File name:

dreamstime_m_95984400.jpg

Full analysis: https://app.any.run/tasks/886c6d4e-b6fa-44f4-9b78-f56b4de75dd1
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: March 17, 2018, 16:53:19
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MIME: image/jpeg
File info: JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=6, xresolution=86, yresolution=94, resolutionunit=2, copyright=(c) ira008 | Dreamstime.com], baseline, precision 8, 2121x1414, frames 3
MD5:

AC17D7D2BBED176FDA225480F4113A35

SHA1:

526D06EF4DAC86EECDF95C93CBB4E4F84F841761

SHA256:

16818E0D9E084FB2F73689146FD32233E9C94BCE466245CCBD6ABF13E69A48E2

SSDEEP:

24576:fby7JyKIwEgR20Ozd0jRrgICS/Zu0InK/pZA9sLD98/Qm/0rqdQFvaV+:8JyWXmICkSKg+P97Vrbis

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 3180)

    • Application was dropped or rewritten from another process

      • gimp-2.6.10-i686-setup-1.exe (PID: 2392)
      • gimp-2.6.10-i686-setup-1.exe (PID: 3652)
      • gimp-2.6.10-i686-setup-1.tmp (PID: 3124)
      • gimp-2.6.10-i686-setup-1.tmp (PID: 3280)
      • gimp-2.6.exe (PID: 4036)
      • wind.exe (PID: 3084)
      • win-snap.exe (PID: 3976)
      • whirl-pinch.exe (PID: 3748)
      • web-browser.exe (PID: 2120)
      • waves.exe (PID: 3296)
      • warp.exe (PID: 2672)
      • video.exe (PID: 2212)
      • value-propagate.exe (PID: 3700)
      • van-gogh-lic.exe (PID: 3820)
      • unsharp-mask.exe (PID: 2512)
      • value-invert.exe (PID: 1648)
      • unit-editor.exe (PID: 1944)
      • tile-paper.exe (PID: 3804)
      • twain.exe (PID: 3872)
      • tile.exe (PID: 3016)
      • tile-small.exe (PID: 2300)
      • tile-seamless.exe (PID: 1280)
      • tile-glass.exe (PID: 3564)
      • threshold-alpha.exe (PID: 1504)
      • sphere-designer.exe (PID: 2204)
      • smooth-palette.exe (PID: 3628)
      • sparkle.exe (PID: 3036)
      • softglow.exe (PID: 3404)
      • sinus.exe (PID: 2120)
      • sharpen.exe (PID: 2668)
      • shift.exe (PID: 3000)
      • semi-flatten.exe (PID: 2280)
      • selection-to-path.exe (PID: 3196)
      • script-fu.exe (PID: 3048)
      • sample-colorize.exe (PID: 1264)
      • rotate.exe (PID: 2332)
      • ripple.exe (PID: 3648)
      • red-eye-removal.exe (PID: 3588)
      • print.exe (PID: 2380)
      • qbist.exe (PID: 2492)
      • procedure-browser.exe (PID: 2468)
      • polar-coords.exe (PID: 3924)
      • plugin-browser.exe (PID: 3508)
      • plasma.exe (PID: 3612)
      • pixelize.exe (PID: 3348)
      • photocopy.exe (PID: 2808)
      • nova.exe (PID: 4004)
      • oilify.exe (PID: 4080)
      • pagecurl.exe (PID: 1832)
      • noise-solid.exe (PID: 2516)
      • noise-spread.exe (PID: 3924)
      • nl-filter.exe (PID: 2388)
      • noise-rgb.exe (PID: 3184)
      • noise-randomize.exe (PID: 3228)
      • noise-hsv.exe (PID: 4072)
      • newsprint.exe (PID: 4012)
      • mosaic.exe (PID: 2952)
      • metadata.exe (PID: 3060)
      • maze.exe (PID: 3600)
      • max-rgb.exe (PID: 3528)
      • map-object.exe (PID: 3056)
      • lens-flare.exe (PID: 2232)
      • lighting.exe (PID: 3564)
      • lens-distortion.exe (PID: 2968)
      • lens-apply.exe (PID: 3736)
      • lcms.exe (PID: 3712)
      • iwarp.exe (PID: 3648)
      • jigsaw.exe (PID: 3208)
      • imagemap.exe (PID: 3004)
      • illusion.exe (PID: 3952)

    • Loads the Task Scheduler COM API

      • software_reporter_tool.exe (PID: 2748)

    • Application loaded dropped or rewritten executable

      • gimp-2.6.exe (PID: 4036)
      • gimp-2.6.10-i686-setup-1.tmp (PID: 3124)
      • win-snap.exe (PID: 3976)
      • wind.exe (PID: 3084)
      • whirl-pinch.exe (PID: 3748)
      • waves.exe (PID: 3296)
      • web-browser.exe (PID: 2120)
      • warp.exe (PID: 2672)
      • video.exe (PID: 2212)
      • van-gogh-lic.exe (PID: 3820)
      • value-propagate.exe (PID: 3700)
      • value-invert.exe (PID: 1648)
      • unsharp-mask.exe (PID: 2512)
      • unit-editor.exe (PID: 1944)
      • tile.exe (PID: 3016)
      • twain.exe (PID: 3872)
      • tile-small.exe (PID: 2300)
      • tile-seamless.exe (PID: 1280)
      • tile-paper.exe (PID: 3804)
      • tile-glass.exe (PID: 3564)
      • threshold-alpha.exe (PID: 1504)
      • softglow.exe (PID: 3404)
      • sparkle.exe (PID: 3036)
      • sphere-designer.exe (PID: 2204)
      • sharpen.exe (PID: 2668)
      • smooth-palette.exe (PID: 3628)
      • sinus.exe (PID: 2120)
      • shift.exe (PID: 3000)
      • semi-flatten.exe (PID: 2280)
      • selection-to-path.exe (PID: 3196)
      • script-fu.exe (PID: 3048)
      • sample-colorize.exe (PID: 1264)
      • rotate.exe (PID: 2332)
      • red-eye-removal.exe (PID: 3588)
      • qbist.exe (PID: 2492)
      • ripple.exe (PID: 3648)
      • procedure-browser.exe (PID: 2468)
      • print.exe (PID: 2380)
      • polar-coords.exe (PID: 3924)
      • plugin-browser.exe (PID: 3508)
      • pixelize.exe (PID: 3348)
      • plasma.exe (PID: 3612)
      • nova.exe (PID: 4004)
      • pagecurl.exe (PID: 1832)
      • oilify.exe (PID: 4080)
      • photocopy.exe (PID: 2808)
      • noise-hsv.exe (PID: 4072)
      • nl-filter.exe (PID: 2388)
      • noise-spread.exe (PID: 3924)
      • noise-solid.exe (PID: 2516)
      • noise-rgb.exe (PID: 3184)
      • noise-randomize.exe (PID: 3228)
      • newsprint.exe (PID: 4012)
      • metadata.exe (PID: 3060)
      • max-rgb.exe (PID: 3528)
      • map-object.exe (PID: 3056)
      • lighting.exe (PID: 3564)
      • lens-flare.exe (PID: 2232)
      • lens-distortion.exe (PID: 2968)
      • mosaic.exe (PID: 2952)
      • maze.exe (PID: 3600)
      • lcms.exe (PID: 3712)
      • lens-apply.exe (PID: 3736)
      • jigsaw.exe (PID: 3208)

  • SUSPICIOUS

    • Application launched itself

      • chrome.exe (PID: 3180)

    • Starts application with an unusual extension

      • gimp-2.6.10-i686-setup-1.exe (PID: 2392)
      • gimp-2.6.10-i686-setup-1.exe (PID: 3652)

    • Creates a software uninstall entry

      • gimp-2.6.10-i686-setup-1.tmp (PID: 3124)

    • Modifies the open verb of a shell class

      • gimp-2.6.10-i686-setup-1.tmp (PID: 3124)

    • Creates files in the program directory

      • gimp-2.6.10-i686-setup-1.tmp (PID: 3124)

  • INFO

    • Dropped object may contain URL's

      • gimp-2.6.10-i686-setup-1.exe (PID: 2392)
      • gimp-2.6.10-i686-setup-1.exe (PID: 3652)
      • chrome.exe (PID: 3180)
      • gimp-2.6.10-i686-setup-1.tmp (PID: 3124)
      • gimp-2.6.exe (PID: 4036)

    • Loads rich edit control libraries

      • gimp-2.6.10-i686-setup-1.tmp (PID: 3124)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.jpg | JFIF-EXIF JPEG Bitmap (55.5)
.jpg | JPEG bitmap (33.3)
.mp3 | MP3 audio (11.1)

EXIF

EXIF

XResolution: 300
YResolution: 300
ResolutionUnit: inches
YCbCrPositioning: Centered
Copyright: (c) ira008 | Dreamstime.com
XPTitle: http://www.dreamstime.com/stock-photo-black-cat-left-amber-yellow-eyes-home-image95984400

IPTC

CopyrightNotice: (c) ira008 | Dreamstime.com
ApplicationRecordVersion: 4

Composite

ImageSize: 2121x1414
Megapixels: 3
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
137
Monitored processes
100
Malicious processes
68
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start rundll32.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs software_reporter_tool.exe no specs software_reporter_tool.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs gimp-2.6.10-i686-setup-1.exe gimp-2.6.10-i686-setup-1.tmp no specs chrome.exe no specs gimp-2.6.10-i686-setup-1.exe gimp-2.6.10-i686-setup-1.tmp chrome.exe no specs gimp-2.6.exe no specs wind.exe no specs win-snap.exe no specs whirl-pinch.exe no specs web-browser.exe no specs waves.exe no specs warp.exe no specs video.exe no specs van-gogh-lic.exe no specs value-propagate.exe no specs value-invert.exe no specs unsharp-mask.exe no specs unit-editor.exe no specs twain.exe no specs tile.exe no specs tile-small.exe no specs tile-seamless.exe no specs tile-paper.exe no specs tile-glass.exe no specs threshold-alpha.exe no specs sphere-designer.exe no specs sparkle.exe no specs softglow.exe no specs smooth-palette.exe no specs sinus.exe no specs shift.exe no specs sharpen.exe no specs semi-flatten.exe no specs selection-to-path.exe no specs script-fu.exe no specs sample-colorize.exe no specs rotate.exe no specs ripple.exe no specs red-eye-removal.exe no specs qbist.exe no specs procedure-browser.exe no specs print.exe no specs polar-coords.exe no specs plugin-browser.exe no specs plasma.exe no specs pixelize.exe no specs photocopy.exe no specs pagecurl.exe no specs oilify.exe no specs nova.exe no specs noise-spread.exe no specs noise-solid.exe no specs noise-rgb.exe no specs noise-randomize.exe no specs noise-hsv.exe no specs nl-filter.exe no specs newsprint.exe no specs mosaic.exe no specs metadata.exe no specs maze.exe no specs max-rgb.exe no specs map-object.exe no specs lighting.exe no specs lens-flare.exe no specs lens-distortion.exe no specs lens-apply.exe no specs lcms.exe no specs jigsaw.exe no specs iwarp.exe no specs imagemap.exe no specs illusion.exe no specs ifs-compose.exe no specs hot.exe no specs help.exe no specs guillotine.exe no specs grid.exe no specs gradient-map.exe no specs gradient-flare.exe no specs gimpressionist.exe no specs winword.exe no specs gfig.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
572"C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\gfig.exe" -gimp 5 4 -query 0C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\gfig.exegimp-2.6.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
1264"C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\sample-colorize.exe" -gimp 5 4 -query 0C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\sample-colorize.exegimp-2.6.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\sample-colorize.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\gimp-2.0\bin\libgimpui-2.0-0.dll
c:\program files\gimp-2.0\bin\libgimpbase-2.0-0.dll
c:\windows\system32\msvcrt.dll
c:\program files\gimp-2.0\bin\libglib-2.0-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1280"C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\tile-seamless.exe" -gimp 5 4 -query 0C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\tile-seamless.exegimp-2.6.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\tile-seamless.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\gimp-2.0\bin\libgimp-2.0-0.dll
c:\program files\gimp-2.0\bin\libgimpbase-2.0-0.dll
c:\windows\system32\msvcrt.dll
c:\program files\gimp-2.0\bin\libglib-2.0-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1368"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1616,6714659459812429938,6343268203756479521,131072 --service-pipe-token=F79C44D87D614EAE76B614D8CE41BFE9 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=F79C44D87D614EAE76B614D8CE41BFE9 --renderer-client-id=5 --mojo-platform-channel-handle=3172 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
61.0.3163.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\61.0.3163.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1504"C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\threshold-alpha.exe" -gimp 5 4 -query 0C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\threshold-alpha.exegimp-2.6.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\threshold-alpha.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\gimp-2.0\bin\libgimpui-2.0-0.dll
c:\program files\gimp-2.0\bin\libgimpbase-2.0-0.dll
c:\windows\system32\msvcrt.dll
c:\program files\gimp-2.0\bin\libglib-2.0-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1560"C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\grid.exe" -gimp 5 4 -query 0C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\grid.exegimp-2.6.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
1648"C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\value-invert.exe" -gimp 5 4 -query 0C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\value-invert.exegimp-2.6.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\value-invert.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\gimp-2.0\bin\libgimp-2.0-0.dll
c:\program files\gimp-2.0\bin\libgimpbase-2.0-0.dll
c:\windows\system32\msvcrt.dll
c:\program files\gimp-2.0\bin\libglib-2.0-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1832"C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\pagecurl.exe" -gimp 5 4 -query 0C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\pagecurl.exegimp-2.6.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\pagecurl.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\gimp-2.0\bin\libgimpui-2.0-0.dll
c:\program files\gimp-2.0\bin\libgimpbase-2.0-0.dll
c:\windows\system32\msvcrt.dll
c:\program files\gimp-2.0\bin\libglib-2.0-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1840"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1616,6714659459812429938,6343268203756479521,131072 --service-pipe-token=CF7E11137555D273552508492D2527BA --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=CF7E11137555D273552508492D2527BA --renderer-client-id=6 --mojo-platform-channel-handle=1640 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
61.0.3163.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\61.0.3163.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1896"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1616,6714659459812429938,6343268203756479521,131072 --lang=en-US --service-request-channel-token=791C1C010728AA8BEE4DAC176B2C9266 --mojo-platform-channel-handle=3540 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
61.0.3163.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\61.0.3163.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
1 939
Read events
1 560
Write events
368
Delete events
11

Modification events

(PID) Process:(2940) rundll32.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
rundll32.exe
(PID) Process:(3308) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:3180-13165779235903250
Value:
259
(PID) Process:(3180) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3180) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3180) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3180) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(3180) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
1
(PID) Process:(3180) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3568-13158667280438476
Value:
0
(PID) Process:(3180) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(3180) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3180-13165779235903250
Value:
259
Executable files
374
Suspicious files
78
Text files
651
Unknown types
902

Dropped files

PID
Process
Filename
Type
3180chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000032.dbtmp
MD5:
SHA256:
3180chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\fbc74838-feb2-48fe-9d90-1b0d55291dda.tmp
MD5:
SHA256:
3180chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\index
MD5:
SHA256:
3180chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
MD5:
SHA256:
3180chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
MD5:
SHA256:
3180chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
MD5:
SHA256:
3180chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
MD5:
SHA256:
3180chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000001.dbtmp
MD5:
SHA256:
3180chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.it_0.indexeddb.leveldb\000001.dbtmp
MD5:
SHA256:
3180chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldtext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
65
TCP/UDP connections
76
DNS requests
42
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
50.97.63.219:80
http://gimp.us.com/css/blueprint/screen.css
US
binary
3.04 Kb
unknown
GET
200
50.97.63.219:80
http://gimp.us.com/
US
html
3.30 Kb
unknown
GET
200
50.97.63.219:80
http://gimp.us.com/cmsimages/homeScreenshot.jpg
US
image
43.6 Kb
unknown
GET
200
50.97.63.219:80
http://gimp.us.com/css/fonts.css
US
text
475 b
unknown
GET
200
50.97.63.219:80
http://gimp.us.com/cmsimages/compareChart.gif
US
image
7.75 Kb
unknown
GET
200
50.97.63.219:80
http://gimp.us.com/cmsimages/icon3.gif
US
image
1.13 Kb
unknown
GET
200
50.97.63.219:80
http://gimp.us.com/cmsimages/bodyBG.gif
US
image
1.15 Kb
unknown
GET
200
50.97.63.219:80
http://gimp.us.com/cmsimages/icon2.gif
US
image
1.38 Kb
unknown
GET
200
50.97.63.219:80
http://gimp.us.com/cmsimages/icon1.gif
US
image
2.01 Kb
unknown
GET
200
172.217.22.8:80
http://www.googletagmanager.com/gtm.js?id=GTM-P7HLBJ
US
text
18.7 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
172.217.22.67:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
172.217.23.163:443
www.google.it
Google Inc.
US
whitelisted
172.217.22.78:443
apis.google.com
Google Inc.
US
whitelisted
216.58.207.67:443
www.gstatic.com
Google Inc.
US
whitelisted
50.97.63.219:80
gimp.us.com
SoftLayer Technologies Inc.
US
unknown
172.217.22.8:80
www.googletagmanager.com
Google Inc.
US
whitelisted
172.217.23.132:443
www.google.com
Google Inc.
US
whitelisted
172.217.21.234:80
ajax.googleapis.com
Google Inc.
US
whitelisted
172.217.18.2:80
pagead2.googlesyndication.com
Google Inc.
US
whitelisted
172.217.18.2:443
pagead2.googlesyndication.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 172.217.22.67
whitelisted
www.google.it
  • 172.217.23.163
whitelisted
ssl.gstatic.com
  • 172.217.22.67
whitelisted
www.gstatic.com
  • 216.58.207.67
whitelisted
apis.google.com
  • 172.217.22.78
whitelisted
gimp.us.com
  • 50.97.63.219
  • 50.22.58.49
unknown
www.googletagmanager.com
  • 172.217.22.8
whitelisted
www.google.com
  • 172.217.23.132
  • 216.58.207.68
malicious
ajax.googleapis.com
  • 172.217.21.234
  • 172.217.22.10
  • 172.217.18.10
  • 172.217.18.170
  • 172.217.23.138
  • 216.58.206.10
  • 216.58.207.42
  • 216.58.207.74
  • 216.58.214.42
  • 172.217.16.170
  • 216.58.208.42
  • 172.217.22.42
  • 172.217.22.74
  • 172.217.22.106
  • 216.58.210.10
  • 172.217.23.170
whitelisted
pagead2.googlesyndication.com
  • 172.217.18.2
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
dreamstime_m_95984400.jpg