malicious
www.google.com
  • 142.250.186.68
malicious

Threats

PID
Process
Class
Message
3608
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.tc domain
3608
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.tc domain
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://theflixer.one