File name:

thisisnotavirus (2).exe

Full analysis: https://app.any.run/tasks/e61445f3-ddf9-4807-acd1-c22a16cc42a7
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: January 12, 2025, 11:09:23
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

D728BBCC0FDC2754FF8FD4E780E960E9

SHA1:

6B884735341C0B20D2777A7BCD638569D7DC7E6E

SHA256:

41B7C4E14556E250414614EAE2DC81046D90D0F7DC33992ADB200DA331714BC6

SSDEEP:

49152:v0C2XL4fvYztb4pQlo4cp5Uu+IuFLwCOK5XD4GyGwGrqlaq1fg6prKvC0oeyR/mn:cXXL4Iztb4pQiWu+hLwCO2XD4GFwyql1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • setup.exe (PID: 1612)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • thisisnotavirus (2).exe (PID: 540)
      • thisisnotavirus (2).exe (PID: 2680)
      • 131.0.6778.265_chrome_installer.exe (PID: 4036)
      • setup.exe (PID: 1612)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)
      • 131.0.6778.265_chrome_installer.exe (PID: 4840)
      • setup.exe (PID: 5592)

    • Reads security settings of Internet Explorer

      • GoogleUpdate.exe (PID: 1296)
      • GoogleUpdate.exe (PID: 1512)
      • GoogleUpdate.exe (PID: 6484)

    • Potential Corporate Privacy Violation

      • svchost.exe (PID: 6760)

    • Process requests binary or script from the Internet

      • svchost.exe (PID: 6760)

    • Application launched itself

      • setup.exe (PID: 6984)
      • setup.exe (PID: 1612)
      • setup.exe (PID: 3612)
      • GoogleUpdate.exe (PID: 1512)
      • setup.exe (PID: 5592)
      • setup.exe (PID: 3780)
      • GoogleUpdate.exe (PID: 6484)

    • Creates a software uninstall entry

      • chrome.exe (PID: 7092)
      • setup.exe (PID: 1612)
      • setup.exe (PID: 5592)

    • Checks Windows Trust Settings

      • GoogleUpdate.exe (PID: 1512)
      • GoogleUpdate.exe (PID: 6484)

    • Searches for installed software

      • setup.exe (PID: 1612)
      • setup.exe (PID: 5592)

  • INFO

    • The sample compiled with english language support

      • thisisnotavirus (2).exe (PID: 540)
      • svchost.exe (PID: 6760)
      • thisisnotavirus (2).exe (PID: 2680)
      • 131.0.6778.265_chrome_installer.exe (PID: 4036)
      • setup.exe (PID: 1612)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)
      • 131.0.6778.265_chrome_installer.exe (PID: 4840)
      • setup.exe (PID: 5592)

    • Checks supported languages

      • thisisnotavirus (2).exe (PID: 540)
      • GoogleUpdate.exe (PID: 1296)
      • setup.exe (PID: 5640)
      • setup.exe (PID: 6984)
      • setup.exe (PID: 7080)
      • GoogleUpdateOnDemand.exe (PID: 5920)
      • GoogleUpdate.exe (PID: 6992)
      • elevation_service.exe (PID: 3032)
      • thisisnotavirus (2).exe (PID: 2680)
      • GoogleUpdate.exe (PID: 3544)
      • GoogleUpdate.exe (PID: 3032)
      • 131.0.6778.265_chrome_installer.exe (PID: 4036)
      • setup.exe (PID: 1612)
      • GoogleUpdate.exe (PID: 732)
      • GoogleUpdate.exe (PID: 1512)
      • setup.exe (PID: 3612)
      • GoogleUpdate.exe (PID: 6224)
      • elevation_service.exe (PID: 1080)
      • GoogleUpdate.exe (PID: 5628)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)
      • GoogleUpdate.exe (PID: 2392)
      • setup.exe (PID: 5592)
      • setup.exe (PID: 5912)
      • GoogleUpdate.exe (PID: 2548)
      • GoogleUpdate.exe (PID: 6484)
      • setup.exe (PID: 3780)
      • setup.exe (PID: 6084)
      • GoogleUpdate.exe (PID: 5400)
      • GoogleUpdate.exe (PID: 624)

    • Create files in a temporary directory

      • thisisnotavirus (2).exe (PID: 540)
      • svchost.exe (PID: 6760)

    • The sample compiled with german language support

      • thisisnotavirus (2).exe (PID: 540)
      • thisisnotavirus (2).exe (PID: 2680)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)

    • The sample compiled with spanish language support

      • thisisnotavirus (2).exe (PID: 540)
      • thisisnotavirus (2).exe (PID: 2680)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)

    • The sample compiled with czech language support

      • thisisnotavirus (2).exe (PID: 540)
      • thisisnotavirus (2).exe (PID: 2680)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)

    • The sample compiled with bulgarian language support

      • thisisnotavirus (2).exe (PID: 540)
      • thisisnotavirus (2).exe (PID: 2680)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)

    • The sample compiled with arabic language support

      • thisisnotavirus (2).exe (PID: 540)
      • thisisnotavirus (2).exe (PID: 2680)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)

    • The sample compiled with french language support

      • thisisnotavirus (2).exe (PID: 540)
      • thisisnotavirus (2).exe (PID: 2680)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)

    • The sample compiled with Indonesian language support

      • thisisnotavirus (2).exe (PID: 540)
      • thisisnotavirus (2).exe (PID: 2680)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)

    • The sample compiled with Italian language support

      • thisisnotavirus (2).exe (PID: 540)
      • thisisnotavirus (2).exe (PID: 2680)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)

    • The sample compiled with japanese language support

      • thisisnotavirus (2).exe (PID: 540)
      • thisisnotavirus (2).exe (PID: 2680)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)

    • The sample compiled with korean language support

      • thisisnotavirus (2).exe (PID: 540)
      • thisisnotavirus (2).exe (PID: 2680)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)

    • The sample compiled with polish language support

      • thisisnotavirus (2).exe (PID: 540)
      • thisisnotavirus (2).exe (PID: 2680)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)

    • The sample compiled with portuguese language support

      • thisisnotavirus (2).exe (PID: 540)
      • thisisnotavirus (2).exe (PID: 2680)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)

    • The sample compiled with slovak language support

      • thisisnotavirus (2).exe (PID: 540)
      • thisisnotavirus (2).exe (PID: 2680)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)

    • The sample compiled with swedish language support

      • thisisnotavirus (2).exe (PID: 540)
      • thisisnotavirus (2).exe (PID: 2680)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)

    • The sample compiled with russian language support

      • thisisnotavirus (2).exe (PID: 540)
      • thisisnotavirus (2).exe (PID: 2680)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)

    • The sample compiled with turkish language support

      • thisisnotavirus (2).exe (PID: 540)
      • thisisnotavirus (2).exe (PID: 2680)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)

    • The sample compiled with chinese language support

      • thisisnotavirus (2).exe (PID: 540)
      • thisisnotavirus (2).exe (PID: 2680)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)

    • Reads the computer name

      • GoogleUpdate.exe (PID: 1296)
      • setup.exe (PID: 6984)
      • GoogleUpdate.exe (PID: 6992)
      • elevation_service.exe (PID: 3032)
      • GoogleUpdate.exe (PID: 3032)
      • GoogleUpdate.exe (PID: 732)
      • GoogleUpdate.exe (PID: 1512)
      • 131.0.6778.265_chrome_installer.exe (PID: 4036)
      • setup.exe (PID: 1612)
      • setup.exe (PID: 3612)
      • GoogleUpdate.exe (PID: 6224)
      • GoogleUpdate.exe (PID: 6872)
      • elevation_service.exe (PID: 1080)
      • GoogleUpdate.exe (PID: 5628)
      • setup.exe (PID: 3780)

    • Creates files in the program directory

      • setup.exe (PID: 6984)
      • GoogleUpdate.exe (PID: 3032)
      • GoogleUpdate.exe (PID: 1512)
      • 131.0.6778.265_chrome_installer.exe (PID: 4036)
      • setup.exe (PID: 1612)
      • GoogleUpdate.exe (PID: 732)
      • GoogleUpdate.exe (PID: 6872)
      • GoogleUpdate.exe (PID: 5628)
      • GoogleUpdate.exe (PID: 2548)
      • 131.0.6778.265_chrome_installer.exe (PID: 4840)
      • GoogleUpdate.exe (PID: 6484)
      • setup.exe (PID: 5592)
      • setup.exe (PID: 3780)
      • GoogleUpdate.exe (PID: 624)

    • Application launched itself

      • chrome.exe (PID: 7092)
      • chrome.exe (PID: 6852)
      • chrome.exe (PID: 3052)

    • Executes as Windows Service

      • elevation_service.exe (PID: 3032)
      • elevation_service.exe (PID: 1080)
      • elevation_service.exe (PID: 904)

    • Process checks computer location settings

      • GoogleUpdate.exe (PID: 1296)
      • GoogleUpdate.exe (PID: 2392)

    • The process uses the downloaded file

      • chrome.exe (PID: 3696)
      • chrome.exe (PID: 6692)
      • chrome.exe (PID: 6632)
      • chrome.exe (PID: 6488)
      • chrome.exe (PID: 5256)
      • chrome.exe (PID: 6824)
      • chrome.exe (PID: 5888)
      • chrome.exe (PID: 7048)
      • chrome.exe (PID: 4144)

    • Manual execution by a user

      • thisisnotavirus (2).exe (PID: 2680)
      • shekel-ILS-generator-מומו-הפרה.exe (PID: 7044)

    • Reads the software policy settings

      • GoogleUpdate.exe (PID: 1512)
      • GoogleUpdate.exe (PID: 2548)
      • GoogleUpdate.exe (PID: 6484)

    • Reads the machine GUID from the registry

      • GoogleUpdate.exe (PID: 1512)
      • GoogleUpdate.exe (PID: 6484)

    • Checks proxy server information

      • GoogleUpdate.exe (PID: 1512)
      • GoogleUpdate.exe (PID: 2548)
      • GoogleUpdate.exe (PID: 6484)
      • GoogleUpdate.exe (PID: 624)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:11:17 06:15:40+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.2
CodeSize: 96256
InitializedDataSize: 1258496
UninitializedDataSize: -
EntryPoint: 0x5374
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.3.36.342
ProductVersionNumber: 1.3.36.342
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Google LLC
FileDescription: Google Update Setup
FileVersion: 1.3.36.342
InternalName: Google Update Setup
LegalCopyright: Copyright 2018 Google LLC
OriginalFileName: GoogleUpdateSetup.exe
ProductName: Google Update
ProductVersion: 1.3.36.342
LanguageId: en
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
239
Monitored processes
94
Malicious processes
5
Suspicious processes
5

Behavior graph

Click at the process to see the details
start thisisnotavirus (2).exe googleupdate.exe no specs googleupdatesetup.exe svchost.exe setup.exe no specs setup.exe no specs setup.exe no specs googleupdateondemand.exe no specs googleupdate.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe elevation_service.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs thisisnotavirus (2).exe googleupdate.exe no specs googleupdate.exe no specs googleupdate.exe googleupdate.exe 131.0.6778.265_chrome_installer.exe setup.exe setup.exe no specs setup.exe no specs setup.exe no specs googleupdate.exe googleupdateondemand.exe no specs googleupdate.exe no specs chrome.exe chrome.exe no specs elevation_service.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs shekel-ils-generator-מומו-הפרה.exe googleupdate.exe no specs googleupdate.exe no specs googleupdate.exe googleupdate.exe 131.0.6778.265_chrome_installer.exe setup.exe setup.exe no specs setup.exe no specs setup.exe no specs googleupdate.exe googleupdateondemand.exe no specs googleupdate.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs elevation_service.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
540"C:\Users\admin\AppData\Local\Temp\thisisnotavirus (2).exe" C:\Users\admin\AppData\Local\Temp\thisisnotavirus (2).exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Update Setup
Exit code:
0
Version:
1.3.36.342
Modules
Images
c:\users\admin\appdata\local\temp\thisisnotavirus (2).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
624"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3972,i,13892223484897028799,15318239977901411589,262144 --variations-seed-version --mojo-platform-channel-handle=3876 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
131.0.6778.265
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\131.0.6778.265\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
624"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi41MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins3QjFEODlGQS1BRkUyLTQ5NTctQURFMi02MEZEQTU2NUY2OTR9IiB1c2VyaWQ9Ins1QzNBN0E5Qi1DODlFLTRCNEUtQkQzNS0xNTE1NUFBNjAyN0Z9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgcmVxdWVzdGlkPSJ7RjJDRUVFREEtMzc0OC00ODdBLUI3ODktREM1RkMyOEVBNjcxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI0IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M0MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzEuMC42Nzc4LjI2NSIgYXA9Ing2NC1zdGFibGUtc3RhdHNkZWZfMSIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxMjc1IiBpbnN0YWxsZGF0ZT0iNjI2NSIgaWlkPSJ7NTJEQzg2NEItQkIzMS0xODQ5LTM2ODktM0EwQjAwRkE3RDY4fSIgY29ob3J0PSIxOmd1L2kxOToiIGNvaG9ydG5hbWU9IlN0YWJsZSBJbnN0YWxscyAmYW1wOyBWZXJzaW9uIFBpbnMiPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY2MDgiIHVwZGF0ZV9jaGVja190aW1lX21zPSIzMTMiIHRvdGFsPSIxMTYwODUxMDQiIGluc3RhbGxfdGltZV9tcz0iMTY4MDciLz48L2FwcD48L3JlcXVlc3Q-C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
GoogleUpdate.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Installer
Exit code:
0
Version:
1.3.36.51
628"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateOnDemand.exe" -EmbeddingC:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateOnDemand.exesvchost.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Update
Exit code:
0
Version:
1.3.36.371
732"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNDIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi41MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InszQkVCNjFCMS01MkE4LTQyMjEtQTQ2Mi05RTMzN0FDN0YxRjZ9IiB1c2VyaWQ9Ins1QzNBN0E5Qi1DODlFLTRCNEUtQkQzNS0xNTE1NUFBNjAyN0Z9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgcmVxdWVzdGlkPSJ7MEZDRjIwRkMtQUJGQS00OTU2LUFBNzQtRTAzNDVGQjJEQUU1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI0IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9Ins0MzBGRDREMC1CNzI5LTRGNjEtQUEzNC05MTUyNjQ4MTc5OUR9IiB2ZXJzaW9uPSIxLjMuMzYuMzcyIiBuZXh0dmVyc2lvbj0iMS4zLjM2LjM0MiIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBpaWQ9Ins1MkRDODY0Qi1CQjMxLTE4NDktMzY4OS0zQTBCMDBGQTdENjh9Ij48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjEyNSIvPjwvYXBwPjwvcmVxdWVzdD4C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
GoogleUpdate.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Installer
Exit code:
0
Version:
1.3.36.51
Modules
Images
c:\program files (x86)\google\update\googleupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
904"C:\Program Files\Google\Chrome\Application\131.0.6778.265\elevation_service.exe"C:\Program Files\Google\Chrome\Application\131.0.6778.265\elevation_service.exeservices.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Chrome
Exit code:
0
Version:
131.0.6778.265
1076"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations=is-enterprise-managed=no --field-trial-handle=2028,i,12877373629243320313,7778230138385387701,262144 --variations-seed-version=20250109-180111.451000 --mojo-platform-channel-handle=2164 /prefetch:3C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
131.0.6778.265
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1080"C:\Program Files\Google\Chrome\Application\131.0.6778.265\elevation_service.exe"C:\Program Files\Google\Chrome\Application\131.0.6778.265\elevation_service.exeservices.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Chrome
Exit code:
0
Version:
131.0.6778.265
Modules
Images
c:\program files\google\chrome\application\131.0.6778.265\elevation_service.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
1172"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations=is-enterprise-managed=no --field-trial-handle=6540,i,13892223484897028799,15318239977901411589,262144 --variations-seed-version --mojo-platform-channel-handle=7024 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
131.0.6778.265
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\131.0.6778.265\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1296C:\Users\admin\AppData\Local\Temp\GUM47CA.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={52DC864B-BB31-1849-3689-3A0B00FA7D68}&lang=en&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"C:\Users\admin\AppData\Local\Temp\GUM47CA.tmp\GoogleUpdate.exethisisnotavirus (2).exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Installer
Exit code:
0
Version:
1.3.36.341
Modules
Images
c:\users\admin\appdata\local\temp\gum47ca.tmp\googleupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
28 331
Read events
26 968
Write events
1 321
Delete events
42

Modification events

(PID) Process:(1296) GoogleUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Update
Operation:delete valueName:uid
Value:
(PID) Process:(1296) GoogleUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Update
Operation:delete valueName:old-uid
Value:
(PID) Process:(6760) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
Operation:writeName:PerfMMFileName
Value:
Global\MMF_BITScafd159e-2ecd-4ea0-9811-048e45798101
(PID) Process:(6992) GoogleUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Update
Operation:delete valueName:uid
Value:
(PID) Process:(6992) GoogleUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Update
Operation:delete valueName:old-uid
Value:
(PID) Process:(7092) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(7092) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(7092) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(7092) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(7092) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
1
Executable files
222
Suspicious files
259
Text files
123
Unknown types
0

Dropped files

PID
Process
Filename
Type
540thisisnotavirus (2).exeC:\Users\admin\AppData\Local\Temp\GUM47CA.tmp\GoogleCrashHandler.exeexecutable
MD5:C281EA9D8B6E02E9992A39F2EDCEFDDF
SHA256:A9FFFF9A0636E35C0B0661A05705D3C74A2613BE52093F892EFDC370F2FB4453
540thisisnotavirus (2).exeC:\Users\admin\AppData\Local\Temp\GUM47CA.tmp\goopdate.dllexecutable
MD5:5FC51ADD59269589FA3E515AABD49C91
SHA256:7D8A5276B0309DF7A2EBBC58CBD64235797B34FE77EDE2BB61A67C7C791C6917
540thisisnotavirus (2).exeC:\Users\admin\AppData\Local\Temp\GUM47CA.tmp\GoogleUpdateBroker.exeexecutable
MD5:7C05B63BF3CFAE5010A04071C6ECD07D
SHA256:7E58E7579011DF8B24F33346BC932CE6F2ABA7376D01097312FF5815782BE215
540thisisnotavirus (2).exeC:\Users\admin\AppData\Local\Temp\GUM47CA.tmp\GoogleUpdateComRegisterShell64.exeexecutable
MD5:8506A7617F993ECDB00E21F52EFF95E2
SHA256:8B1A4A549001D926BE2E4E06C6820964B7155EC9EC87E28E1735CEBE7B0048DB
540thisisnotavirus (2).exeC:\Users\admin\AppData\Local\Temp\GUM47CA.tmp\goopdateres_bg.dllexecutable
MD5:7A524191EB27B5EF81D5A108ECA2E76F
SHA256:544E49BFFD37E40BB642F3ABA26D3D72690075530107B58F391770068B958881
540thisisnotavirus (2).exeC:\Users\admin\AppData\Local\Temp\GUM47CA.tmp\GoogleUpdateOnDemand.exeexecutable
MD5:4048326647B0EF91A5482CE8376AE451
SHA256:13192B58B8451C1199142C7019E9155D4CBCD0DAAFA75856AE1725807F366351
540thisisnotavirus (2).exeC:\Users\admin\AppData\Local\Temp\GUM47CA.tmp\psuser_64.dllexecutable
MD5:64682D933592424293715A0F0537FF5E
SHA256:846944ED179020B845C9A7C00EB8F32381ACAB2A36B6861844A0FD622240B435
540thisisnotavirus (2).exeC:\Users\admin\AppData\Local\Temp\GUM47CA.tmp\psmachine.dllexecutable
MD5:3BBA20B8DFC2BCC2922337C704F4CBE0
SHA256:649BEC6FD855BD04ACAFEC34E79B63B59B5E5EBC3DF9C96BBE94F2271F874506
540thisisnotavirus (2).exeC:\Users\admin\AppData\Local\Temp\GUM47CA.tmp\goopdateres_am.dllexecutable
MD5:16D24C3EE7BD990D606CC1AE1B36F0C6
SHA256:C183203D266B6F0122F75CB035CFAC59B264C03467434DA64CA9AE10AFB085EF
540thisisnotavirus (2).exeC:\Users\admin\AppData\Local\Temp\GUM47CA.tmp\psmachine_64.dllexecutable
MD5:F649464FD54FD078411C15F16338CA32
SHA256:85F0A315B46FE4F34815A6F59BBFD8293C64AE001BFE1E69541BA6A873B43B69
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
92
DNS requests
96
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6628
GoogleUpdate.exe
GET
200
142.250.185.99:80
http://c.pki.goog/r/r1.crl
unknown
whitelisted
6628
GoogleUpdate.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
whitelisted
6760
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome/acqsprlbw3zm3i5cnpla7vn2oy7q_131.0.6778.265/131.0.6778.265_chrome_installer.exe
unknown
whitelisted
6760
svchost.exe
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome/acqsprlbw3zm3i5cnpla7vn2oy7q_131.0.6778.265/131.0.6778.265_chrome_installer.exe
unknown
whitelisted
6732
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6628
GoogleUpdate.exe
GET
200
142.250.185.131:80
http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.37.237.227:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
2.16.204.150:443
www.bing.com
Akamai International B.V.
DE
whitelisted
20.190.159.0:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
23.35.238.131:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
142.250.185.131:443
update.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 23.37.237.227
  • 95.101.149.131
whitelisted
google.com
  • 142.250.185.206
whitelisted
www.bing.com
  • 2.16.204.150
  • 2.16.204.147
  • 2.16.204.138
  • 2.16.204.145
  • 2.16.204.153
  • 2.16.204.151
  • 2.16.204.141
  • 2.16.204.143
  • 2.16.204.139
  • 2.23.227.215
  • 2.23.227.208
whitelisted
login.live.com
  • 20.190.159.0
  • 20.190.159.73
  • 20.190.159.68
  • 40.126.31.71
  • 40.126.31.73
  • 20.190.159.2
  • 20.190.159.71
  • 20.190.159.75
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
update.googleapis.com
  • 142.250.185.131
whitelisted
dl.google.com
  • 142.250.185.238
whitelisted

Threats

PID
Process
Class
Message
6760
svchost.exe
Misc activity
ET INFO EXE - Served Attached HTTP
6760
svchost.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
thisisnotavirus (2).exe