URL:

https://webversion.net/DB1F065BA99785565BF4DADE76CD21CBF2C43DB1F11A4CDBB0615F3762D2E30136E295D488E2BF2C78391E202E018BC0/show.aspx

Full analysis: https://app.any.run/tasks/aa1b8ad2-512c-4318-aedb-e3406526e1b9
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: February 18, 2024, 14:52:54
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

638DBFFC991871AE7F16E0B7B6E445B4

SHA1:

383D4CB0F3FA771DADEB785228D6CB514A5857C6

SHA256:

11D87EE6951E6EBEA82F6A76A5822AF200C439D70194EF33445765108651ECFB

SSDEEP:

3:N8Rzt/oKSpjAQ86hX3UoKTXWWVPUHd0njX2lgSEiKRJun:2jXSpj186hXE5PPs0jgjiJu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • ChromeSetup.exe (PID: 1844)
      • GoogleUpdateSetup.exe (PID: 2384)
      • GoogleUpdate.exe (PID: 1892)
      • 109.0.5414.120_chrome_installer.exe (PID: 1392)
      • setup.exe (PID: 1264)

    • Changes the autorun value in the registry

      • setup.exe (PID: 1264)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • ChromeSetup.exe (PID: 1844)
      • GoogleUpdateSetup.exe (PID: 2384)
      • GoogleUpdate.exe (PID: 1892)
      • setup.exe (PID: 1264)
      • 109.0.5414.120_chrome_installer.exe (PID: 1392)

    • Disables SEHOP

      • GoogleUpdate.exe (PID: 1892)

    • Creates/Modifies COM task schedule object

      • GoogleUpdate.exe (PID: 3616)

    • Reads the Internet Settings

      • GoogleUpdate.exe (PID: 1484)
      • GoogleUpdate.exe (PID: 3556)

    • Executes as Windows Service

      • GoogleUpdate.exe (PID: 3520)

    • Reads security settings of Internet Explorer

      • GoogleUpdate.exe (PID: 3556)

    • Checks Windows Trust Settings

      • GoogleUpdate.exe (PID: 3556)

    • Reads settings of System Certificates

      • GoogleUpdate.exe (PID: 3556)
      • GoogleUpdate.exe (PID: 1484)

    • Application launched itself

      • setup.exe (PID: 1264)
      • setup.exe (PID: 3492)
      • GoogleUpdate.exe (PID: 3520)

    • Reads the date of Windows installation

      • setup.exe (PID: 3492)

    • Searches for installed software

      • setup.exe (PID: 1264)

    • Creates a software uninstall entry

      • setup.exe (PID: 1264)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3700)
      • chrome.exe (PID: 3636)

    • The process uses the downloaded file

      • iexplore.exe (PID: 3700)
      • ChromeSetup.exe (PID: 1844)
      • chrome.exe (PID: 3460)
      • chrome.exe (PID: 2308)

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 3700)
      • iexplore.exe (PID: 2208)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 2208)
      • iexplore.exe (PID: 3700)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 3700)

    • Reads the machine GUID from the registry

      • GoogleUpdate.exe (PID: 2240)
      • GoogleUpdate.exe (PID: 1892)
      • GoogleUpdate.exe (PID: 3556)
      • GoogleUpdate.exe (PID: 3520)
      • GoogleUpdate.exe (PID: 1484)
      • setup.exe (PID: 1264)
      • GoogleUpdate.exe (PID: 4012)
      • GoogleUpdate.exe (PID: 1196)
      • elevation_service.exe (PID: 1340)
      • setup.exe (PID: 3492)

    • Checks supported languages

      • ChromeSetup.exe (PID: 1844)
      • GoogleUpdateSetup.exe (PID: 2384)
      • GoogleUpdate.exe (PID: 1892)
      • GoogleUpdate.exe (PID: 2240)
      • GoogleUpdate.exe (PID: 3616)
      • GoogleUpdate.exe (PID: 1484)
      • GoogleUpdate.exe (PID: 2772)
      • GoogleUpdate.exe (PID: 3556)
      • GoogleUpdate.exe (PID: 3520)
      • setup.exe (PID: 1264)
      • 109.0.5414.120_chrome_installer.exe (PID: 1392)
      • setup.exe (PID: 1652)
      • setup.exe (PID: 2268)
      • setup.exe (PID: 3492)
      • GoogleCrashHandler.exe (PID: 3876)
      • GoogleUpdate.exe (PID: 4012)
      • GoogleUpdateOnDemand.exe (PID: 3320)
      • elevation_service.exe (PID: 1340)
      • GoogleUpdate.exe (PID: 1196)

    • Create files in a temporary directory

      • ChromeSetup.exe (PID: 1844)
      • GoogleUpdate.exe (PID: 3556)

    • Reads the computer name

      • GoogleUpdate.exe (PID: 2240)
      • GoogleUpdate.exe (PID: 1892)
      • GoogleUpdate.exe (PID: 2772)
      • GoogleUpdate.exe (PID: 3616)
      • GoogleUpdate.exe (PID: 1484)
      • GoogleUpdate.exe (PID: 3556)
      • GoogleUpdate.exe (PID: 3520)
      • 109.0.5414.120_chrome_installer.exe (PID: 1392)
      • setup.exe (PID: 1264)
      • GoogleCrashHandler.exe (PID: 3876)
      • GoogleUpdate.exe (PID: 4012)
      • GoogleUpdate.exe (PID: 1196)
      • elevation_service.exe (PID: 1340)
      • setup.exe (PID: 3492)

    • Creates files in the program directory

      • GoogleUpdateSetup.exe (PID: 2384)
      • GoogleUpdate.exe (PID: 1892)
      • GoogleUpdate.exe (PID: 3616)
      • GoogleUpdate.exe (PID: 2772)
      • GoogleUpdate.exe (PID: 1484)
      • GoogleUpdate.exe (PID: 3556)
      • GoogleUpdate.exe (PID: 3520)
      • 109.0.5414.120_chrome_installer.exe (PID: 1392)
      • setup.exe (PID: 1264)
      • setup.exe (PID: 3492)
      • GoogleCrashHandler.exe (PID: 3876)
      • GoogleUpdate.exe (PID: 1196)

    • Reads the software policy settings

      • GoogleUpdate.exe (PID: 1484)
      • GoogleUpdate.exe (PID: 3556)
      • GoogleUpdate.exe (PID: 3520)
      • GoogleUpdate.exe (PID: 1196)

    • Checks proxy server information

      • GoogleUpdate.exe (PID: 3556)

    • Creates files or folders in the user directory

      • GoogleUpdate.exe (PID: 3556)

    • Executes as Windows Service

      • elevation_service.exe (PID: 1340)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
88
Monitored processes
43
Malicious processes
11
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe chromesetup.exe googleupdate.exe no specs googleupdatesetup.exe googleupdate.exe googleupdate.exe no specs googleupdate.exe no specs googleupdate.exe googleupdate.exe googleupdate.exe 109.0.5414.120_chrome_installer.exe setup.exe setup.exe no specs setup.exe no specs setup.exe no specs googlecrashhandler.exe no specs googleupdate.exe googleupdateondemand.exe no specs googleupdate.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs elevation_service.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
844"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=4236 --field-trial-handle=1128,i,11220595485045877875,16003491012845024744,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1196"C:\Program Files\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zMy4yMyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InszQTExMjc0Mi03MDZBLTQyNzktQTBGRi1GQzNFODRGRjYyNUN9IiB1c2VyaWQ9Ins5Q0RDMUVGQi02OTMwLTQyREMtODFGQS0wRkEzOEI0NkM2NDd9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgcmVxdWVzdGlkPSJ7RTNDQkIzQTktNTg2Ni00QjI4LThDNTQtOUVGNkRGRjczN0EzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIzIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4yNDU0NiIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4ODYiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA5LjAuNTQxNC4xMjAiIGFwPSJzdGFibGUtYXJjaF94ODYtc3RhdHNkZWZfMSIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyMDAwIiBpbnN0YWxsZGF0ZT0iNDI1NiIgaWlkPSJ7QjkyODkyNjgtNzdDRS01RjcyLTQxMzktRTM4MUExQkU3N0JBfSIgY29ob3J0PSIxOjFnOHg6IiBjb2hvcnRuYW1lPSJXaW5kb3dzIDciPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vZWRnZWRsLm1lLmd2dDEuY29tL2VkZ2VkbC9yZWxlYXNlMi9jaHJvbWUvYWNpaHRrY3VleXllM3ltb2oyYWZ2djd1bHp4YV8xMDkuMC41NDE0LjEyMC8xMDkuMC41NDE0LjEyMF9jaHJvbWVfaW5zdGFsbGVyLmV4ZSIgZG93bmxvYWRlZD0iODkyNjgyNjQiIHRvdGFsPSI4OTI2ODI2NCIgZG93bmxvYWRfdGltZV9tcz0iNTAwNzgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjYwOSIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijc2NiIgZG93bmxvYWRfdGltZV9tcz0iNTE5MDciIGRvd25sb2FkZWQ9Ijg5MjY4MjY0IiB0b3RhbD0iODkyNjgyNjQiIGluc3RhbGxfdGltZV9tcz0iMTQ4NDMiLz48L2FwcD48L3JlcXVlc3Q-C:\Program Files\Google\Update\GoogleUpdate.exe
GoogleUpdate.exe
User:
SYSTEM
Company:
Google Inc.
Integrity Level:
SYSTEM
Description:
Google Installer
Exit code:
0
Version:
1.3.33.23
Modules
Images
c:\program files\google\update\googleupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
1264"C:\Program Files\Google\Update\Install\{FE26A6D5-876F-4EDB-A3A1-8904508908B7}\CR_16530.tmp\setup.exe" --install-archive="C:\Program Files\Google\Update\Install\{FE26A6D5-876F-4EDB-A3A1-8904508908B7}\CR_16530.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files\Google\Update\Install\{FE26A6D5-876F-4EDB-A3A1-8904508908B7}\gui6AC8.tmp"C:\Program Files\Google\Update\Install\{FE26A6D5-876F-4EDB-A3A1-8904508908B7}\CR_16530.tmp\setup.exe
109.0.5414.120_chrome_installer.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome Installer
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\update\install\{fe26a6d5-876f-4edb-a3a1-8904508908b7}\cr_16530.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shell32.dll
1340"C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe"C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exeservices.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\109.0.5414.120\elevation_service.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
1392"C:\Program Files\Google\Update\Install\{FE26A6D5-876F-4EDB-A3A1-8904508908B7}\109.0.5414.120_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files\Google\Update\Install\{FE26A6D5-876F-4EDB-A3A1-8904508908B7}\gui6AC8.tmp"C:\Program Files\Google\Update\Install\{FE26A6D5-876F-4EDB-A3A1-8904508908B7}\109.0.5414.120_chrome_installer.exe
GoogleUpdate.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome Installer
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\update\install\{fe26a6d5-876f-4edb-a3a1-8904508908b7}\109.0.5414.120_chrome_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1484"C:\Program Files\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zMy4yMyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InszQTExMjc0Mi03MDZBLTQyNzktQTBGRi1GQzNFODRGRjYyNUN9IiB1c2VyaWQ9Ins5Q0RDMUVGQi02OTMwLTQyREMtODFGQS0wRkEzOEI0NkM2NDd9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgcmVxdWVzdGlkPSJ7NUUzOTVGODYtNUMwRi00QjVGLTlFMUMtRUY0RDQ4RjAyMEUzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIzIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4yNDU0NiIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4ODYiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjMyIiBuZXh0dmVyc2lvbj0iMS4zLjM2LjM3MiIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBpaWQ9IntCOTI4OTI2OC03N0NFLTVGNzItNDEzOS1FMzgxQTFCRTc3QkF9Ij48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjY3MSIvPjwvYXBwPjwvcmVxdWVzdD4C:\Program Files\Google\Update\GoogleUpdate.exe
GoogleUpdate.exe
User:
admin
Company:
Google Inc.
Integrity Level:
HIGH
Description:
Google Installer
Exit code:
0
Version:
1.3.33.23
Modules
Images
c:\program files\google\update\googleupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
1652"C:\Program Files\Google\Update\Install\{FE26A6D5-876F-4EDB-A3A1-8904508908B7}\CR_16530.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x1ac,0x1b0,0x1b4,0x180,0x1b8,0x11c8ba8,0x11c8bb8,0x11c8bc4C:\Program Files\Google\Update\Install\{FE26A6D5-876F-4EDB-A3A1-8904508908B7}\CR_16530.tmp\setup.exesetup.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome Installer
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\update\install\{fe26a6d5-876f-4edb-a3a1-8904508908b7}\cr_16530.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shell32.dll
1808"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2128 --field-trial-handle=1128,i,11220595485045877875,16003491012845024744,131072 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1844"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ChromeSetup.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ChromeSetup.exe
iexplore.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Update Setup
Exit code:
0
Version:
1.3.36.372
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\b6qgx7lp\chromesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
1876"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1128,i,11220595485045877875,16003491012845024744,131072 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
70 746
Read events
68 028
Write events
2 491
Delete events
227

Modification events

(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
729416896
(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31089274
(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31089274
(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
213
Suspicious files
137
Text files
121
Unknown types
83

Dropped files

PID
Process
Filename
Type
2044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\Pages_style[1].csstext
MD5:72F29C356D28A3440BC2BD6C991E73DA
SHA256:AE8CC4C7D14CA10539EE2C2464D14DFC76FF1FE09EAB8DA964E03672D08B7D96
2044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27der
MD5:4FAC724D62885FDC066526EB21E739B8
SHA256:6EFE60516B93B70F632D7B85E9C9E2B353B1331DB47D5451CE2B06FAD0377CF0
2044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\h7770170_new_v7_WJBOZI[1].jpgimage
MD5:74B28C79A0C10F1BF349BA755BA7E2E7
SHA256:17EDBC495E874225799225918A16BB48343709161A0A884850B409AF7BE8208C
3700iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Ader
MD5:41796515461EC0143591A130597C40F6
SHA256:1C6C0EF955BD028590698E70959986108E1EE2F7BEE7D4E20408B3F59BAE75D6
2208iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_4D90A79F4986A67200F4F4B3378FFAD0binary
MD5:3E9E9982BC229B3896B4D74B03238808
SHA256:7F822A0CE2D196AF2145A7AF7BEB743DF414AD186BFD95D1D24B8CE19BA74C76
2208iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\DKZLJNOA.txttext
MD5:C186CD1F7BB8F559E831D35A57510A98
SHA256:5E759BAEF409BC3E8F89838EF067F0DA373DCA3CE984037A720FCEE348F42CB9
2044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:50DD0186D4D09D1162CC1E5CEEEF77AF
SHA256:64BE8FCD266AD464E7C0C54D35F02E6039D727670B355ED1FFFEAE4F4FF3B1F4
3700iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2208iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\initSiteProperties[1].jstext
MD5:1BCD9A1CDD24C6B4E1E376634453183F
SHA256:AC0E72D9C6FFC41863C9CC3002D0877CFB1B2F5B842D9F36BA92CCD356C174E4
2208iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\initText[1].jstext
MD5:FD69CB8A7186C6D891CECBC46A50D6B0
SHA256:42BBDC65D2A3BB84490BEC43B4B29F879CF93114587194F1391596D8EC1F2857
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
35
TCP/UDP connections
147
DNS requests
81
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2044
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?545e1839169dd0e6
unknown
unknown
2044
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f78d505714a595e3
unknown
unknown
2044
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
unknown
binary
1.47 Kb
unknown
3700
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?18014fff35250a83
unknown
unknown
3700
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?76ad697231f9b13b
unknown
unknown
2208
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp2.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEH%2B2oOpV4owETJUuldY0n1w%3D
unknown
binary
1.40 Kb
unknown
3700
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
313 b
unknown
2208
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
2208
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQClJfJmIhkgRBJ4sXY8g%2FSQ
unknown
binary
472 b
unknown
2208
iexplore.exe
GET
200
108.138.2.107:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
unknown
binary
2.02 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2044
iexplore.exe
104.25.96.23:443
webversion.net
CLOUDFLARENET
US
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
2044
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2044
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2044
iexplore.exe
104.25.97.23:443
webversion.net
CLOUDFLARENET
US
unknown
2044
iexplore.exe
172.67.70.32:443
inwise.net
CLOUDFLARENET
US
unknown
3700
iexplore.exe
104.25.96.23:443
webversion.net
CLOUDFLARENET
US
unknown
3700
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted

DNS requests

Domain
IP
Reputation
webversion.net
  • 104.25.96.23
  • 104.25.97.23
  • 172.67.97.137
unknown
ctldl.windowsupdate.com
  • 93.184.221.240
  • 41.63.96.0
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
inwise.net
  • 172.67.70.32
  • 104.26.10.134
  • 104.26.11.134
unknown
files.webversion.net
  • 104.25.97.23
  • 104.25.96.23
  • 172.67.97.137
unknown
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 92.123.104.19
  • 92.123.104.17
  • 92.123.104.13
  • 92.123.104.18
  • 92.123.104.14
  • 92.123.104.21
  • 92.123.104.24
  • 92.123.104.16
  • 92.123.104.23
whitelisted
www.israir.co.il
  • 45.60.123.154
unknown
ocsp2.globalsign.com
  • 104.18.20.226
  • 104.18.21.226
whitelisted
di6367dava8ow.cloudfront.net
  • 18.66.147.125
  • 18.66.147.69
  • 18.66.147.33
  • 18.66.147.62
whitelisted

Threats

PID
Process
Class
Message
856
svchost.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
856
svchost.exe
Misc activity
ET INFO EXE - Served Attached HTTP
3 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://webversion.net/DB1F065BA99785565BF4DADE76CD21CBF2C43DB1F11A4CDBB0615F3762D2E30136E295D488E2BF2C78391E202E018BC0/show.aspx