analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://metuex.com/

Full analysis: https://app.any.run/tasks/07d0ccff-f789-47a4-aae8-58a503aa4272
Verdict: Malicious activity
Analysis date: January 15, 2022, 03:42:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

4FB9CD9B25D0AD5F76C73114DCB2A530

SHA1:

1F7ACD301EBC866A87993AB88A856543AFC2DAC4

SHA256:

3C4414A940C8B9DC33D380251E40A977FA8F5FB17E60B905EABA209A56E0A008

SSDEEP:

3:N8GA33:2Gs3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Metuex.exe (PID: 2380)
      • Metuex.exe (PID: 3152)
      • MeteuxApp.exe (PID: 2280)
      • MeteuxApp.exe (PID: 3896)
      • MeteuxApp.exe (PID: 3984)
      • MeteuxApp.exe (PID: 3300)
      • MeteuxApp.exe (PID: 2320)
      • MeteuxApp.exe (PID: 3100)
      • MeteuxApp.exe (PID: 2360)
    • Drops executable file immediately after starts

      • chrome.exe (PID: 2232)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 2204)
      • chrome.exe (PID: 2232)
      • Metuex.exe (PID: 2380)
    • Drops a file with a compile date too recent

      • chrome.exe (PID: 2204)
    • Checks supported languages

      • WinRAR.exe (PID: 3048)
      • Metuex.exe (PID: 2380)
      • cmd.exe (PID: 2280)
    • Reads the computer name

      • WinRAR.exe (PID: 3048)
      • Metuex.exe (PID: 2380)
    • Drops a file that was compiled in debug mode

      • chrome.exe (PID: 2232)
      • Metuex.exe (PID: 2380)
    • Drops a file with too old compile date

      • Metuex.exe (PID: 2380)
    • Creates a directory in Program Files

      • Metuex.exe (PID: 2380)
    • Creates files in the program directory

      • Metuex.exe (PID: 2380)
  • INFO

    • Checks supported languages

      • chrome.exe (PID: 2204)
      • chrome.exe (PID: 3344)
      • chrome.exe (PID: 2072)
      • chrome.exe (PID: 268)
      • chrome.exe (PID: 2376)
      • chrome.exe (PID: 2092)
      • chrome.exe (PID: 772)
      • chrome.exe (PID: 3920)
      • chrome.exe (PID: 1856)
      • chrome.exe (PID: 2596)
      • chrome.exe (PID: 784)
      • chrome.exe (PID: 3996)
      • chrome.exe (PID: 2748)
      • chrome.exe (PID: 2900)
      • chrome.exe (PID: 2016)
      • chrome.exe (PID: 3760)
      • chrome.exe (PID: 1368)
      • chrome.exe (PID: 2820)
      • chrome.exe (PID: 2332)
      • chrome.exe (PID: 1340)
      • chrome.exe (PID: 2232)
      • chrome.exe (PID: 3436)
      • chrome.exe (PID: 1516)
      • chrome.exe (PID: 2772)
      • chrome.exe (PID: 2316)
      • chrome.exe (PID: 1524)
      • chrome.exe (PID: 2436)
      • chrome.exe (PID: 2468)
      • chrome.exe (PID: 2096)
      • chrome.exe (PID: 472)
      • explorer.exe (PID: 1540)
    • Reads the computer name

      • chrome.exe (PID: 2204)
      • chrome.exe (PID: 772)
      • chrome.exe (PID: 2072)
      • chrome.exe (PID: 3920)
      • chrome.exe (PID: 1856)
      • chrome.exe (PID: 3996)
      • chrome.exe (PID: 784)
      • chrome.exe (PID: 3760)
      • chrome.exe (PID: 2332)
      • chrome.exe (PID: 1368)
      • chrome.exe (PID: 2096)
      • explorer.exe (PID: 1540)
      • chrome.exe (PID: 2436)
    • Reads the hosts file

      • chrome.exe (PID: 2204)
      • chrome.exe (PID: 772)
    • Application launched itself

      • chrome.exe (PID: 2204)
    • Reads settings of System Certificates

      • chrome.exe (PID: 772)
    • Checks Windows Trust Settings

      • chrome.exe (PID: 2204)
    • Reads the date of Windows installation

      • chrome.exe (PID: 1368)
    • Manual execution by user

      • WinRAR.exe (PID: 3048)
      • Metuex.exe (PID: 2380)
      • Metuex.exe (PID: 3152)
      • cmd.exe (PID: 2280)
      • MeteuxApp.exe (PID: 3984)
      • explorer.exe (PID: 1540)
      • MeteuxApp.exe (PID: 2360)
    • Dropped object may contain Bitcoin addresses

      • Metuex.exe (PID: 2380)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
89
Monitored processes
42
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs metuex.exe no specs metuex.exe meteuxapp.exe no specs meteuxapp.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs explorer.exe no specs meteuxapp.exe no specs cmd.exe no specs meteuxapp.exe no specs meteuxapp.exe no specs meteuxapp.exe no specs meteuxapp.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2204"C:\Program Files\Google\Chrome\Application\chrome.exe" --disk-cache-dir=null --disk-cache-size=1 --media-cache-size=1 --disable-gpu-shader-disk-cache --disable-background-networking "https://metuex.com/"C:\Program Files\Google\Chrome\Application\chrome.exe
Explorer.EXE
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
3344"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6e7ed988,0x6e7ed998,0x6e7ed9a4C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
2072"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,8965102213299568019,9844806936835758437,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgACAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1056 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
772"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1040,8965102213299568019,9844806936835758437,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1240 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
268"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,8965102213299568019,9844806936835758437,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
2376"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,8965102213299568019,9844806936835758437,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1864 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
2092"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,8965102213299568019,9844806936835758437,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
3920"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,8965102213299568019,9844806936835758437,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgACAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2700 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1856"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1040,8965102213299568019,9844806936835758437,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3176 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
784"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1040,8965102213299568019,9844806936835758437,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2636 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
Total events
14 308
Read events
14 115
Write events
0
Delete events
0

Modification events

No data
Executable files
15
Suspicious files
52
Text files
433
Unknown types
40

Dropped files

PID
Process
Filename
Type
2204chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61E242B6-89C.pma
MD5:
SHA256:
2204chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\2c9f2aa5-9008-4bbc-afe6-253875b587b3.tmptext
MD5:45647C57738A8DDEA957FCD2A7A0BF5C
SHA256:93233B249230E2565AEDC8E0C2A2D97F843165262B57D7B008A2CA7C40C95204
2204chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferencestext
MD5:45647C57738A8DDEA957FCD2A7A0BF5C
SHA256:93233B249230E2565AEDC8E0C2A2D97F843165262B57D7B008A2CA7C40C95204
2204chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF1130e1.TMPtext
MD5:D0BA19096D6C8F8DE58312E8D938E893
SHA256:AADE90A7B0984F3C719D528E4E6FAE3854E28B30363BDD4DF65037E69784A078
2204chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:5BD3C311F2136A7A88D3E197E55CF902
SHA256:FA331915E1797E59979A3E4BCC2BD0D3DEAA039B94D4DB992BE251FD02A224B9
2204chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF112d47.TMPtext
MD5:936EB7280DA791E6DD28EF3A9B46D39C
SHA256:CBAF2AFD831B32F6D1C12337EE5D2F090D6AE1F4DCB40B08BEF49BF52AD9721F
2204chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datbinary
MD5:9C016064A1F864C8140915D77CF3389A
SHA256:0E7265D4A8C16223538EDD8CD620B8820611C74538E420A88E333BE7F62AC787
2204chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.oldtext
MD5:5202CA4D6AF0C37DAEC0D528CC7F2986
SHA256:8F5B8FF94B14C36EA0CBE8FA0A4D165A632B45F834BBB7239E1A6CF6685F256C
2204chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldtext
MD5:7721CDA9F5B73CE8A135471EB53B4E0E
SHA256:DD730C576766A46FFC84E682123248ECE1FF1887EC0ACAB22A5CE93A450F4500
3344chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pmabinary
MD5:03C4F648043A88675A920425D824E1B3
SHA256:F91DBB7C64B4582F529C968C480D2DCE1C8727390482F31E4355A27BB3D9B450
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
73
TCP/UDP connections
32
DNS requests
33
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
860
svchost.exe
HEAD
403
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3
US
whitelisted
860
svchost.exe
HEAD
302
142.250.184.238:80
http://redirector.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3
US
whitelisted
860
svchost.exe
HEAD
200
74.125.105.106:80
http://r5---sn-aigl6nsk.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3?cms_redirect=yes&mh=8t&mip=185.192.69.73&mm=28&mn=sn-aigl6nsk&ms=nvh&mt=1642217785&mv=m&mvi=5&pl=25&rmhost=r3---sn-aigl6nsk.gvt1.com&shardbypass=yes&smhost=r3---sn-aigl6n76.gvt1.com
US
whitelisted
860
svchost.exe
GET
206
74.125.105.106:80
http://r5---sn-aigl6nsk.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3?cms_redirect=yes&mh=8t&mip=185.192.69.73&mm=28&mn=sn-aigl6nsk&ms=nvh&mt=1642217785&mv=m&mvi=5&pl=25&rmhost=r3---sn-aigl6nsk.gvt1.com&shardbypass=yes&smhost=r3---sn-aigl6n76.gvt1.com
US
binary
9.44 Kb
whitelisted
860
svchost.exe
GET
302
142.250.184.238:80
http://redirector.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3
US
html
614 b
whitelisted
860
svchost.exe
GET
302
142.250.184.238:80
http://redirector.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3
US
html
614 b
whitelisted
860
svchost.exe
GET
302
142.250.184.238:80
http://redirector.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3
US
html
614 b
whitelisted
860
svchost.exe
GET
206
74.125.105.106:80
http://r5---sn-aigl6nsk.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3?cms_redirect=yes&mh=8t&mip=185.192.69.73&mm=28&mn=sn-aigl6nsk&ms=nvh&mt=1642217785&mv=m&mvi=5&pl=25&rmhost=r3---sn-aigl6nsk.gvt1.com&shardbypass=yes&smhost=r3---sn-aigl6n76.gvt1.com
US
binary
5.63 Kb
whitelisted
860
svchost.exe
GET
206
74.125.105.106:80
http://r5---sn-aigl6nsk.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3?cms_redirect=yes&mh=8t&mip=185.192.69.73&mm=28&mn=sn-aigl6nsk&ms=nvh&mt=1642217785&mv=m&mvi=5&pl=25&rmhost=r3---sn-aigl6nsk.gvt1.com&shardbypass=yes&smhost=r3---sn-aigl6n76.gvt1.com
US
binary
9.45 Kb
whitelisted
860
svchost.exe
GET
206
74.125.105.106:80
http://r5---sn-aigl6nsk.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3?cms_redirect=yes&mh=8t&mip=185.192.69.73&mm=28&mn=sn-aigl6nsk&ms=nvh&mt=1642217785&mv=m&mvi=5&pl=25&rmhost=r3---sn-aigl6nsk.gvt1.com&shardbypass=yes&smhost=r3---sn-aigl6n76.gvt1.com
US
binary
20.7 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
772
chrome.exe
142.250.186.174:443
clients2.google.com
Google Inc.
US
whitelisted
860
svchost.exe
34.104.35.123:80
edgedl.me.gvt1.com
US
whitelisted
772
chrome.exe
142.250.185.238:443
sb-ssl.google.com
Google Inc.
US
whitelisted
772
chrome.exe
128.116.123.3:443
roblox.com
University Corporation for Atmospheric Research
US
suspicious
860
svchost.exe
142.250.184.238:80
redirector.gvt1.com
Google Inc.
US
whitelisted
772
chrome.exe
142.250.184.227:443
ssl.gstatic.com
Google Inc.
US
whitelisted
772
chrome.exe
173.236.168.129:443
metuex.com
New Dream Network, LLC
US
unknown
772
chrome.exe
142.250.186.99:443
update.googleapis.com
Google Inc.
US
whitelisted
772
chrome.exe
2.16.186.56:80
ctldl.windowsupdate.com
Akamai International B.V.
whitelisted
772
chrome.exe
142.250.185.77:443
accounts.google.com
Google Inc.
US
suspicious

DNS requests

Domain
IP
Reputation
clients2.google.com
  • 142.250.186.174
whitelisted
accounts.google.com
  • 142.250.185.77
shared
metuex.com
  • 173.236.168.129
unknown
ctldl.windowsupdate.com
  • 2.16.186.56
  • 2.16.186.81
whitelisted
roblox.com
  • 128.116.123.3
whitelisted
www.roblox.com
  • 128.116.123.3
whitelisted
ncs.roblox.com
  • 128.116.123.3
malicious
ssl.gstatic.com
  • 142.250.184.227
whitelisted
sb-ssl.google.com
  • 142.250.185.238
whitelisted
update.googleapis.com
  • 142.250.186.99
whitelisted

Threats

No threats detected
No debug info