URL:

https://www.youtube.com/post/UgkxFaX8PdSwj5TgHkVmDjhdJxfYHylxq7r6

Full analysis: https://app.any.run/tasks/7c7ac832-6e16-402d-a568-83d86c3ac8f8
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: August 17, 2024, 20:55:29
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
lumma
loader
xmrig
susp-powershell
Indicators:
MD5:

3AD069A03392FA637615DAD6150E5F88

SHA1:

67537F71C7E8DDF99496B75E7F2C2B853B18E7B8

SHA256:

2076601D4B35107EA51EE6D3A0C7FC7765194899279D940CF9DDFCEDC790928D

SSDEEP:

3:N8DSLUxGTKVKN+22BzIZq4Wa:2OLUxGJNyIwBa

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • LUMMA has been detected (YARA)

      • Adоbe_Activator.exe (PID: 4996)

    • Actions looks like stealing of personal data

      • Adоbe_Activator.exe (PID: 4996)

    • Scans artifacts that could help determine the target

      • Installer.exe (PID: 3696)

    • XMRig has been detected

      • RegSvcs.exe (PID: 5484)

    • Uses Task Scheduler to run other applications

      • cmd.exe (PID: 6276)
      • cmd.exe (PID: 3700)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 6972)
      • WinRAR.exe (PID: 1448)

    • Reads Microsoft Outlook installation path

      • hh.exe (PID: 7124)

    • Reads Internet Explorer settings

      • hh.exe (PID: 7124)

    • Searches for installed software

      • Adоbe_Activator.exe (PID: 4996)

    • Potential Corporate Privacy Violation

      • Adоbe_Activator.exe (PID: 4996)

    • Connects to the server without a host name

      • Adоbe_Activator.exe (PID: 4996)

    • Process requests binary or script from the Internet

      • Adоbe_Activator.exe (PID: 4996)

    • Executable content was dropped or overwritten

      • Adоbe_Activator.exe (PID: 4996)
      • 4M81E5STMJPLDX2MZ0M0FVDFBX.exe (PID: 2336)
      • 7z.exe (PID: 3684)
      • cmd.exe (PID: 4560)

    • Drops the executable file immediately after the start

      • Adоbe_Activator.exe (PID: 4996)
      • 4M81E5STMJPLDX2MZ0M0FVDFBX.exe (PID: 2336)
      • 7z.exe (PID: 1860)
      • 7z.exe (PID: 7028)
      • 7z.exe (PID: 6984)
      • 7z.exe (PID: 6708)
      • 7z.exe (PID: 3692)
      • 7z.exe (PID: 3684)
      • cmd.exe (PID: 4560)

    • Drops 7-zip archiver for unpacking

      • 4M81E5STMJPLDX2MZ0M0FVDFBX.exe (PID: 2336)

    • Reads security settings of Internet Explorer

      • 4M81E5STMJPLDX2MZ0M0FVDFBX.exe (PID: 2336)
      • Installer.exe (PID: 3696)

    • Executing commands from a ".bat" file

      • 4M81E5STMJPLDX2MZ0M0FVDFBX.exe (PID: 2336)

    • Reads the date of Windows installation

      • 4M81E5STMJPLDX2MZ0M0FVDFBX.exe (PID: 2336)

    • Starts CMD.EXE for commands execution

      • 4M81E5STMJPLDX2MZ0M0FVDFBX.exe (PID: 2336)
      • RegSvcs.exe (PID: 5484)

    • The executable file from the user directory is run by the CMD process

      • 7z.exe (PID: 7160)
      • 7z.exe (PID: 1860)
      • 7z.exe (PID: 5492)
      • 7z.exe (PID: 7028)
      • 7z.exe (PID: 6984)
      • 7z.exe (PID: 6708)
      • 7z.exe (PID: 3692)
      • 7z.exe (PID: 3684)
      • Installer.exe (PID: 3696)

    • Uses ATTRIB.EXE to modify file attributes

      • cmd.exe (PID: 4560)

    • Base64-obfuscated command line is found

      • cmd.exe (PID: 3904)

    • BASE64 encoded PowerShell command has been detected

      • cmd.exe (PID: 3904)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 3904)

    • Creates file in the systems drive root

      • RegSvcs.exe (PID: 5484)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 6300)

    • Reads Microsoft Office registry keys

      • chrome.exe (PID: 6300)
      • hh.exe (PID: 7124)

    • Manual execution by a user

      • Taskmgr.exe (PID: 5072)
      • Taskmgr.exe (PID: 5540)
      • WinRAR.exe (PID: 6972)
      • hh.exe (PID: 7124)
      • WinRAR.exe (PID: 1448)
      • Adоbe_Activator.exe (PID: 4996)
      • Taskmgr.exe (PID: 376)
      • Taskmgr.exe (PID: 4084)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 6276)
      • WinRAR.exe (PID: 6972)
      • WinRAR.exe (PID: 1448)

    • Reads security settings of Internet Explorer

      • Taskmgr.exe (PID: 5540)
      • hh.exe (PID: 7124)
      • Taskmgr.exe (PID: 4084)

    • The process uses the downloaded file

      • WinRAR.exe (PID: 6972)
      • chrome.exe (PID: 7152)
      • WinRAR.exe (PID: 1448)

    • Creates files or folders in the user directory

      • hh.exe (PID: 7124)

    • Checks proxy server information

      • hh.exe (PID: 7124)
      • Installer.exe (PID: 3696)
      • RegSvcs.exe (PID: 5484)

    • Checks supported languages

      • Adоbe_Activator.exe (PID: 4996)
      • 4M81E5STMJPLDX2MZ0M0FVDFBX.exe (PID: 2336)
      • mode.com (PID: 1164)
      • 7z.exe (PID: 7160)
      • 7z.exe (PID: 5492)
      • 7z.exe (PID: 7028)
      • 7z.exe (PID: 6984)
      • 7z.exe (PID: 6708)
      • 7z.exe (PID: 3692)
      • 7z.exe (PID: 3684)
      • Installer.exe (PID: 3696)
      • RegSvcs.exe (PID: 5484)
      • TextInputHost.exe (PID: 6616)
      • 7z.exe (PID: 1860)

    • Reads the computer name

      • Adоbe_Activator.exe (PID: 4996)
      • 4M81E5STMJPLDX2MZ0M0FVDFBX.exe (PID: 2336)
      • 7z.exe (PID: 5492)
      • 7z.exe (PID: 7160)
      • 7z.exe (PID: 1860)
      • 7z.exe (PID: 7028)
      • 7z.exe (PID: 6984)
      • 7z.exe (PID: 6708)
      • 7z.exe (PID: 3692)
      • Installer.exe (PID: 3696)
      • RegSvcs.exe (PID: 5484)
      • TextInputHost.exe (PID: 6616)
      • 7z.exe (PID: 3684)

    • Reads the software policy settings

      • Adоbe_Activator.exe (PID: 4996)
      • RegSvcs.exe (PID: 5484)

    • Create files in a temporary directory

      • Adоbe_Activator.exe (PID: 4996)
      • 4M81E5STMJPLDX2MZ0M0FVDFBX.exe (PID: 2336)
      • 7z.exe (PID: 5492)
      • 7z.exe (PID: 1860)
      • 7z.exe (PID: 7160)
      • hh.exe (PID: 7124)
      • 7z.exe (PID: 7028)
      • 7z.exe (PID: 6984)
      • 7z.exe (PID: 6708)
      • 7z.exe (PID: 3692)
      • RegSvcs.exe (PID: 5484)
      • 7z.exe (PID: 3684)

    • Process checks computer location settings

      • 4M81E5STMJPLDX2MZ0M0FVDFBX.exe (PID: 2336)

    • Reads the machine GUID from the registry

      • RegSvcs.exe (PID: 5484)

    • Creates files in the program directory

      • RegSvcs.exe (PID: 5484)

    • Reads Environment values

      • RegSvcs.exe (PID: 5484)

    • Disables trace logs

      • RegSvcs.exe (PID: 5484)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 7080)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 7080)

    • Found Base64 encoded access to Windows Defender via PowerShell (YARA)

      • RegSvcs.exe (PID: 5484)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Lumma

(PID) Process(4996) Adоbe_Activator.exe
C2 (9)deallerospfosu.shop
excavtaionps.shop
quialitsuzoxm.shop
bassizcellskz.shop
writerospzm.shop
celebratioopz.shop
mennyudosirso.shop
languagedscie.shop
complaintsipzzx.shop
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
200
Monitored processes
55
Malicious processes
6
Suspicious processes
3

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs rundll32.exe no specs chrome.exe no specs chrome.exe no specs taskmgr.exe no specs taskmgr.exe chrome.exe no specs winrar.exe chrome.exe hh.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe #LUMMA adоbe_activator.exe chrome.exe no specs chrome.exe chrome.exe no specs 4m81e5stmjpldx2mz0m0fvdfbx.exe cmd.exe conhost.exe no specs mode.com no specs 7z.exe no specs 7z.exe no specs 7z.exe 7z.exe 7z.exe 7z.exe 7z.exe 7z.exe attrib.exe no specs installer.exe THREAT regsvcs.exe cmd.exe no specs conhost.exe no specs powershell.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs schtasks.exe no specs schtasks.exe no specs textinputhost.exe no specs taskmgr.exe no specs taskmgr.exe

Process information

PID
CMD
Path
Indicators
Parent process
320"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5484 --field-trial-handle=1948,i,15845554808953510256,8036278281005323399,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
376"C:\WINDOWS\system32\taskmgr.exe" /4C:\Windows\System32\Taskmgr.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Task Manager
Exit code:
3221226540
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskmgr.exe
c:\windows\system32\ntdll.dll
1164mode 65,10C:\Windows\System32\mode.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
DOS Device MODE Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\mode.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1168"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5256 --field-trial-handle=1948,i,15845554808953510256,8036278281005323399,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1448"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\Adobe Aсtivаtor.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
1073807364
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
18607z.exe e extracted/file_6.zip -oextractedC:\Users\admin\AppData\Local\Temp\main\7z.exe
cmd.exe
User:
admin
Company:
Igor Pavlov
Integrity Level:
MEDIUM
Description:
7-Zip Console
Exit code:
0
Version:
19.00
Modules
Images
c:\users\admin\appdata\local\temp\main\7z.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2096"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=4340 --field-trial-handle=1948,i,15845554808953510256,8036278281005323399,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2132"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5452 --field-trial-handle=1948,i,15845554808953510256,8036278281005323399,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2336C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
2336"C:\Users\admin\AppData\Local\Temp\4M81E5STMJPLDX2MZ0M0FVDFBX.exe"C:\Users\admin\AppData\Local\Temp\4M81E5STMJPLDX2MZ0M0FVDFBX.exe
Adоbe_Activator.exe
User:
admin
Company:
AnalystSoft Inc
Integrity Level:
MEDIUM
Description:
StatPlus v7
Exit code:
0
Version:
7.7.0.0
Modules
Images
c:\users\admin\appdata\local\temp\4m81e5stmjpldx2mz0m0fvdfbx.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
Total events
41 829
Read events
41 682
Write events
133
Delete events
14

Modification events

(PID) Process:(6300) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6300) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6300) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(6300) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(6300) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6300) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(6300) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6300) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(6300) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(6300) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid
Value:
Executable files
134
Suspicious files
545
Text files
90
Unknown types
226

Dropped files

PID
Process
Filename
Type
6300chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
6300chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
6300chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old
MD5:
SHA256:
6300chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RFe6695.TMP
MD5:
SHA256:
6300chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6300chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
6300chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RFe66b4.TMP
MD5:
SHA256:
6300chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old
MD5:
SHA256:
6300chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RFe6780.TMPtext
MD5:390E3C6EDCE7036BB6F52670DC24ABAD
SHA256:D6F1B47CD05A8E1FAD989DEEC22ED67EA9A013C2DE0CCAFD68A539F69BD0DD70
6300chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datbinary
MD5:FC81892AC822DCBB09441D3B58B47125
SHA256:FB077C966296D02D50CCBF7F761D2A3311A206A784A7496F331C2B0D6AD205C8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
92
DNS requests
71
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6980
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acpwgztbwfoncirbnabzhkegyrnq_2024.8.16.1/jflhchccmppkfebkiaminageehmchikm_2024.08.16.01_all_lzg2ssjkav3gspc4jdhypwhjqa.crx3
unknown
whitelisted
4672
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6980
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acpwgztbwfoncirbnabzhkegyrnq_2024.8.16.1/jflhchccmppkfebkiaminageehmchikm_2024.08.16.01_all_lzg2ssjkav3gspc4jdhypwhjqa.crx3
unknown
whitelisted
6980
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acpwgztbwfoncirbnabzhkegyrnq_2024.8.16.1/jflhchccmppkfebkiaminageehmchikm_2024.08.16.01_all_lzg2ssjkav3gspc4jdhypwhjqa.crx3
unknown
whitelisted
4540
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6980
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
6980
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
1128
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6980
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
6980
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4080
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
1116
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6568
chrome.exe
142.250.184.206:443
www.youtube.com
GOOGLE
US
whitelisted
6300
chrome.exe
239.255.255.250:1900
whitelisted
6568
chrome.exe
142.251.31.84:443
accounts.google.com
GOOGLE
US
unknown
6568
chrome.exe
216.58.206.46:443
consent.youtube.com
GOOGLE
US
whitelisted
6568
chrome.exe
172.217.18.10:443
fonts.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
  • 51.104.136.2
whitelisted
google.com
  • 216.58.206.78
whitelisted
www.youtube.com
  • 142.250.184.206
  • 142.250.185.238
  • 216.58.206.78
  • 142.250.185.174
  • 142.250.186.110
  • 216.58.212.174
  • 142.250.181.238
  • 142.250.186.142
  • 142.250.184.238
  • 142.250.74.206
  • 172.217.16.142
  • 172.217.18.14
  • 172.217.16.206
  • 142.250.186.78
  • 142.250.185.206
  • 142.250.186.46
whitelisted
accounts.google.com
  • 142.251.31.84
whitelisted
consent.youtube.com
  • 216.58.206.46
whitelisted
www.gstatic.com
  • 142.250.186.35
whitelisted
fonts.googleapis.com
  • 172.217.18.10
whitelisted
fonts.gstatic.com
  • 142.250.186.99
whitelisted
www.google.com
  • 142.250.181.228
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted

Threats

PID
Process
Class
Message
4996
Adоbe_Activator.exe
Potentially Bad Traffic
ET INFO Executable Download from dotted-quad Host
4996
Adоbe_Activator.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
4996
Adоbe_Activator.exe
Potentially Bad Traffic
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
4996
Adоbe_Activator.exe
Misc Attack
ET DROP Spamhaus DROP Listed Traffic Inbound group 23
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.youtube.com/post/UgkxFaX8PdSwj5TgHkVmDjhdJxfYHylxq7r6