URL:

https://t0.gstatic.com/faviconV2?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://1337x.to/search/

Full analysis: https://app.any.run/tasks/a7b8603e-e1df-4e49-8e37-1a88b5962794
Verdict: Malicious activity
Analysis date: September 05, 2023, 12:51:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

5A880BADF59F0AAEEFBC41EE3980292F

SHA1:

38D8525AC7AF9E00F216139E0BCBF970A39CCB46

SHA256:

EC74190005AED31772E77670435F8C1258B31AD0F4FBC4E2FF8B1329BE492DEF

SSDEEP:

3:N8dLCWBcdhL3/i62iVD3XVo4giBfAV9eARaoY3QjQCtCKRRVYF3QS5Y:2J7+dd3/i622DnrBoDe6apQjt/RROx/G

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 124)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Program Files\Internet Explorer\iexplore.exe" "https://t0.gstatic.com/faviconV2?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://1337x.to/search/"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\gdi32.dll
2372"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:124 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
13 184
Read events
13 085
Write events
99
Delete events
0

Modification events

(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
9
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:5844DB21171880E9F39DF509EE2F2D90
SHA256:EF5BCFBA4160E661760B7A75F8DF8B35352E92EE0517CEA17A73A4D4641A1954
124iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\favicon[2].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
124iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2372iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\646C991C2A28825F3CC56E0A1D1E3FA9binary
MD5:B1B684892C8FC8DB0B6EB6655B449BF5
SHA256:D13BA4A1D0D29E3C8B9AA6073B1EA6211E45DDBD9452F1FC0D99ADEF0B96C873
2372iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\646C991C2A28825F3CC56E0A1D1E3FA9binary
MD5:DC4F409C83ABE1AE3A75198D8DA428E6
SHA256:8A0CFE17297210EC4A6DE3929481B93C99DC7AD1D76C9ED289F93013231E2C22
124iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xmlxml
MD5:CBD0581678FA40F0EDCBC7C59E0CAD10
SHA256:159BD4343F344A08F6AF3B716B6FA679859C1BD1D7030D26FF5EF0255B86E1D9
124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DB145CFEEC544B1582FED1ADA3370DDbinary
MD5:11A7D9B468F327CC5BA6FFF18C4179EB
SHA256:736BFFBBE80CAE6376AC1BD46068402689A98721D2FCBF1CC04B7F729A601D17
2372iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_649E475F2AC1F765D655CB8DFE21A0D4binary
MD5:6D933DACB2E413A09CCCD0FD20812938
SHA256:DD6A351A7B503B5663803A91AAAFAF5A7BEE55B1759BC98047D8D1860D31D668
124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:24BE8A92460B5B7A555B1DA559296958
SHA256:77A3CFE6B7EB676AF438D5DE88C7EFCB6ABCC494E0B65DA90201969E6D79B2A3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
27
DNS requests
18
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2372
iexplore.exe
GET
200
142.250.186.99:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEDY4UE7SquLRCtqo4fc3wEs%3D
unknown
der
471 b
unknown
2372
iexplore.exe
GET
200
142.250.181.227:80
http://crl.pki.goog/gsr1/gsr1.crl
unknown
der
1.70 Kb
unknown
124
iexplore.exe
GET
200
67.27.234.126:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7b4d5311b636771a
unknown
compressed
4.66 Kb
unknown
124
iexplore.exe
GET
200
192.229.221.95:80
http://crl4.digicert.com/DigiCertGlobalRootCA.crl
unknown
der
779 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3284
svchost.exe
239.255.255.250:1900
whitelisted
2372
iexplore.exe
142.251.140.36:443
t0.gstatic.com
GOOGLE
US
unknown
124
iexplore.exe
23.53.43.179:443
www.bing.com
Akamai International B.V.
DE
unknown
124
iexplore.exe
67.27.159.126:80
ctldl.windowsupdate.com
LEVEL3
US
malicious
124
iexplore.exe
67.27.234.126:80
ctldl.windowsupdate.com
LEVEL3
US
unknown
124
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2372
iexplore.exe
142.250.186.99:80
ocsp.pki.goog
GOOGLE
US
whitelisted
124
iexplore.exe
8.248.131.254:80
ctldl.windowsupdate.com
LEVEL3
US
unknown

DNS requests

Domain
IP
Reputation
t0.gstatic.com
  • 142.251.140.36
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 23.37.226.107
  • 23.53.43.96
  • 23.37.226.104
  • 23.37.226.99
  • 23.37.226.105
  • 23.37.226.112
  • 23.37.226.113
  • 23.37.226.97
  • 23.37.226.98
  • 23.53.43.179
  • 23.53.43.169
  • 23.53.43.168
  • 23.53.43.177
  • 23.53.43.184
  • 23.53.43.170
  • 23.53.43.176
  • 23.53.43.171
  • 23.53.43.178
  • 104.126.37.168
  • 104.126.37.186
  • 104.126.37.171
  • 104.126.37.179
  • 104.126.37.170
  • 104.126.37.162
  • 104.126.37.128
  • 104.126.37.185
  • 104.126.37.163
whitelisted
ctldl.windowsupdate.com
  • 67.27.159.126
  • 8.248.131.254
  • 8.253.207.120
  • 8.253.95.120
  • 67.27.234.126
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl3.digicert.com
  • 192.229.221.95
whitelisted
ocsp.pki.goog
  • 142.250.186.99
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
crl.pki.goog
  • 142.250.181.227
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://t0.gstatic.com/faviconV2?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://1337x.to/search/