URL:

https://t0.gstatic.com/faviconV2?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://1337x.to/search/

Full analysis: https://app.any.run/tasks/a7b8603e-e1df-4e49-8e37-1a88b5962794
Verdict: Malicious activity
Analysis date: September 05, 2023, 12:51:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

5A880BADF59F0AAEEFBC41EE3980292F

SHA1:

38D8525AC7AF9E00F216139E0BCBF970A39CCB46

SHA256:

EC74190005AED31772E77670435F8C1258B31AD0F4FBC4E2FF8B1329BE492DEF

SSDEEP:

3:N8dLCWBcdhL3/i62iVD3XVo4giBfAV9eARaoY3QjQCtCKRRVYF3QS5Y:2J7+dd3/i622DnrBoDe6apQjt/RROx/G

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 124)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Program Files\Internet Explorer\iexplore.exe" "https://t0.gstatic.com/faviconV2?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://1337x.to/search/"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\gdi32.dll
2372"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:124 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
13 184
Read events
13 085
Write events
99
Delete events
0

Modification events

(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
9
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:24BE8A92460B5B7A555B1DA559296958
SHA256:77A3CFE6B7EB676AF438D5DE88C7EFCB6ABCC494E0B65DA90201969E6D79B2A3
124iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xmlxml
MD5:CBD0581678FA40F0EDCBC7C59E0CAD10
SHA256:159BD4343F344A08F6AF3B716B6FA679859C1BD1D7030D26FF5EF0255B86E1D9
2372iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\646C991C2A28825F3CC56E0A1D1E3FA9binary
MD5:B1B684892C8FC8DB0B6EB6655B449BF5
SHA256:D13BA4A1D0D29E3C8B9AA6073B1EA6211E45DDBD9452F1FC0D99ADEF0B96C873
2372iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\faviconV2[1].pngimage
MD5:8E965BAFB65957AB262ACD3B96A33D28
SHA256:D6F8E5AE1064651E71EDA9169FE5B8AA74526DDE71E5E123BF2B5715858BBCE9
2372iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\faviconV2[1].pngimage
MD5:8E965BAFB65957AB262ACD3B96A33D28
SHA256:D6F8E5AE1064651E71EDA9169FE5B8AA74526DDE71E5E123BF2B5715858BBCE9
2372iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_649E475F2AC1F765D655CB8DFE21A0D4binary
MD5:6D933DACB2E413A09CCCD0FD20812938
SHA256:DD6A351A7B503B5663803A91AAAFAF5A7BEE55B1759BC98047D8D1860D31D668
2372iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_649E475F2AC1F765D655CB8DFE21A0D4binary
MD5:E9C702A64F59A89D4220B201F8AF44E1
SHA256:053707C19DEC819552963B0ACEA1F8BD43DCB0D6F2EC1B7CCD131BD4265BE66D
124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DB145CFEEC544B1582FED1ADA3370DDbinary
MD5:11A7D9B468F327CC5BA6FFF18C4179EB
SHA256:736BFFBBE80CAE6376AC1BD46068402689A98721D2FCBF1CC04B7F729A601D17
124iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\urlblockindex[1].binbinary
MD5:FA518E3DFAE8CA3A0E495460FD60C791
SHA256:775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7
124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DB145CFEEC544B1582FED1ADA3370DDbinary
MD5:0F4F8B7774690147E80A605D1B49B138
SHA256:C45B809DBC17AE50D74A59363BB5AF929B700B93DA3E24A2AAD69B8B0751AE04
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
27
DNS requests
18
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2372
iexplore.exe
GET
200
142.250.181.227:80
http://crl.pki.goog/gsr1/gsr1.crl
unknown
der
1.70 Kb
unknown
124
iexplore.exe
GET
200
67.27.234.126:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7b4d5311b636771a
unknown
compressed
4.66 Kb
unknown
124
iexplore.exe
GET
200
192.229.221.95:80
http://crl4.digicert.com/DigiCertGlobalRootCA.crl
unknown
der
779 b
unknown
2372
iexplore.exe
GET
200
142.250.186.99:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEDY4UE7SquLRCtqo4fc3wEs%3D
unknown
der
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3284
svchost.exe
239.255.255.250:1900
whitelisted
2372
iexplore.exe
142.251.140.36:443
t0.gstatic.com
GOOGLE
US
unknown
124
iexplore.exe
23.53.43.179:443
www.bing.com
Akamai International B.V.
DE
unknown
124
iexplore.exe
67.27.159.126:80
ctldl.windowsupdate.com
LEVEL3
US
malicious
124
iexplore.exe
67.27.234.126:80
ctldl.windowsupdate.com
LEVEL3
US
unknown
124
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2372
iexplore.exe
142.250.186.99:80
ocsp.pki.goog
GOOGLE
US
whitelisted
124
iexplore.exe
8.248.131.254:80
ctldl.windowsupdate.com
LEVEL3
US
unknown

DNS requests

Domain
IP
Reputation
t0.gstatic.com
  • 142.251.140.36
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 23.37.226.107
  • 23.53.43.96
  • 23.37.226.104
  • 23.37.226.99
  • 23.37.226.105
  • 23.37.226.112
  • 23.37.226.113
  • 23.37.226.97
  • 23.37.226.98
  • 23.53.43.179
  • 23.53.43.169
  • 23.53.43.168
  • 23.53.43.177
  • 23.53.43.184
  • 23.53.43.170
  • 23.53.43.176
  • 23.53.43.171
  • 23.53.43.178
  • 104.126.37.168
  • 104.126.37.186
  • 104.126.37.171
  • 104.126.37.179
  • 104.126.37.170
  • 104.126.37.162
  • 104.126.37.128
  • 104.126.37.185
  • 104.126.37.163
whitelisted
ctldl.windowsupdate.com
  • 67.27.159.126
  • 8.248.131.254
  • 8.253.207.120
  • 8.253.95.120
  • 67.27.234.126
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl3.digicert.com
  • 192.229.221.95
whitelisted
ocsp.pki.goog
  • 142.250.186.99
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
crl.pki.goog
  • 142.250.181.227
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://t0.gstatic.com/faviconV2?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://1337x.to/search/