File name:

AceSetup.exe

Full analysis: https://app.any.run/tasks/d335bb8a-a4ba-44ed-8b28-0b2b4b63430d
Verdict: Malicious activity
Analysis date: March 19, 2026, 18:17:59
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-reg
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 11 sections
MD5:

04292215615EF87FE6F3CCB00C6198A5

SHA1:

8FB94C3C1464CF05977830DC0A8D324F7CF2F481

SHA256:

2689B724DF84619CA23FA5FD145EF3DAB03E97E37C5E0FF17C9BE051AA1B3883

SSDEEP:

98304:71CyO7aOIjbclELP3X/58MuoszqirYlUlXRBDB4ycZXpeiNSQyeMs13RuLdSPzDz:EeMsoPf2EImocaLL

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • AceSetup.exe (PID: 8164)
      • updater.exe (PID: 7764)
      • AceSetup.exe (PID: 6472)
      • updater.exe (PID: 4384)
      • updater.exe (PID: 7336)
      • updater.exe (PID: 6532)
      • updater.exe (PID: 3552)
      • updater.exe (PID: 3692)
      • mini_installer.exe (PID: 7948)
      • setup.exe (PID: 7908)
      • setup.exe (PID: 6872)
      • setup.exe (PID: 5772)
      • setup.exe (PID: 8160)
      • chrmstp.exe (PID: 2396)
      • chrmstp.exe (PID: 2164)
      • chrmstp.exe (PID: 6912)
      • chrmstp.exe (PID: 4104)
      • ace.exe (PID: 8120)
      • ace.exe (PID: 7244)
      • ace.exe (PID: 7204)
      • ace.exe (PID: 1788)
      • elevation_service.exe (PID: 7276)
      • ace.exe (PID: 7616)
      • ace.exe (PID: 7740)
      • ace.exe (PID: 2260)
      • ace.exe (PID: 5708)
      • ace.exe (PID: 5772)
      • chrmstp.exe (PID: 2828)
      • ace.exe (PID: 7448)
      • chrmstp.exe (PID: 3640)
      • chrmstp.exe (PID: 5240)
      • chrmstp.exe (PID: 7304)
      • ace.exe (PID: 6208)
      • ace.exe (PID: 4240)
      • ace.exe (PID: 7764)
      • ace.exe (PID: 6832)
      • ace.exe (PID: 684)
      • updater.exe (PID: 5116)
      • updater.exe (PID: 4816)
      • updater.exe (PID: 7760)
      • updater.exe (PID: 5224)
      • updater.exe (PID: 3084)
      • updater.exe (PID: 1312)
      • updater.exe (PID: 6748)
      • updater.exe (PID: 5752)
      • updater.exe (PID: 7512)
      • updater.exe (PID: 3276)
      • ace.exe (PID: 8036)
      • ace.exe (PID: 6532)
      • ace.exe (PID: 7892)
      • elevation_service.exe (PID: 4712)
      • elevation_service.exe (PID: 6260)
      • ace.exe (PID: 8252)
      • ace.exe (PID: 8296)
      • ace.exe (PID: 8740)
      • ace.exe (PID: 8848)
      • ace.exe (PID: 8784)

    • Changes the autorun value in the registry

      • setup.exe (PID: 7908)
      • ace.exe (PID: 8120)

  • SUSPICIOUS

    • Reads the date of Windows installation

      • AceSetup.exe (PID: 8164)
      • chrmstp.exe (PID: 2164)
      • chrmstp.exe (PID: 7304)

    • Application launched itself

      • updater.exe (PID: 7764)
      • AceSetup.exe (PID: 8164)
      • updater.exe (PID: 4384)
      • updater.exe (PID: 6532)
      • setup.exe (PID: 7908)
      • setup.exe (PID: 5772)
      • chrmstp.exe (PID: 2164)
      • chrmstp.exe (PID: 2396)
      • ace.exe (PID: 8120)
      • chrmstp.exe (PID: 2828)
      • chrmstp.exe (PID: 7304)
      • ace.exe (PID: 6208)
      • updater.exe (PID: 5116)
      • updater.exe (PID: 7760)
      • updater.exe (PID: 3084)
      • updater.exe (PID: 5752)
      • updater.exe (PID: 7512)

    • Executable content was dropped or overwritten

      • AceSetup.exe (PID: 6472)
      • updater.exe (PID: 4384)
      • updater.exe (PID: 7764)
      • mini_installer.exe (PID: 7948)
      • setup.exe (PID: 7908)

    • Executes as Windows Service

      • updater.exe (PID: 4384)
      • updater.exe (PID: 6532)
      • elevation_service.exe (PID: 7276)
      • updater.exe (PID: 5116)
      • updater.exe (PID: 5752)
      • updater.exe (PID: 7512)
      • elevation_service.exe (PID: 4712)
      • elevation_service.exe (PID: 6260)

    • Searches for installed software

      • setup.exe (PID: 7908)
      • setup.exe (PID: 5772)
      • chrmstp.exe (PID: 2396)
      • chrmstp.exe (PID: 2164)
      • chrmstp.exe (PID: 2828)
      • chrmstp.exe (PID: 7304)

    • Reads Mozilla Firefox installation path

      • ace.exe (PID: 8120)

  • INFO

    • The sample compiled with english language support

      • AceSetup.exe (PID: 8164)
      • AceSetup.exe (PID: 6472)
      • updater.exe (PID: 7764)
      • updater.exe (PID: 4384)
      • mini_installer.exe (PID: 7948)
      • setup.exe (PID: 7908)

    • Reads the machine GUID from the registry

      • AceSetup.exe (PID: 6472)
      • updater.exe (PID: 6532)
      • updater.exe (PID: 7764)
      • setup.exe (PID: 7908)
      • AceSetup.exe (PID: 8164)
      • ace.exe (PID: 8120)
      • ace.exe (PID: 8036)
      • updater.exe (PID: 7512)

    • Checks supported languages

      • AceSetup.exe (PID: 8164)
      • AceSetup.exe (PID: 6472)
      • updater.exe (PID: 7764)
      • updater.exe (PID: 3692)
      • updater.exe (PID: 4384)
      • updater.exe (PID: 7336)
      • updater.exe (PID: 3552)
      • mini_installer.exe (PID: 7948)
      • updater.exe (PID: 6532)
      • setup.exe (PID: 7908)
      • setup.exe (PID: 6872)
      • setup.exe (PID: 5772)
      • chrmstp.exe (PID: 2396)
      • setup.exe (PID: 8160)
      • chrmstp.exe (PID: 6912)
      • chrmstp.exe (PID: 2164)
      • ace.exe (PID: 7244)
      • ace.exe (PID: 8120)
      • ace.exe (PID: 7204)
      • ace.exe (PID: 1788)
      • ace.exe (PID: 7616)
      • elevation_service.exe (PID: 7276)
      • ace.exe (PID: 2260)
      • ace.exe (PID: 7740)
      • chrmstp.exe (PID: 4104)
      • ace.exe (PID: 5708)
      • ace.exe (PID: 5772)
      • chrmstp.exe (PID: 2828)
      • ace.exe (PID: 7448)
      • chrmstp.exe (PID: 3640)
      • chrmstp.exe (PID: 5240)
      • chrmstp.exe (PID: 7304)
      • ace.exe (PID: 6208)
      • ace.exe (PID: 4240)
      • ace.exe (PID: 7764)
      • ace.exe (PID: 6832)
      • ace.exe (PID: 684)
      • updater.exe (PID: 7760)
      • updater.exe (PID: 4816)
      • updater.exe (PID: 5116)
      • updater.exe (PID: 5224)
      • updater.exe (PID: 3084)
      • updater.exe (PID: 1312)
      • updater.exe (PID: 6748)
      • updater.exe (PID: 5752)
      • updater.exe (PID: 7512)
      • updater.exe (PID: 3276)
      • ace.exe (PID: 6532)
      • ace.exe (PID: 7892)
      • ace.exe (PID: 8036)
      • elevation_service.exe (PID: 4712)
      • elevation_service.exe (PID: 6260)
      • ace.exe (PID: 8296)
      • ace.exe (PID: 8252)
      • ace.exe (PID: 8740)
      • ace.exe (PID: 8784)
      • ace.exe (PID: 8848)

    • Reads security settings of Internet Explorer

      • AceSetup.exe (PID: 8164)
      • updater.exe (PID: 7764)
      • chrmstp.exe (PID: 2164)
      • ace.exe (PID: 8120)
      • chrmstp.exe (PID: 7304)

    • Reads the computer name

      • AceSetup.exe (PID: 6472)
      • updater.exe (PID: 7764)
      • updater.exe (PID: 4384)
      • AceSetup.exe (PID: 8164)
      • updater.exe (PID: 6532)
      • mini_installer.exe (PID: 7948)
      • setup.exe (PID: 7908)
      • setup.exe (PID: 5772)
      • chrmstp.exe (PID: 2396)
      • chrmstp.exe (PID: 2164)
      • ace.exe (PID: 8120)
      • ace.exe (PID: 1788)
      • elevation_service.exe (PID: 7276)
      • ace.exe (PID: 7204)
      • ace.exe (PID: 7448)
      • chrmstp.exe (PID: 2828)
      • chrmstp.exe (PID: 7304)
      • ace.exe (PID: 6208)
      • ace.exe (PID: 684)
      • updater.exe (PID: 5116)
      • updater.exe (PID: 7760)
      • updater.exe (PID: 3084)
      • updater.exe (PID: 5752)
      • ace.exe (PID: 6532)
      • ace.exe (PID: 8036)
      • updater.exe (PID: 7512)
      • elevation_service.exe (PID: 4712)
      • elevation_service.exe (PID: 6260)

    • Create files in a temporary directory

      • AceSetup.exe (PID: 6472)
      • ace.exe (PID: 8120)
      • ace.exe (PID: 8036)

    • Creates files in the program directory

      • updater.exe (PID: 7764)
      • updater.exe (PID: 3692)
      • updater.exe (PID: 4384)
      • AceSetup.exe (PID: 6472)
      • updater.exe (PID: 6532)
      • setup.exe (PID: 7908)
      • setup.exe (PID: 5772)
      • updater.exe (PID: 5116)
      • updater.exe (PID: 7512)

    • Process checks whether UAC notifications are on

      • updater.exe (PID: 7764)
      • updater.exe (PID: 6532)
      • updater.exe (PID: 4384)
      • updater.exe (PID: 5116)
      • updater.exe (PID: 7760)
      • updater.exe (PID: 3084)
      • updater.exe (PID: 5752)
      • updater.exe (PID: 7512)

    • Creates a software uninstall entry

      • setup.exe (PID: 7908)

    • Launching a file from a Registry key

      • setup.exe (PID: 7908)
      • ace.exe (PID: 8120)

    • Manual execution by a user

      • chrmstp.exe (PID: 2396)
      • ace.exe (PID: 8120)
      • ace.exe (PID: 6208)

    • Creates files or folders in the user directory

      • chrmstp.exe (PID: 2164)
      • ace.exe (PID: 8120)
      • ace.exe (PID: 7204)
      • chrmstp.exe (PID: 7304)
      • ace.exe (PID: 7244)

    • Reads CPU info

      • ace.exe (PID: 8120)

    • Reads Environment values

      • ace.exe (PID: 7244)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 0000:00:00 00:00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14
CodeSize: 3869184
InitializedDataSize: 8240128
UninitializedDataSize: -
EntryPoint: 0x371b70
OSVersion: 10
ImageVersion: -
SubsystemVersion: 10
Subsystem: Windows GUI
FileVersionNumber: 143.0.7512.0
ProductVersionNumber: 143.0.7512.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: BrowseAI LLC
FileDescription: Ace Installer (x64)
FileVersion: 143.0.7512.0
InternalName: Ace Installer (x64)
LegalCopyright: Copyright 1970 The BrowseAI LLC Authors. All rights reserved.
OriginalFileName: UpdaterSetup.exe
ProductName: Ace Installer (x64)
ProductVersion: 143.0.7512.0
CompanyShortName: BrowseAI LLC
ProductShortName: AceUpdater
LastChange: 0000000000000000000000000000000000000000
OfficialBuild: 1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
197
Monitored processes
57
Malicious processes
22
Suspicious processes
35

Behavior graph

Click at the process to see the details
start acesetup.exe acesetup.exe updater.exe updater.exe no specs updater.exe updater.exe no specs updater.exe updater.exe no specs mini_installer.exe setup.exe setup.exe no specs setup.exe no specs setup.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs ace.exe ace.exe no specs ace.exe no specs ace.exe elevation_service.exe no specs ace.exe no specs ace.exe no specs ace.exe no specs ace.exe no specs ace.exe no specs ace.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs ace.exe no specs ace.exe no specs ace.exe no specs ace.exe no specs ace.exe no specs updater.exe no specs updater.exe no specs updater.exe no specs updater.exe no specs updater.exe no specs updater.exe no specs updater.exe no specs updater.exe no specs updater.exe updater.exe no specs ace.exe ace.exe no specs ace.exe no specs elevation_service.exe no specs elevation_service.exe no specs ace.exe no specs ace.exe no specs ace.exe no specs ace.exe no specs ace.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
684"C:\Program Files\Ace\Ace\Application\ace.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --force-high-res-timeticks=disabled --metrics-shmem-handle=6128,i,12859276899772224991,17185636535111063009,524288 --field-trial-handle=2024,i,16965368572001827416,742399037448810407,262144 --variations-seed-version --trace-process-track-uuid=3190708997556373682 --mojo-platform-channel-handle=4944 /prefetch:8C:\Program Files\Ace\Ace\Application\ace.exeace.exe
User:
admin
Company:
BrowseAI LLC
Integrity Level:
LOW
Description:
Ace
Version:
143.0.7512.0
Modules
Images
c:\program files\ace\ace\application\ace.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\ace\ace\application\143.0.7512.0\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
1312"C:\Program Files (x86)\Ace\AceUpdater\143.0.7512.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Ace\AceUpdater\143.0.7512.0\Crashpad" --url=https://clients2.google.com/cr/staging_report --annotation=prod=AceUpdater --annotation=ver=143.0.7512.0 "--attachment=C:\Program Files (x86)\Ace\AceUpdater\updater.log" --initial-client-data=0x280,0x284,0x288,0x25c,0x28c,0x7ff6938c82ac,0x7ff6938c82b8,0x7ff6938c82c8C:\Program Files (x86)\Ace\AceUpdater\143.0.7512.0\updater.exeupdater.exe
User:
admin
Company:
BrowseAI LLC
Integrity Level:
MEDIUM
Description:
Ace Updater (x64)
Exit code:
0
Version:
143.0.7512.0
Modules
Images
c:\program files (x86)\ace\aceupdater\143.0.7512.0\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1788"C:\Program Files\Ace\Ace\Application\ace.exe" --type=gpu-process --force-high-res-timeticks=disabled --start-stack-profiler --gpu-preferences=SAAAAAAAAADgAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --metrics-shmem-handle=1868,i,7433690684388759205,9929338800428665582,262144 --field-trial-handle=2024,i,16965368572001827416,742399037448810407,262144 --variations-seed-version --trace-process-track-uuid=3190708988185955192 --mojo-platform-channel-handle=2016 /prefetch:2C:\Program Files\Ace\Ace\Application\ace.exeace.exe
User:
admin
Company:
BrowseAI LLC
Integrity Level:
LOW
Description:
Ace
Version:
143.0.7512.0
Modules
Images
c:\program files\ace\ace\application\ace.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\ace\ace\application\143.0.7512.0\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
2164"C:\Program Files\Ace\Ace\Application\143.0.7512.0\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Ace\Ace\Application\master_preferences" --create-shortcuts=1 --install-level=0C:\Program Files\Ace\Ace\Application\143.0.7512.0\Installer\chrmstp.exechrmstp.exe
User:
admin
Company:
BrowseAI LLC
Integrity Level:
MEDIUM
Description:
Ace Installer
Exit code:
73
Version:
143.0.7512.0
Modules
Images
c:\program files\ace\ace\application\143.0.7512.0\installer\chrmstp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2260"C:\Program Files\Ace\Ace\Application\ace.exe" --type=renderer --force-high-res-timeticks=disabled --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=5 --metrics-shmem-handle=3372,i,16808300296258580695,5785781131388612122,2097152 --field-trial-handle=2024,i,16965368572001827416,742399037448810407,262144 --variations-seed-version --trace-process-track-uuid=3190708990997080739 --mojo-platform-channel-handle=3380 /prefetch:1C:\Program Files\Ace\Ace\Application\ace.exeace.exe
User:
admin
Company:
BrowseAI LLC
Integrity Level:
LOW
Description:
Ace
Exit code:
0
Version:
143.0.7512.0
Modules
Images
c:\program files\ace\ace\application\ace.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\ace\ace\application\143.0.7512.0\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2396"C:\Program Files\Ace\Ace\Application\143.0.7512.0\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-levelC:\Program Files\Ace\Ace\Application\143.0.7512.0\Installer\chrmstp.exeexplorer.exe
User:
admin
Company:
BrowseAI LLC
Integrity Level:
MEDIUM
Description:
Ace Installer
Exit code:
0
Version:
143.0.7512.0
Modules
Images
c:\program files\ace\ace\application\143.0.7512.0\installer\chrmstp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2828"C:\Program Files\Ace\Ace\Application\143.0.7512.0\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settingsC:\Program Files\Ace\Ace\Application\143.0.7512.0\Installer\chrmstp.exeace.exe
User:
admin
Company:
BrowseAI LLC
Integrity Level:
MEDIUM
Description:
Ace Installer
Exit code:
0
Version:
143.0.7512.0
Modules
Images
c:\program files\ace\ace\application\143.0.7512.0\installer\chrmstp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3084"C:\Program Files (x86)\Ace\AceUpdater\143.0.7512.0\updater.exe" --wake --systemC:\Program Files (x86)\Ace\AceUpdater\143.0.7512.0\updater.exeupdater.exe
User:
admin
Company:
BrowseAI LLC
Integrity Level:
MEDIUM
Description:
Ace Updater (x64)
Exit code:
0
Version:
143.0.7512.0
Modules
Images
c:\program files (x86)\ace\aceupdater\143.0.7512.0\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
3276"C:\Program Files (x86)\Ace\AceUpdater\143.0.7512.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Ace\AceUpdater\143.0.7512.0\Crashpad" --url=https://clients2.google.com/cr/staging_report --annotation=prod=AceUpdater --annotation=ver=143.0.7512.0 "--attachment=C:\Program Files (x86)\Ace\AceUpdater\updater.log" --initial-client-data=0x268,0x26c,0x270,0x228,0x274,0x7ff6938c82ac,0x7ff6938c82b8,0x7ff6938c82c8C:\Program Files (x86)\Ace\AceUpdater\143.0.7512.0\updater.exeupdater.exe
User:
SYSTEM
Company:
BrowseAI LLC
Integrity Level:
SYSTEM
Description:
Ace Updater (x64)
Exit code:
0
Version:
143.0.7512.0
Modules
Images
c:\program files (x86)\ace\aceupdater\143.0.7512.0\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\gdi32.dll
3552"C:\Program Files (x86)\Ace\AceUpdater\143.0.7512.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Ace\AceUpdater\143.0.7512.0\Crashpad" --url=https://clients2.google.com/cr/staging_report --annotation=prod=AceUpdater --annotation=ver=143.0.7512.0 "--attachment=C:\Program Files (x86)\Ace\AceUpdater\updater.log" --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff6938c82ac,0x7ff6938c82b8,0x7ff6938c82c8C:\Program Files (x86)\Ace\AceUpdater\143.0.7512.0\updater.exeupdater.exe
User:
SYSTEM
Company:
BrowseAI LLC
Integrity Level:
SYSTEM
Description:
Ace Updater (x64)
Exit code:
0
Version:
143.0.7512.0
Modules
Images
c:\program files (x86)\ace\aceupdater\143.0.7512.0\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\gdi32.dll
Total events
33 788
Read events
33 446
Write events
330
Delete events
12

Modification events

(PID) Process:(7764) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ace\Update\Clients\{ccb30364-74c7-4a6e-9b50-bc5471c59a9b}
Operation:writeName:pv
Value:
143.0.7512.0
(PID) Process:(7764) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ace\Update\Clients\{ccb30364-74c7-4a6e-9b50-bc5471c59a9b}
Operation:writeName:name
Value:
AceUpdater
(PID) Process:(7764) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ace\Update\ClientState\{ccb30364-74c7-4a6e-9b50-bc5471c59a9b}
Operation:writeName:pv
Value:
143.0.7512.0
(PID) Process:(7764) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ace\Update\ClientState\{ccb30364-74c7-4a6e-9b50-bc5471c59a9b}
Operation:writeName:name
Value:
AceUpdater
(PID) Process:(7764) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16D4FF0C-1682-59F5-818A-B7C00B0E974A}
Operation:writeName:AppID
Value:
{16D4FF0C-1682-59F5-818A-B7C00B0E974A}
(PID) Process:(7764) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{16D4FF0C-1682-59F5-818A-B7C00B0E974A}
Operation:writeName:LocalService
Value:
AceUpdaterInternalService143.0.7512.0
(PID) Process:(7764) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{16D4FF0C-1682-59F5-818A-B7C00B0E974A}
Operation:writeName:ServiceParameters
Value:
--com-service
(PID) Process:(7764) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2709700C-57A4-520E-83E5-97BB645848B8}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(7764) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2709700C-57A4-520E-83E5-97BB645848B8}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(7764) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F9D7D28E-D840-5276-8ECB-CFC34046A035}\TypeLib
Operation:writeName:Version
Value:
1.0
Executable files
26
Suspicious files
666
Text files
213
Unknown types
0

Dropped files

PID
Process
Filename
Type
6472AceSetup.exeC:\Users\admin\AppData\Local\Temp\Ace6472_1290286730\UPDATER.PACKED.7Z
MD5:
SHA256:
6472AceSetup.exeC:\Users\admin\AppData\Local\Temp\Ace6472_1127368015\updater.7z
MD5:
SHA256:
6532updater.exeC:\Windows\SystemTemp\updater_chrome_url_fetcher_6532_1114745035\mini_installer___ACE-update-143-0-7512-0___x64___20260319153729.crx3
MD5:
SHA256:
6532updater.exeC:\Program Files (x86)\Ace\AceUpdater\crx_cache\e55eca03b8513ba98d3a996b4a551d0b399b037440e3f1235b836a8da0512da8
MD5:
SHA256:
6532updater.exeC:\Windows\SystemTemp\updater_chrome_Unpacker_BeginUnzipping6532_624392875\mini_installer.exe
MD5:
SHA256:
7948mini_installer.exeC:\Windows\SystemTemp\updater_chrome_Unpacker_BeginUnzipping6532_624392875\CR_5F8B1.tmp\CHROME.PACKED.7Z
MD5:
SHA256:
6472AceSetup.exeC:\Users\admin\AppData\Local\Temp\Ace6472_1127368015\bin\uninstall.cmdtext
MD5:37B06E59CF1AB59705A9B621A76E0BF1
SHA256:4C7FB6EDC3BDC0F12B11B3669F27DC7274EE0642EE0E00FE5B1A04D96A009DBD
7764updater.exeC:\Program Files (x86)\Ace\AceUpdater\143.0.7512.0\updater.exeexecutable
MD5:2B8A3A6DF6013AC004BBB6471156A52F
SHA256:77240967EC5C691063EDF2BD3BD6BF0279146A9CC0BFE54DBAFAF7EB01DC6B37
7948mini_installer.exeC:\Windows\SystemTemp\updater_chrome_Unpacker_BeginUnzipping6532_624392875\CR_5F8B1.tmp\SETUP.EX_compressed
MD5:BF10907054E8928E94C80CB42021EC37
SHA256:449A7B54B811CA0701940E591694ABBA1B0EDB64F67DC99FFD4DB9C4AECC6094
7764updater.exeC:\Program Files (x86)\Ace\AceUpdater\143.0.7512.0\uninstall.cmdtext
MD5:37B06E59CF1AB59705A9B621A76E0BF1
SHA256:4C7FB6EDC3BDC0F12B11B3669F27DC7274EE0642EE0E00FE5B1A04D96A009DBD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
264
TCP/UDP connections
133
DNS requests
87
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6532
updater.exe
GET
172.66.160.227:443
https://media.ace.ai/media/versions/ace/mini_installer___ACE-update-143-0-7512-0___x64___20260319153729.crx3
US
unknown
5276
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
680
svchost.exe
GET
200
23.216.77.36:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
POST
200
172.66.160.227:443
https://browser.ace.ai/analytics
US
text
2 b
unknown
6532
updater.exe
POST
200
34.8.74.205:443
https://update.ace.ai/ace/service/update2/json/74faf6cc-23bb-11f1-8ea5-ca9531f041b1@74faeff6-23bb-11f1-8ea5-ca9531f041b1@gs_23254517757_188924398485_800867627419@discoverAce?cup2key=1:UBFzHlRDbwe6y0H8l1_MBpkgIT1oAjqpA_AOgXkJPqE&cup2hreq=917ab07bbd8fd41d79151fb92b127a8d0592c73dd46c87a304cc646f6ac5319f
US
text
672 b
unknown
6532
updater.exe
POST
200
34.8.74.205:443
https://update.ace.ai/ace/service/update2/json/74faf6cc-23bb-11f1-8ea5-ca9531f041b1@74faeff6-23bb-11f1-8ea5-ca9531f041b1@gs_23254517757_188924398485_800867627419@discoverAce
US
117 b
unknown
6472
AceSetup.exe
POST
200
104.20.31.107:443
https://browser.ace.ai/analytics
US
2 b
unknown
7764
updater.exe
GET
404
142.251.155.119:443
https://dl.google.com/update2/installers/icons/%7B908aaf3d-6daa-4f36-a9b0-538d90bec8c1%7D.bmp?lang=en-US
US
text
1.42 Kb
whitelisted
POST
48.192.1.65:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
US
whitelisted
7764
updater.exe
GET
404
142.251.140.174:443
https://dl.google.com/update2/installers/icons/%7B908aaf3d-6daa-4f36-a9b0-538d90bec8c1%7D.bmp?lang=en-US
US
text
1.42 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
184.86.251.5:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
128.24.231.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
680
svchost.exe
23.216.77.36:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5276
MoUsoCoreWorker.exe
23.216.77.36:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
680
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
5276
MoUsoCoreWorker.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
7188
slui.exe
128.24.231.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
www.bing.com
  • 184.86.251.5
  • 184.86.251.27
  • 184.86.251.25
  • 184.86.251.21
  • 184.86.251.22
  • 184.86.251.20
  • 184.86.251.30
  • 184.86.251.24
  • 184.86.251.23
whitelisted
activation-v2.sls.microsoft.com
  • 128.24.231.65
whitelisted
google.com
  • 142.251.36.110
whitelisted
crl.microsoft.com
  • 23.216.77.36
  • 23.216.77.42
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 23.52.181.212
whitelisted
browser.ace.ai
  • 104.20.31.107
  • 172.66.160.227
unknown
update.ace.ai
  • 34.8.74.205
whitelisted
dl.google.com
  • 142.251.140.174
whitelisted
media.ace.ai
  • 172.66.160.227
  • 104.20.31.107
whitelisted

Threats

PID
Process
Class
Message
7764
updater.exe
Misc activity
ET INFO Observed UA-CPU Header
7204
ace.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
7204
ace.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AceSetup.exe