File name:

WinSplit-Revolution-v11.04.exe

Full analysis: https://app.any.run/tasks/e7a0dd50-fdab-4277-b820-38b3195a4864
Verdict: Malicious activity
Analysis date: June 21, 2024, 19:12:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

B7417D3E1DB10DB8E6C19CAF69DFCC88

SHA1:

0F724101C1A3A8E678A2C188FA2FAC4DB5AA68B5

SHA256:

1D5B5B362EB5951A41DCD276F108C580A201D551E9ACF478B04D8E4DD64F1BA0

SSDEEP:

49152:doWXjpp7iK2+pSF2tpcw+I93VkhhWRYdsqGlyu0y1FK8ROVG6ciHnncelGlHpc5R:dCK2+YFlw+AVuhmYds9yu/FVAEdycel5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinSplit-Revolution-v11.04.exe (PID: 3708)

    • Changes the autorun value in the registry

      • WinSplit-Revolution-v11.04.exe (PID: 3708)
      • WinSplit.exe (PID: 2956)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • WinSplit-Revolution-v11.04.exe (PID: 3708)

    • The process creates files with name similar to system file names

      • WinSplit-Revolution-v11.04.exe (PID: 3708)

    • Reads security settings of Internet Explorer

      • WinSplit.exe (PID: 2956)

    • Creates a software uninstall entry

      • WinSplit-Revolution-v11.04.exe (PID: 3708)

    • Executable content was dropped or overwritten

      • WinSplit-Revolution-v11.04.exe (PID: 3708)

    • Reads the Internet Settings

      • WinSplit.exe (PID: 2956)

  • INFO

    • Creates files in the program directory

      • WinSplit-Revolution-v11.04.exe (PID: 3708)

    • Checks supported languages

      • WinSplit-Revolution-v11.04.exe (PID: 3708)
      • WinSplit.exe (PID: 2956)
      • WinSplitDrvr32.exe (PID: 3144)

    • Reads the computer name

      • WinSplit-Revolution-v11.04.exe (PID: 3708)
      • WinSplit.exe (PID: 2956)

    • Creates files or folders in the user directory

      • WinSplit-Revolution-v11.04.exe (PID: 3708)
      • WinSplit.exe (PID: 2956)

    • Create files in a temporary directory

      • WinSplit-Revolution-v11.04.exe (PID: 3708)

    • Manual execution by a user

      • explorer.exe (PID: 2864)
      • chrome.exe (PID: 3556)

    • Application launched itself

      • chrome.exe (PID: 3556)

    • Drops the executable file immediately after the start

      • chrome.exe (PID: 3016)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 3016)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (91.9)
.exe | Win32 Executable MS Visual C++ (generic) (3.3)
.exe | Win64 Executable (generic) (3)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:02:05 01:59:43+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23040
InitializedDataSize: 119808
UninitializedDataSize: 1024
EntryPoint: 0x30cb
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
64
Monitored processes
24
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winsplit-revolution-v11.04.exe winsplit.exe winsplitdrvr32.exe no specs explorer.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs winsplit-revolution-v11.04.exe no specs wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1164"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2348 --field-trial-handle=1152,i,1949941084794606166,10324797329714142124,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1364"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=1800 --field-trial-handle=1152,i,1949941084794606166,10324797329714142124,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1428"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=1600 --field-trial-handle=1152,i,1949941084794606166,10324797329714142124,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1608"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2152 --field-trial-handle=1152,i,1949941084794606166,10324797329714142124,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1856"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=1400 --field-trial-handle=1152,i,1949941084794606166,10324797329714142124,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1968"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=2968 --field-trial-handle=1152,i,1949941084794606166,10324797329714142124,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2180"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1268 --field-trial-handle=1152,i,1949941084794606166,10324797329714142124,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2296"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=3632 --field-trial-handle=1152,i,1949941084794606166,10324797329714142124,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2488"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1152,i,1949941084794606166,10324797329714142124,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2864"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
6 223
Read events
6 147
Write events
74
Delete events
2

Modification events

(PID) Process:(3708) WinSplit-Revolution-v11.04.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinSplit Revolution
Operation:writeName:DisplayName
Value:
WinSplit Revolution (v11.04)
(PID) Process:(3708) WinSplit-Revolution-v11.04.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinSplit Revolution
Operation:writeName:UninstallString
Value:
C:\Program Files\WinSplit Revolution\Uninstall.exe
(PID) Process:(3708) WinSplit-Revolution-v11.04.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinSplit Revolution
Operation:writeName:DisplayIcon
Value:
C:\Program Files\WinSplit Revolution\WinSplit.exe
(PID) Process:(3708) WinSplit-Revolution-v11.04.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinSplit Revolution
Operation:writeName:DisplayVersion
Value:
11.04
(PID) Process:(3708) WinSplit-Revolution-v11.04.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinSplit Revolution
Operation:writeName:URLInfoAbout
Value:
http://winsplit-revolution.com/
(PID) Process:(3708) WinSplit-Revolution-v11.04.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinSplit Revolution
Operation:writeName:Publisher
Value:
Raphael Lencrerot
(PID) Process:(3708) WinSplit-Revolution-v11.04.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinSplit Revolution
Operation:writeName:NoModify
Value:
1
(PID) Process:(3708) WinSplit-Revolution-v11.04.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinSplit Revolution
Operation:writeName:NoRepair
Value:
1
(PID) Process:(3708) WinSplit-Revolution-v11.04.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WinSplit Revolution
Operation:writeName:path
Value:
C:\Program Files\WinSplit Revolution
(PID) Process:(3708) WinSplit-Revolution-v11.04.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WinSplit Revolution
Operation:writeName:version
Value:
11.04
Executable files
15
Suspicious files
67
Text files
53
Unknown types
17

Dropped files

PID
Process
Filename
Type
3708WinSplit-Revolution-v11.04.exeC:\Users\admin\AppData\Local\Temp\nsiE433.tmp\InstallOptions.dllexecutable
MD5:07F44600B7EB220C2606E67A6D3F679D
SHA256:59F7EFFD3D516DABF92A41E9886C307BD26F0E0985D637414EBA1B3F9F720DAB
3708WinSplit-Revolution-v11.04.exeC:\Users\admin\AppData\Local\Temp\nsiE433.tmp\nsiE434.tmpini
MD5:A5ADD8498621FABA176A93330C9CE7AD
SHA256:BAF5630818DF9FBABFB2765C3536302EE812F1B51D01CA9AE39CB57926012D79
3708WinSplit-Revolution-v11.04.exeC:\Users\admin\AppData\Local\Temp\nsiE433.tmp\LangDLL.dllexecutable
MD5:0720405FAE191C6686A7C906492A5C94
SHA256:5A6D037C7C645BEA754CFA85744CCBEDDF781C4D073FEEC7BEADEEAA87C15546
3708WinSplit-Revolution-v11.04.exeC:\Program Files\WinSplit Revolution\WinSplitLib.dllexecutable
MD5:864F89A1B188A0EFC06A38884A70F56F
SHA256:C237DD9FE39AE4D8D78753F9617644E4C2B655ABD179BB4DD6C9EE7CDEE7F41A
3708WinSplit-Revolution-v11.04.exeC:\Program Files\WinSplit Revolution\WinSplitDrvr32.exeexecutable
MD5:6E4C258EF2FFCC1ABAC0FC5E147B5102
SHA256:F0AFD61CAAD6259ABBCC8B6F7A0C502257594AE700DE8AEE52F8064B367C73F5
3708WinSplit-Revolution-v11.04.exeC:\Users\admin\AppData\Local\Temp\nsiE433.tmp\modern-wizard.bmpimage
MD5:D7D7274A8173EA9480164551D960E965
SHA256:0A977F9342115EBF698501BA615F1C8A697B0876D846CC93A944BD65BB492895
3708WinSplit-Revolution-v11.04.exeC:\Program Files\WinSplit Revolution\Changelog.url.urlurl
MD5:A77CB83FC0A70E33FCC9318F5DEE806B
SHA256:294C4A4F92E3FD61C3A7489599568133325E574905F314F96483578201B09B58
3708WinSplit-Revolution-v11.04.exeC:\Users\admin\AppData\Local\Temp\nsiE433.tmp\nsDialogs.dllexecutable
MD5:BB0DD6CE18000934CF2475437FFC0A6E
SHA256:8A6BF3CA14E7FAED77707A2909224563F1C3F1FDC4D5115CD6E7DF728ED19F6B
3708WinSplit-Revolution-v11.04.exeC:\Program Files\WinSplit Revolution\WinSplit.exeexecutable
MD5:49ABBB2B8EF50AA7A91C6B722C63944F
SHA256:3041419C5626D49A9557135AFD383977CE01A62B96235021860677FC99AA04C0
3708WinSplit-Revolution-v11.04.exeC:\Program Files\WinSplit Revolution\images\auto_start_true.pngimage
MD5:2BE82398A46D0602CACC094F6A4C2CA7
SHA256:FEBD0A901E618BB514351F292F0860AB69212A2953454038BB87A04F42B16781
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
41
TCP/UDP connections
25
DNS requests
21
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
304
104.109.143.73:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
NL
unknown
2956
WinSplit.exe
GET
194.63.248.52:80
http://winsplit-revolution.com/Soft/LastVersion.txt
NO
unknown
844
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
US
binary
5.60 Kb
unknown
844
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
US
binary
8.49 Kb
unknown
844
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
US
binary
10.1 Kb
unknown
844
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
US
binary
10.0 Kb
unknown
844
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrfmbwxbmyhswwcjlue6bzgi6fa_990/efniojlnjndmcbiieegkicadnoecjjef_990_all_czgdhdxcsyzmlwtyfckpeootfa.crx3
US
binary
8.49 Kb
unknown
844
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrfmbwxbmyhswwcjlue6bzgi6fa_990/efniojlnjndmcbiieegkicadnoecjjef_990_all_czgdhdxcsyzmlwtyfckpeootfa.crx3
US
binary
23.6 Kb
unknown
844
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrfmbwxbmyhswwcjlue6bzgi6fa_990/efniojlnjndmcbiieegkicadnoecjjef_990_all_czgdhdxcsyzmlwtyfckpeootfa.crx3
US
binary
78.4 Kb
unknown
844
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrfmbwxbmyhswwcjlue6bzgi6fa_990/efniojlnjndmcbiieegkicadnoecjjef_990_all_czgdhdxcsyzmlwtyfckpeootfa.crx3
US
binary
35.1 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2564
svchost.exe
239.255.255.250:3702
whitelisted
1060
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1372
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2956
WinSplit.exe
194.63.248.52:80
winsplit-revolution.com
Domeneshop AS
NO
unknown
1372
svchost.exe
104.109.143.73:80
ctldl.windowsupdate.com
Akamai International B.V.
NL
unknown
1372
svchost.exe
23.209.125.19:80
crl.microsoft.com
Akamai International B.V.
NL
unknown
1372
svchost.exe
2.21.189.233:80
www.microsoft.com
Akamai International B.V.
GB
unknown
1060
svchost.exe
96.16.53.148:80
ctldl.windowsupdate.com
Akamai International B.V.
NL
unknown

DNS requests

Domain
IP
Reputation
winsplit-revolution.com
  • 194.63.248.52
unknown
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
ctldl.windowsupdate.com
  • 104.109.143.73
  • 104.109.143.95
  • 96.16.53.148
  • 96.16.53.137
whitelisted
crl.microsoft.com
  • 23.209.125.19
  • 23.209.125.34
  • 23.209.125.31
  • 23.209.125.26
whitelisted
www.microsoft.com
  • 2.21.189.233
whitelisted
clientservices.googleapis.com
  • 142.250.186.35
whitelisted
accounts.google.com
  • 108.177.15.84
shared
www.google.com
  • 216.58.206.36
whitelisted
update.googleapis.com
  • 142.250.185.227
whitelisted
www.googleapis.com
  • 142.250.181.234
  • 172.217.18.10
  • 216.58.212.170
  • 216.58.212.138
  • 142.250.186.74
  • 142.250.185.106
  • 142.250.185.234
  • 142.250.74.202
  • 142.250.185.138
  • 142.250.184.202
  • 142.250.186.42
  • 142.250.185.202
  • 216.58.206.42
  • 142.250.186.138
  • 142.250.186.170
  • 142.250.185.170
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
WinSplit-Revolution-v11.04.exe