File name:

google-chrome.zip

Full analysis: https://app.any.run/tasks/9d3ba549-6e58-4882-98c5-fe2085e8d218
Verdict: Malicious activity
Analysis date: November 02, 2024, 13:51:24
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

496386B077989149A9928BE561F886AD

SHA1:

2BCDD4D23B1BB14659F3704C27D68EF35C96EA2E

SHA256:

17BD08BC03DBE4F65CD5AF24BA41F6A9673FFEE3282CF3AFD14C8F471C7793DA

SSDEEP:

98304:j1TUjg7iNniSFMVq9YshxI8wrVb/zfUJbgArEdXuJ91hYNhe0NSR5LGcC4ASWwM2:UA9jjTAF2gMTUb4Ji2eP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 5100)

    • Application was injected by another process

      • explorer.exe (PID: 4616)

    • Runs injected code in another process

      • BWcfuV.exe (PID: 4312)
      • BWcfuV.exe (PID: 4208)
      • BWcfuV.exe (PID: 6956)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • google-chrome.exe (PID: 6276)
      • google-chrome.tmp (PID: 3568)
      • google-chrome.exe (PID: 4548)
      • 130.0.6723.92_chrome_installer.exe (PID: 6820)
      • google-chrome.exe (PID: 6692)

    • Reads the Windows owner or organization settings

      • google-chrome.tmp (PID: 3568)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 5100)
      • GoogleUpdate.exe (PID: 5068)
      • GoogleUpdate.exe (PID: 7148)
      • google-chrome.tmp (PID: 6680)

    • Searches for installed software

      • google-chrome.tmp (PID: 3568)

    • Checks Windows Trust Settings

      • GoogleUpdate.exe (PID: 7148)

    • Potential Corporate Privacy Violation

      • GoogleUpdate.exe (PID: 7148)

    • Process requests binary or script from the Internet

      • GoogleUpdate.exe (PID: 7148)

    • Application launched itself

      • setup.exe (PID: 6272)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 5100)

    • The process uses the downloaded file

      • WinRAR.exe (PID: 5100)
      • google-chrome.tmp (PID: 6680)

    • Create files in a temporary directory

      • google-chrome.exe (PID: 6276)
      • google-chrome.tmp (PID: 3568)
      • GoogleUpdate.exe (PID: 7148)
      • google-chrome.exe (PID: 6692)

    • Process checks computer location settings

      • google-chrome.tmp (PID: 6680)
      • GoogleUpdate.exe (PID: 5068)

    • Checks supported languages

      • google-chrome.tmp (PID: 3568)
      • google-chrome.exe (PID: 6692)
      • google-chrome.exe (PID: 4548)
      • GoogleUpdate.exe (PID: 5356)
      • GoogleUpdate.exe (PID: 5068)
      • GoogleUpdate.exe (PID: 6220)
      • GoogleUpdate.exe (PID: 7148)
      • BWcfuV.exe (PID: 4312)
      • BWcfuV.exe (PID: 4208)
      • BWcfuV.exe (PID: 6956)
      • google-chrome.tmp (PID: 6680)
      • google-chrome.exe (PID: 6276)

    • Reads the software policy settings

      • google-chrome.tmp (PID: 3568)
      • GoogleUpdate.exe (PID: 6220)
      • GoogleUpdate.exe (PID: 7148)

    • Reads the computer name

      • google-chrome.tmp (PID: 3568)
      • GoogleUpdate.exe (PID: 5356)
      • GoogleUpdate.exe (PID: 5068)
      • GoogleUpdate.exe (PID: 7148)
      • GoogleUpdate.exe (PID: 6220)
      • google-chrome.tmp (PID: 6680)

    • Creates files in the program directory

      • google-chrome.exe (PID: 4548)
      • GoogleUpdate.exe (PID: 5356)
      • GoogleUpdate.exe (PID: 6220)
      • GoogleUpdate.exe (PID: 7148)

    • Checks proxy server information

      • GoogleUpdate.exe (PID: 6220)
      • GoogleUpdate.exe (PID: 7148)

    • Creates files or folders in the user directory

      • GoogleUpdate.exe (PID: 7148)
      • google-chrome.tmp (PID: 3568)
      • explorer.exe (PID: 4616)

    • Reads the machine GUID from the registry

      • GoogleUpdate.exe (PID: 7148)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 4616)

    • Creates a software uninstall entry

      • google-chrome.tmp (PID: 3568)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2024:11:02 12:11:54
ZipCRC: 0x922d8e54
ZipCompressedSize: 12166106
ZipUncompressedSize: 12728744
ZipFileName: google-chrome.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
147
Monitored processes
22
Malicious processes
3
Suspicious processes
7

Behavior graph

Click at the process to see the details
start winrar.exe google-chrome.exe google-chrome.tmp no specs google-chrome.exe google-chrome.tmp google-chrome.exe googleupdate.exe no specs googleupdate.exe no specs googleupdate.exe googleupdate.exe bwcfuv.exe no specs conhost.exe no specs bwcfuv.exe no specs conhost.exe no specs bwcfuv.exe no specs conhost.exe no specs sppextcomobj.exe no specs slui.exe no specs 130.0.6723.92_chrome_installer.exe setup.exe no specs setup.exe no specs explorer.exe

Process information

PID
CMD
Path
Indicators
Parent process
1452\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeBWcfuV.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3568"C:\Users\admin\AppData\Local\Temp\is-H08F7.tmp\google-chrome.tmp" /SL5="$6025E,11472340,826880,C:\Users\admin\AppData\Local\Temp\Rar$EXa5100.30653\google-chrome.exe" /SPAWNWND=$6023C /NOTIFYWND=$5024E C:\Users\admin\AppData\Local\Temp\is-H08F7.tmp\google-chrome.tmp
google-chrome.exe
User:
admin
Company:
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-h08f7.tmp\google-chrome.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
4208"C:\Users\admin\AppData\Local\Temp\is-7S5D4.tmp\BWcfuV.exe" "C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\World of Warships.lnk" 5386C:\Users\admin\AppData\Local\Temp\is-7S5D4.tmp\BWcfuV.exegoogle-chrome.tmp
User:
admin
Company:
Technosys Corporation
Integrity Level:
MEDIUM
Description:
Pin To Taskbar
Exit code:
0
Version:
0.99.9.1
Modules
Images
c:\users\admin\appdata\local\temp\is-7s5d4.tmp\bwcfuv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
4312"C:\Users\admin\AppData\Local\Temp\is-7S5D4.tmp\BWcfuV.exe" "C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\World of Tanks.lnk" 5386C:\Users\admin\AppData\Local\Temp\is-7S5D4.tmp\BWcfuV.exegoogle-chrome.tmp
User:
admin
Company:
Technosys Corporation
Integrity Level:
MEDIUM
Description:
Pin To Taskbar
Exit code:
0
Version:
0.99.9.1
Modules
Images
c:\users\admin\appdata\local\temp\is-7s5d4.tmp\bwcfuv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
4548"C:\Users\admin\AppData\Local\Temp\is-7S5D4.tmp\bupBWV0hOF3OvPPbix9\google-chrome.exe" C:\Users\admin\AppData\Local\Temp\is-7S5D4.tmp\bupBWV0hOF3OvPPbix9\google-chrome.exe
google-chrome.tmp
User:
admin
Company:
Google Inc.
Integrity Level:
HIGH
Description:
Google Update Setup
Version:
1.3.33.17
Modules
Images
c:\users\admin\appdata\local\temp\is-7s5d4.tmp\bupbwv0hof3ovppbix9\google-chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
4616C:\WINDOWS\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shcore.dll
5068"C:\Program Files (x86)\GUMF238.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={ADC5A877-2F2E-215F-6DAC-B2AB514017C7}&lang=en&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"C:\Program Files (x86)\GUMF238.tmp\GoogleUpdate.exegoogle-chrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
HIGH
Description:
Google Installer
Version:
1.3.33.17
Modules
Images
c:\program files (x86)\gumf238.tmp\googleupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5100"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\google-chrome.zipC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
5232"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exeSppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
5356"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /healthcheckC:\Program Files (x86)\Google\Update\GoogleUpdate.exeGoogleUpdate.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Installer
Exit code:
0
Version:
1.3.36.51
Modules
Images
c:\program files (x86)\google\update\googleupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
10 047
Read events
9 896
Write events
139
Delete events
12

Modification events

(PID) Process:(5100) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(5100) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\google-chrome.zip
(PID) Process:(5100) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(5100) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(5100) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(5100) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000080238
Operation:writeName:VirtualDesktop
Value:
100000003030445671D90A7D3588864C9F3CEA9EBAB7B4A7
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000060078
Operation:writeName:VirtualDesktop
Value:
100000003030445671D90A7D3588864C9F3CEA9EBAB7B4A7
(PID) Process:(4616) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000602E2
Operation:writeName:VirtualDesktop
Value:
100000003030445671D90A7D3588864C9F3CEA9EBAB7B4A7
(PID) Process:(5068) GoogleUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:delete valueName:usagestats
Value:
Executable files
82
Suspicious files
25
Text files
47
Unknown types
0

Dropped files

PID
Process
Filename
Type
6276google-chrome.exeC:\Users\admin\AppData\Local\Temp\is-H08F7.tmp\google-chrome.tmpexecutable
MD5:2BCF53937AF8C18C515AFE33E93519FF
SHA256:10375714CB2F03C6BFFD4274DF3DF62C89F3D7BD80CB526FB7805D7BCE274ECA
3568google-chrome.tmpC:\Users\admin\AppData\Local\Temp\is-7S5D4.tmp\{app}\EKr0KN1vfOFpfiMJoEeu\bs2g9b_m6WzN3jbinary
MD5:670C3E49D8BBA4CA61D08937D2576CD8
SHA256:0CA54D79192C4C31334514E35B60A67207F858D3EBF4A8DAC6DA9E596FCF2DF0
3568google-chrome.tmpC:\Users\admin\AppData\Local\Temp\is-7S5D4.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
5100WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa5100.30653\google-chrome.exeexecutable
MD5:BCB27180DA1B7527758BB86D4462AD6B
SHA256:3BBBF698C2CFB6796143FE061B316070827243A42718E95177B722468258C4F1
4616explorer.exeC:\Users\admin\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.datbinary
MD5:E49C56350AEDF784BFE00E444B879672
SHA256:A8BD235303668981563DFB5AAE338CB802817C4060E2C199B7C84901D57B7E1E
3568google-chrome.tmpC:\Users\admin\AppData\Local\Temp\is-7S5D4.tmp\is-KN86O.initext
MD5:95F5F681F8097D9016D89658C518B63F
SHA256:A7DD889DDC41F124EE1DA7C96A788E4BD8A35801D9CAB10F6C33730B26E1833B
3568google-chrome.tmpC:\Users\admin\AppData\Local\Temp\is-7S5D4.tmp\bs2g9b_m6WzN3j\Accept_buttons_100.pngimage
MD5:BC52D119BEAA537CB23FD9E6F53710E2
SHA256:536CCCA55B50E67864ECC7388E498AD6567E271CC79C6FF52C592BC9CA034AB9
3568google-chrome.tmpC:\Users\admin\AppData\Local\Temp\is-7S5D4.tmp\CallbackCtrl.dllexecutable
MD5:F07E819BA2E46A897CFABF816D7557B2
SHA256:68F42A7823ED7EE88A5C59020AC52D4BBCADF1036611E96E470D986C8FAA172D
6692google-chrome.exeC:\Users\admin\AppData\Local\Temp\is-5A8NP.tmp\google-chrome.tmpexecutable
MD5:2BCF53937AF8C18C515AFE33E93519FF
SHA256:10375714CB2F03C6BFFD4274DF3DF62C89F3D7BD80CB526FB7805D7BCE274ECA
3568google-chrome.tmpC:\Users\admin\AppData\Local\Temp\is-7S5D4.tmp\bs2g9b_m6WzN3j\Accept_buttons_200.pngimage
MD5:66ED96978B9869BEA3AE689B265FC1FE
SHA256:65A8D030FC4508ACE386703F90455B98DCB042F9C8BB5A083C95436A2AC75E61
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
48
DNS requests
27
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1552
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7148
GoogleUpdate.exe
GET
200
142.250.186.163:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
whitelisted
7148
GoogleUpdate.exe
GET
200
142.250.185.99:80
http://c.pki.goog/r/r1.crl
unknown
whitelisted
7148
GoogleUpdate.exe
GET
200
142.250.184.195:80
http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDzySkSNBgXtBKLijHUmMxR
unknown
whitelisted
7148
GoogleUpdate.exe
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome/o7tujekrb3s3ybnrwp5n2taize_130.0.6723.92/130.0.6723.92_chrome_installer.exe
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6944
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5488
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4360
SearchApp.exe
2.23.209.130:443
www.bing.com
Akamai International B.V.
GB
whitelisted
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
23.32.185.131:80
www.microsoft.com
AKAMAI-AS
BR
whitelisted
4
System
192.168.100.255:138
whitelisted
1552
svchost.exe
20.190.159.64:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
www.bing.com
  • 2.23.209.130
  • 2.23.209.182
  • 2.23.209.187
  • 2.23.209.189
  • 2.23.209.176
  • 2.23.209.185
  • 2.23.209.179
  • 2.23.209.149
  • 2.23.209.177
whitelisted
crl.microsoft.com
  • 2.16.241.19
  • 2.16.241.12
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.microsoft.com
  • 23.32.185.131
  • 184.30.21.171
whitelisted
google.com
  • 142.250.185.142
whitelisted
login.live.com
  • 20.190.159.64
  • 20.190.159.75
  • 20.190.159.23
  • 20.190.159.0
  • 20.190.159.68
  • 20.190.159.4
  • 40.126.31.67
  • 20.190.159.73
whitelisted
cfg.datarcv.ru
  • 35.228.27.190
unknown
th.bing.com
  • 2.23.209.185
  • 2.23.209.179
  • 2.23.209.140
  • 2.23.209.187
  • 2.23.209.182
  • 2.23.209.176
  • 2.23.209.149
  • 2.23.209.133
  • 2.23.209.177
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE - Served Attached HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
google-chrome.zip