File name:

ChromeSetup.exe

Full analysis: https://app.any.run/tasks/3e8de2ad-8d46-4553-91ad-43830cf5143c
Verdict: Malicious activity
Analysis date: March 01, 2025, 05:06:59
OS: Windows 11 Professional (build: 22000, 64 bit)
Tags:
qrcode
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

B09DA7525279689C0EFC47DE9B14F1BF

SHA1:

60B839183A36C12BD3A99D76871BBEE8089A9474

SHA256:

0A2396CDFD181562F31236597CE850A7E2CB2D7573E3D0FA68501870B2A66B6C

SSDEEP:

98304:Iok4Zm0NIBj2y67qwjMCUMJKYF6jPJN7WMmfRlGLYBfLJeSTp3IlvyE7SvpBXOtN:XA+2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • setup.exe (PID: 5860)

  • SUSPICIOUS

    • Reads the Internet Settings

      • ChromeSetup.exe (PID: 1640)

    • Application launched itself

      • ChromeSetup.exe (PID: 1640)
      • updater.exe (PID: 3756)
      • updater.exe (PID: 4284)
      • setup.exe (PID: 5860)
      • setup.exe (PID: 1116)
      • updater.exe (PID: 1264)

    • Executes as Windows Service

      • updater.exe (PID: 4284)
      • updater.exe (PID: 3756)
      • updater.exe (PID: 1264)

    • Reads security settings of Internet Explorer

      • ChromeSetup.exe (PID: 1640)

    • Executable content was dropped or overwritten

      • 133.0.6943.142_chrome_installer.exe (PID: 4824)
      • setup.exe (PID: 5860)

    • Searches for installed software

      • setup.exe (PID: 5860)

    • Creates a software uninstall entry

      • setup.exe (PID: 5860)
      • chrome.exe (PID: 3408)

  • INFO

    • The sample compiled with english language support

      • ChromeSetup.exe (PID: 1640)
      • 133.0.6943.142_chrome_installer.exe (PID: 4824)
      • setup.exe (PID: 5860)

    • Reads the computer name

      • ChromeSetup.exe (PID: 1640)
      • 133.0.6943.142_chrome_installer.exe (PID: 4824)
      • setup.exe (PID: 5860)
      • setup.exe (PID: 1116)
      • updater.exe (PID: 1264)
      • elevation_service.exe (PID: 2264)
      • identity_helper.exe (PID: 6100)

    • Checks supported languages

      • ChromeSetup.exe (PID: 1640)
      • 133.0.6943.142_chrome_installer.exe (PID: 4824)
      • setup.exe (PID: 5860)
      • setup.exe (PID: 5116)
      • setup.exe (PID: 1116)
      • setup.exe (PID: 5872)
      • updater.exe (PID: 4284)
      • elevation_service.exe (PID: 2264)
      • updater.exe (PID: 1264)
      • identity_helper.exe (PID: 6100)
      • updater.exe (PID: 3832)

    • Creates files in the program directory

      • updater.exe (PID: 4284)
      • setup.exe (PID: 5860)
      • setup.exe (PID: 1116)
      • updater.exe (PID: 1264)

    • Manual execution by a user

      • chrome.exe (PID: 3408)
      • msedge.exe (PID: 6736)
      • msedge.exe (PID: 3936)
      • msedge.exe (PID: 6096)
      • msedge.exe (PID: 6624)
      • msedge.exe (PID: 1316)

    • Executes as Windows Service

      • elevation_service.exe (PID: 2264)

    • Application launched itself

      • msedge.exe (PID: 6736)
      • chrome.exe (PID: 3408)

    • Process checks whether UAC notifications are on

      • updater.exe (PID: 1264)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:02:19 04:04:01+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 3537408
InitializedDataSize: 7139328
UninitializedDataSize: -
EntryPoint: 0x1caea0
OSVersion: 10
ImageVersion: -
SubsystemVersion: 10
Subsystem: Windows GUI
FileVersionNumber: 135.0.7023.0
ProductVersionNumber: 135.0.7023.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Google LLC
FileDescription: Google Installer
FileVersion: 135.0.7023.0
InternalName: Google Installer (x86)
LegalCopyright: Copyright 2025 Google LLC. All rights reserved.
OriginalFileName: UpdaterSetup.exe
ProductName: Google Installer
ProductVersion: 135.0.7023.0
CompanyShortName: Google
ProductShortName: GoogleUpdater
LastChange: 4e3361c333f0140291a2915942c9f40400346c0f-refs/branch-heads/7023@{#1}
OfficialBuild: 1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
191
Monitored processes
85
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start chromesetup.exe no specs chromesetup.exe updater.exe no specs updater.exe no specs updater.exe no specs updater.exe updater.exe no specs 133.0.6943.142_chrome_installer.exe setup.exe setup.exe no specs setup.exe no specs setup.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe elevation_service.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs updater.exe no specs updater.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
296"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3792,i,16043269198795895237,18198456734620805275,262144 --variations-seed-version --mojo-platform-channel-handle=4468 /prefetch:1C:\Program Files (x86)\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
133.0.6943.142
Modules
Images
c:\program files (x86)\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\google\chrome\application\133.0.6943.142\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1116"C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4284_1826786392\CR_EC628.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4284_1826786392\CR_EC628.tmp\setup.exesetup.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Chrome Installer
Exit code:
73
Version:
133.0.6943.142
Modules
Images
c:\windows\systemtemp\chrome_unpacker_beginunzipping4284_1826786392\cr_ec628.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
1180"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=5400,i,16043269198795895237,18198456734620805275,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:14C:\Program Files (x86)\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.142
Modules
Images
c:\program files (x86)\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\google\chrome\application\133.0.6943.142\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1188"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5048 --field-trial-handle=2232,i,11479495307900324718,1033428887362665416,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1264"C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe" --system --windows-service --service=updateC:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exeservices.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Updater
Exit code:
0
Version:
135.0.7023.0
Modules
Images
c:\program files (x86)\google\googleupdater\135.0.7023.0\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64base.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64con.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
1316"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6436 --field-trial-handle=2232,i,11479495307900324718,1033428887362665416,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1316"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.google.com/chrome/go-mobile/?campaign=hp-engagement-page-exp-treatmentC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1396"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --field-trial-handle=2320,i,16043269198795895237,18198456734620805275,262144 --variations-seed-version --mojo-platform-channel-handle=2172 /prefetch:13C:\Program Files (x86)\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
133.0.6943.142
Modules
Images
c:\program files (x86)\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\google\chrome\application\133.0.6943.142\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1468"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.142 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffc7450dcf8,0x7ffc7450dd04,0x7ffc7450dd10C:\Program Files (x86)\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
133.0.6943.142
Modules
Images
c:\program files (x86)\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\google\chrome\application\133.0.6943.142\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcp_win.dll
1556"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3312 --field-trial-handle=2232,i,11479495307900324718,1033428887362665416,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
22 858
Read events
22 526
Write events
324
Delete events
8

Modification events

(PID) Process:(4284) updater.exeKey:HKEY_USERS\S-1-5-21-166304369-59083888-3082702900-1001\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
0
(PID) Process:(5860) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}
Operation:delete keyName:(default)
Value:
(PID) Process:(5860) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32
Operation:delete keyName:(default)
Value:
(PID) Process:(5860) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32
Operation:writeName:ServerExecutable
Value:
C:\Program Files (x86)\Google\Chrome\Application\133.0.6943.142\notification_helper.exe
(PID) Process:(5860) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{708860E0-F641-4611-8895-7D867DD3675B}
Operation:writeName:AppID
Value:
{708860E0-F641-4611-8895-7D867DD3675B}
(PID) Process:(5860) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{708860E0-F641-4611-8895-7D867DD3675B}
Operation:writeName:LocalService
Value:
GoogleChromeElevationService
(PID) Process:(5860) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(5860) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(1116) setup.exeKey:HKEY_USERS\.DEFAULT\Software\Google\Chrome
Operation:writeName:InstallerPinned
Value:
0
(PID) Process:(5860) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CC25D338FFEA3FD3EA8273C2B51C0588\InstallProperties
Operation:writeName:DisplayVersion
Value:
133.0.6943.142
Executable files
21
Suspicious files
398
Text files
118
Unknown types
1

Dropped files

PID
Process
Filename
Type
4284updater.exeC:\Windows\SystemTemp\chrome_url_fetcher_4284_407549712\-8a69d345-d564-463c-aff1-a69d9e530f96-_133.0.6943.142_all_pnkrze6bgzexosbneka74ebhgi.crx3
MD5:
SHA256:
4284updater.exeC:\Program Files (x86)\Google\GoogleUpdater\crx_cache\{8a69d345-d564-463c-aff1-a69d9e530f96}_1.af92645c36e1943733c8dd4311f76c4afd285516f8833d5d935569798681b92e
MD5:
SHA256:
4284updater.exeC:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4284_1826786392\133.0.6943.142_chrome_installer.exe
MD5:
SHA256:
4824133.0.6943.142_chrome_installer.exeC:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4284_1826786392\CR_EC628.tmp\CHROME.PACKED.7Z
MD5:
SHA256:
5860setup.exe
MD5:
SHA256:
5860setup.exeC:\Program Files (x86)\Google\Chrome\Application\133.0.6943.142\Installer\chrome.7z
MD5:
SHA256:
4284updater.exeC:\Program Files (x86)\Google\GoogleUpdater\prefs.jsonbinary
MD5:4FC7ACBCAF835BBBE683B26D627C87A7
SHA256:89457C90DEB7A867305330403F77BAC74AFAD310495B0964A06AFFE7F8A497A6
4284updater.exeC:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4284_1826786392\_metadata\verified_contents.jsontext
MD5:F797B21A85459E3A4D86531111CDD7A9
SHA256:59D48A1B92DE84F224A7239DA8CFF678FEF49F20DE3B1B4A76C700B51ACC06FA
4284updater.exeC:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4284_1826786392\manifest.jsonbinary
MD5:E56B1EC88703EB1A4A4DC26A3F37FA50
SHA256:4A992CB3F863ED27CE1C39CAB02A66EB3C56D9920625CA609A58EDC7408B2EDE
5860setup.exeC:\Windows\SystemTemp\Crashpad\settings.datbinary
MD5:D751C9BF3B58DE9C8D807E676331BC0D
SHA256:8432CD48803EE58902F040C6FAD56CD89C2B4C5C6EDF03A3E1A43E8A6BBE149E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
178
TCP/UDP connections
136
DNS requests
111
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1352
svchost.exe
GET
200
2.16.164.42:80
http://www.msftconnecttest.com/connecttest.txt
unknown
whitelisted
GET
200
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f09c8c5163fe75a7
unknown
whitelisted
4284
updater.exe
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome/pogchvp53pjjn6f43dfyzgpv3m_133.0.6943.142/-8a69d345-d564-463c-aff1-a69d9e530f96-_133.0.6943.142_all_pnkrze6bgzexosbneka74ebhgi.crx3
unknown
whitelisted
2768
svchost.exe
GET
200
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f9d017629be3db39
unknown
whitelisted
5236
chrome.exe
GET
200
142.250.185.206:80
http://clients2.google.com/time/1/current?cup2key=8:TyUTGDRiylV_sXQoI53qviMLuDOChRP6tvYKhz9X-fM&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
GET
142.250.186.100:443
https://www.google.com/async/ddljson?async=ntp:2
unknown
GET
142.250.186.100:443
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
unknown
GET
142.250.186.100:443
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
unknown
POST
200
142.250.185.99:443
https://update.googleapis.com/service/update2/json?cup2key=14:EnT9-N2QcrchlJayME2xq9O1jXQXUqCWXolI1iE6HCg&cup2hreq=56b611804489210b5e1d7960cb3701ff07168342f3cd80287791430d3d9225e1
unknown
text
704 Kb
whitelisted
GET
200
142.250.186.100:443
https://www.google.com/chrome/v2/whats-new/?version=133
unknown
html
617 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1352
svchost.exe
2.16.164.42:80
Akamai International B.V.
NL
unknown
2628
smartscreen.exe
172.211.159.152:443
checkappexec.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
172.217.16.195:443
update.googleapis.com
GOOGLE
US
whitelisted
142.250.185.110:443
dl.google.com
GOOGLE
US
whitelisted
4284
updater.exe
34.104.35.123:80
edgedl.me.gvt1.com
GOOGLE
US
whitelisted
3952
svchost.exe
239.255.255.250:1900
whitelisted
820
svchost.exe
23.60.203.209:443
fs.microsoft.com
AKAMAI-AS
DE
whitelisted
2768
svchost.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.238
whitelisted
checkappexec.microsoft.com
  • 172.211.159.152
whitelisted
ctldl.windowsupdate.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
dl.google.com
  • 142.250.185.110
whitelisted
update.googleapis.com
  • 172.217.16.195
  • 216.58.206.35
whitelisted
edgedl.me.gvt1.com
  • 34.104.35.123
whitelisted
dns.msftncsi.com
  • 131.107.255.255
whitelisted
fs.microsoft.com
  • 23.60.203.209
whitelisted
self.events.data.microsoft.com
  • 20.189.173.14
whitelisted

Threats

PID
Process
Class
Message
1352
svchost.exe
Misc activity
ET INFO Microsoft Connection Test
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Potentially Bad Traffic
ET INFO Possible Chrome Plugin install
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
ChromeSetup.exe