URL:

https://webversion.net/DB1F065BA99785565BF4DADE76CD21CBF2C43DB1F11A4CDBB0615F3762D2E30136E295D488E2BF2C78391E202E018BC0/show.aspx

Full analysis: https://app.any.run/tasks/aa1b8ad2-512c-4318-aedb-e3406526e1b9
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: February 18, 2024, 14:52:54
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

638DBFFC991871AE7F16E0B7B6E445B4

SHA1:

383D4CB0F3FA771DADEB785228D6CB514A5857C6

SHA256:

11D87EE6951E6EBEA82F6A76A5822AF200C439D70194EF33445765108651ECFB

SSDEEP:

3:N8Rzt/oKSpjAQ86hX3UoKTXWWVPUHd0njX2lgSEiKRJun:2jXSpj186hXE5PPs0jgjiJu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • ChromeSetup.exe (PID: 1844)
      • GoogleUpdateSetup.exe (PID: 2384)
      • GoogleUpdate.exe (PID: 1892)
      • 109.0.5414.120_chrome_installer.exe (PID: 1392)
      • setup.exe (PID: 1264)

    • Changes the autorun value in the registry

      • setup.exe (PID: 1264)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • ChromeSetup.exe (PID: 1844)
      • GoogleUpdateSetup.exe (PID: 2384)
      • GoogleUpdate.exe (PID: 1892)
      • 109.0.5414.120_chrome_installer.exe (PID: 1392)
      • setup.exe (PID: 1264)

    • Disables SEHOP

      • GoogleUpdate.exe (PID: 1892)

    • Creates/Modifies COM task schedule object

      • GoogleUpdate.exe (PID: 3616)

    • Reads the Internet Settings

      • GoogleUpdate.exe (PID: 1484)
      • GoogleUpdate.exe (PID: 3556)

    • Executes as Windows Service

      • GoogleUpdate.exe (PID: 3520)

    • Reads settings of System Certificates

      • GoogleUpdate.exe (PID: 1484)
      • GoogleUpdate.exe (PID: 3556)

    • Application launched itself

      • setup.exe (PID: 1264)
      • setup.exe (PID: 3492)
      • GoogleUpdate.exe (PID: 3520)

    • Checks Windows Trust Settings

      • GoogleUpdate.exe (PID: 3556)

    • Reads security settings of Internet Explorer

      • GoogleUpdate.exe (PID: 3556)

    • Reads the date of Windows installation

      • setup.exe (PID: 3492)

    • Searches for installed software

      • setup.exe (PID: 1264)

    • Creates a software uninstall entry

      • setup.exe (PID: 1264)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3700)
      • chrome.exe (PID: 3636)

    • The process uses the downloaded file

      • iexplore.exe (PID: 3700)
      • ChromeSetup.exe (PID: 1844)
      • chrome.exe (PID: 3460)
      • chrome.exe (PID: 2308)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 3700)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 2208)
      • iexplore.exe (PID: 3700)

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 3700)
      • iexplore.exe (PID: 2208)

    • Checks supported languages

      • ChromeSetup.exe (PID: 1844)
      • GoogleUpdate.exe (PID: 2240)
      • GoogleUpdateSetup.exe (PID: 2384)
      • GoogleUpdate.exe (PID: 1892)
      • GoogleUpdate.exe (PID: 3616)
      • GoogleUpdate.exe (PID: 2772)
      • GoogleUpdate.exe (PID: 1484)
      • GoogleUpdate.exe (PID: 3556)
      • GoogleUpdate.exe (PID: 3520)
      • setup.exe (PID: 1264)
      • 109.0.5414.120_chrome_installer.exe (PID: 1392)
      • setup.exe (PID: 3492)
      • setup.exe (PID: 2268)
      • GoogleCrashHandler.exe (PID: 3876)
      • setup.exe (PID: 1652)
      • GoogleUpdateOnDemand.exe (PID: 3320)
      • GoogleUpdate.exe (PID: 4012)
      • elevation_service.exe (PID: 1340)
      • GoogleUpdate.exe (PID: 1196)

    • Create files in a temporary directory

      • ChromeSetup.exe (PID: 1844)
      • GoogleUpdate.exe (PID: 3556)

    • Reads the computer name

      • GoogleUpdate.exe (PID: 2240)
      • GoogleUpdate.exe (PID: 1892)
      • GoogleUpdate.exe (PID: 3616)
      • GoogleUpdate.exe (PID: 2772)
      • GoogleUpdate.exe (PID: 1484)
      • GoogleUpdate.exe (PID: 3520)
      • GoogleUpdate.exe (PID: 3556)
      • setup.exe (PID: 1264)
      • 109.0.5414.120_chrome_installer.exe (PID: 1392)
      • GoogleCrashHandler.exe (PID: 3876)
      • setup.exe (PID: 3492)
      • GoogleUpdate.exe (PID: 1196)
      • GoogleUpdate.exe (PID: 4012)
      • elevation_service.exe (PID: 1340)

    • Reads the machine GUID from the registry

      • GoogleUpdate.exe (PID: 2240)
      • GoogleUpdate.exe (PID: 1892)
      • GoogleUpdate.exe (PID: 3556)
      • GoogleUpdate.exe (PID: 1484)
      • GoogleUpdate.exe (PID: 3520)
      • setup.exe (PID: 1264)
      • setup.exe (PID: 3492)
      • GoogleUpdate.exe (PID: 4012)
      • GoogleUpdate.exe (PID: 1196)
      • elevation_service.exe (PID: 1340)

    • Creates files in the program directory

      • GoogleUpdateSetup.exe (PID: 2384)
      • GoogleUpdate.exe (PID: 1892)
      • GoogleUpdate.exe (PID: 2772)
      • GoogleUpdate.exe (PID: 1484)
      • GoogleUpdate.exe (PID: 3616)
      • GoogleUpdate.exe (PID: 3556)
      • GoogleUpdate.exe (PID: 3520)
      • 109.0.5414.120_chrome_installer.exe (PID: 1392)
      • setup.exe (PID: 1264)
      • setup.exe (PID: 3492)
      • GoogleCrashHandler.exe (PID: 3876)
      • GoogleUpdate.exe (PID: 1196)

    • Reads the software policy settings

      • GoogleUpdate.exe (PID: 3556)
      • GoogleUpdate.exe (PID: 1484)
      • GoogleUpdate.exe (PID: 3520)
      • GoogleUpdate.exe (PID: 1196)

    • Creates files or folders in the user directory

      • GoogleUpdate.exe (PID: 3556)

    • Checks proxy server information

      • GoogleUpdate.exe (PID: 3556)

    • Executes as Windows Service

      • elevation_service.exe (PID: 1340)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
88
Monitored processes
43
Malicious processes
11
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe chromesetup.exe googleupdate.exe no specs googleupdatesetup.exe googleupdate.exe googleupdate.exe no specs googleupdate.exe no specs googleupdate.exe googleupdate.exe googleupdate.exe 109.0.5414.120_chrome_installer.exe setup.exe setup.exe no specs setup.exe no specs setup.exe no specs googlecrashhandler.exe no specs googleupdate.exe googleupdateondemand.exe no specs googleupdate.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs elevation_service.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
844"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=4236 --field-trial-handle=1128,i,11220595485045877875,16003491012845024744,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1196"C:\Program Files\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zMy4yMyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InszQTExMjc0Mi03MDZBLTQyNzktQTBGRi1GQzNFODRGRjYyNUN9IiB1c2VyaWQ9Ins5Q0RDMUVGQi02OTMwLTQyREMtODFGQS0wRkEzOEI0NkM2NDd9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgcmVxdWVzdGlkPSJ7RTNDQkIzQTktNTg2Ni00QjI4LThDNTQtOUVGNkRGRjczN0EzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIzIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4yNDU0NiIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4ODYiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA5LjAuNTQxNC4xMjAiIGFwPSJzdGFibGUtYXJjaF94ODYtc3RhdHNkZWZfMSIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyMDAwIiBpbnN0YWxsZGF0ZT0iNDI1NiIgaWlkPSJ7QjkyODkyNjgtNzdDRS01RjcyLTQxMzktRTM4MUExQkU3N0JBfSIgY29ob3J0PSIxOjFnOHg6IiBjb2hvcnRuYW1lPSJXaW5kb3dzIDciPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vZWRnZWRsLm1lLmd2dDEuY29tL2VkZ2VkbC9yZWxlYXNlMi9jaHJvbWUvYWNpaHRrY3VleXllM3ltb2oyYWZ2djd1bHp4YV8xMDkuMC41NDE0LjEyMC8xMDkuMC41NDE0LjEyMF9jaHJvbWVfaW5zdGFsbGVyLmV4ZSIgZG93bmxvYWRlZD0iODkyNjgyNjQiIHRvdGFsPSI4OTI2ODI2NCIgZG93bmxvYWRfdGltZV9tcz0iNTAwNzgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjYwOSIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijc2NiIgZG93bmxvYWRfdGltZV9tcz0iNTE5MDciIGRvd25sb2FkZWQ9Ijg5MjY4MjY0IiB0b3RhbD0iODkyNjgyNjQiIGluc3RhbGxfdGltZV9tcz0iMTQ4NDMiLz48L2FwcD48L3JlcXVlc3Q-C:\Program Files\Google\Update\GoogleUpdate.exe
GoogleUpdate.exe
User:
SYSTEM
Company:
Google Inc.
Integrity Level:
SYSTEM
Description:
Google Installer
Exit code:
0
Version:
1.3.33.23
Modules
Images
c:\program files\google\update\googleupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
1264"C:\Program Files\Google\Update\Install\{FE26A6D5-876F-4EDB-A3A1-8904508908B7}\CR_16530.tmp\setup.exe" --install-archive="C:\Program Files\Google\Update\Install\{FE26A6D5-876F-4EDB-A3A1-8904508908B7}\CR_16530.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files\Google\Update\Install\{FE26A6D5-876F-4EDB-A3A1-8904508908B7}\gui6AC8.tmp"C:\Program Files\Google\Update\Install\{FE26A6D5-876F-4EDB-A3A1-8904508908B7}\CR_16530.tmp\setup.exe
109.0.5414.120_chrome_installer.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome Installer
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\update\install\{fe26a6d5-876f-4edb-a3a1-8904508908b7}\cr_16530.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shell32.dll
1340"C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe"C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exeservices.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\109.0.5414.120\elevation_service.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
1392"C:\Program Files\Google\Update\Install\{FE26A6D5-876F-4EDB-A3A1-8904508908B7}\109.0.5414.120_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files\Google\Update\Install\{FE26A6D5-876F-4EDB-A3A1-8904508908B7}\gui6AC8.tmp"C:\Program Files\Google\Update\Install\{FE26A6D5-876F-4EDB-A3A1-8904508908B7}\109.0.5414.120_chrome_installer.exe
GoogleUpdate.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome Installer
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\update\install\{fe26a6d5-876f-4edb-a3a1-8904508908b7}\109.0.5414.120_chrome_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1484"C:\Program Files\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zMy4yMyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InszQTExMjc0Mi03MDZBLTQyNzktQTBGRi1GQzNFODRGRjYyNUN9IiB1c2VyaWQ9Ins5Q0RDMUVGQi02OTMwLTQyREMtODFGQS0wRkEzOEI0NkM2NDd9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgcmVxdWVzdGlkPSJ7NUUzOTVGODYtNUMwRi00QjVGLTlFMUMtRUY0RDQ4RjAyMEUzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIzIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4yNDU0NiIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4ODYiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjMyIiBuZXh0dmVyc2lvbj0iMS4zLjM2LjM3MiIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBpaWQ9IntCOTI4OTI2OC03N0NFLTVGNzItNDEzOS1FMzgxQTFCRTc3QkF9Ij48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjY3MSIvPjwvYXBwPjwvcmVxdWVzdD4C:\Program Files\Google\Update\GoogleUpdate.exe
GoogleUpdate.exe
User:
admin
Company:
Google Inc.
Integrity Level:
HIGH
Description:
Google Installer
Exit code:
0
Version:
1.3.33.23
Modules
Images
c:\program files\google\update\googleupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
1652"C:\Program Files\Google\Update\Install\{FE26A6D5-876F-4EDB-A3A1-8904508908B7}\CR_16530.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x1ac,0x1b0,0x1b4,0x180,0x1b8,0x11c8ba8,0x11c8bb8,0x11c8bc4C:\Program Files\Google\Update\Install\{FE26A6D5-876F-4EDB-A3A1-8904508908B7}\CR_16530.tmp\setup.exesetup.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome Installer
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\update\install\{fe26a6d5-876f-4edb-a3a1-8904508908b7}\cr_16530.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shell32.dll
1808"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2128 --field-trial-handle=1128,i,11220595485045877875,16003491012845024744,131072 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1844"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ChromeSetup.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ChromeSetup.exe
iexplore.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Update Setup
Exit code:
0
Version:
1.3.36.372
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\b6qgx7lp\chromesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
1876"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1128,i,11220595485045877875,16003491012845024744,131072 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
70 746
Read events
68 028
Write events
2 491
Delete events
227

Modification events

(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
729416896
(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31089274
(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31089274
(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
213
Suspicious files
137
Text files
121
Unknown types
83

Dropped files

PID
Process
Filename
Type
2044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\Pages_style[1].csstext
MD5:72F29C356D28A3440BC2BD6C991E73DA
SHA256:AE8CC4C7D14CA10539EE2C2464D14DFC76FF1FE09EAB8DA964E03672D08B7D96
2044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27binary
MD5:EC32B07690C15827B831DEF132D142E8
SHA256:60F53DAC45B6E2E486154DD304E3DC310547CA37C1D65AEE3B09B4CE305ACB8C
2044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27der
MD5:4FAC724D62885FDC066526EB21E739B8
SHA256:6EFE60516B93B70F632D7B85E9C9E2B353B1331DB47D5451CE2B06FAD0377CF0
2044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\usability-icon[1].pngimage
MD5:EFDD73570387DB7B739BF5C9F74CDBC7
SHA256:4A0A1D8DFFC5DA79E76988795C5BCAB36F343C4816E17542BA4699856D01A632
3700iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\h7770170_new_v7_WJBOZI[1].jpgimage
MD5:74B28C79A0C10F1BF349BA755BA7E2E7
SHA256:17EDBC495E874225799225918A16BB48343709161A0A884850B409AF7BE8208C
3700iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3700iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Abinary
MD5:D303DBE67499977911F5D44214FB4DBE
SHA256:8F158429B6A2BCED3F236BE6D8038C71B535CE989591180770F8964636FE315D
2208iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\DKZLJNOA.txttext
MD5:C186CD1F7BB8F559E831D35A57510A98
SHA256:5E759BAEF409BC3E8F89838EF067F0DA373DCA3CE984037A720FCEE348F42CB9
2208iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_4D90A79F4986A67200F4F4B3378FFAD0binary
MD5:3E9E9982BC229B3896B4D74B03238808
SHA256:7F822A0CE2D196AF2145A7AF7BEB743DF414AD186BFD95D1D24B8CE19BA74C76
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
35
TCP/UDP connections
147
DNS requests
81
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2044
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?545e1839169dd0e6
unknown
unknown
2044
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f78d505714a595e3
unknown
unknown
2044
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
unknown
binary
1.47 Kb
unknown
3700
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?18014fff35250a83
unknown
unknown
3700
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?76ad697231f9b13b
unknown
unknown
3700
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
313 b
unknown
2208
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp2.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEH%2B2oOpV4owETJUuldY0n1w%3D
unknown
binary
1.40 Kb
unknown
2208
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
2208
iexplore.exe
GET
200
108.138.2.107:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
unknown
binary
2.02 Kb
unknown
2208
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
binary
724 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2044
iexplore.exe
104.25.96.23:443
webversion.net
CLOUDFLARENET
US
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
2044
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2044
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2044
iexplore.exe
104.25.97.23:443
webversion.net
CLOUDFLARENET
US
unknown
2044
iexplore.exe
172.67.70.32:443
inwise.net
CLOUDFLARENET
US
unknown
3700
iexplore.exe
104.25.96.23:443
webversion.net
CLOUDFLARENET
US
unknown
3700
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted

DNS requests

Domain
IP
Reputation
webversion.net
  • 104.25.96.23
  • 104.25.97.23
  • 172.67.97.137
unknown
ctldl.windowsupdate.com
  • 93.184.221.240
  • 41.63.96.0
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
inwise.net
  • 172.67.70.32
  • 104.26.10.134
  • 104.26.11.134
unknown
files.webversion.net
  • 104.25.97.23
  • 104.25.96.23
  • 172.67.97.137
unknown
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 92.123.104.19
  • 92.123.104.17
  • 92.123.104.13
  • 92.123.104.18
  • 92.123.104.14
  • 92.123.104.21
  • 92.123.104.24
  • 92.123.104.16
  • 92.123.104.23
whitelisted
www.israir.co.il
  • 45.60.123.154
unknown
ocsp2.globalsign.com
  • 104.18.20.226
  • 104.18.21.226
whitelisted
di6367dava8ow.cloudfront.net
  • 18.66.147.125
  • 18.66.147.69
  • 18.66.147.33
  • 18.66.147.62
whitelisted

Threats

PID
Process
Class
Message
856
svchost.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
856
svchost.exe
Misc activity
ET INFO EXE - Served Attached HTTP
3 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://webversion.net/DB1F065BA99785565BF4DADE76CD21CBF2C43DB1F11A4CDBB0615F3762D2E30136E295D488E2BF2C78391E202E018BC0/show.aspx