URL:

https://musiclab.chromeexperiments.com/Song-Maker/song/4913063796539392

Full analysis: https://app.any.run/tasks/5c8613cd-00da-431e-a415-bd17d1ffc46a
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Analysis date: August 31, 2024, 23:02:08
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
stealer
Indicators:
MD5:

AE63B3F76D2CF31AEA46DCC0D476BFD2

SHA1:

5FA5C63E341E8D702CC6906C8BD431FD8E69018D

SHA256:

5AAE3C499A9155CF37D1A1F599A75DDA11B70D828F7B114C531F106869E8DCA9

SSDEEP:

3:N8yJvNxf9M2K5S6tlWczn:2avN83/tdzn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Steals credentials from Web Browsers

      • taskhost.exe (PID: 1172)
      • setup.exe (PID: 3576)
    • Changes the autorun value in the registry

      • unregmp2.exe (PID: 2828)
      • regsvr32.exe (PID: 2464)
    • Create files in the Startup directory

      • regsvr32.exe (PID: 2464)
    • Actions looks like stealing of personal data

      • dllhost.exe (PID: 3828)
  • SUSPICIOUS

    • Uses RUNDLL32.EXE to load library

      • rundll32.exe (PID: 1020)
      • ie4uinit.exe (PID: 1804)
    • Executes as Windows Service

      • taskhost.exe (PID: 1172)
      • EOSNotify.exe (PID: 1344)
    • Reads the Internet Settings

      • taskhost.exe (PID: 1172)
      • sipnotify.exe (PID: 3940)
      • ie4uinit.exe (PID: 1804)
      • ie4uinit.exe (PID: 1100)
      • rundll32.exe (PID: 2672)
      • ie4uinit.exe (PID: 3812)
      • GettingStarted.exe (PID: 856)
      • migwiz.exe (PID: 368)
      • rundll32.exe (PID: 1020)
    • The process executes via Task Scheduler

      • sipnotify.exe (PID: 3940)
    • Reads Internet Explorer settings

      • ie4uinit.exe (PID: 1804)
    • Application launched itself

      • ie4uinit.exe (PID: 1804)
      • rundll32.exe (PID: 1020)
      • setup.exe (PID: 3576)
    • Write to the desktop.ini file (may be used to cloak folders)

      • ie4uinit.exe (PID: 1804)
      • unregmp2.exe (PID: 2828)
      • regsvr32.exe (PID: 2464)
      • ie4uinit.exe (PID: 1600)
    • Reads settings of System Certificates

      • sipnotify.exe (PID: 3940)
    • Changes default file association

      • unregmp2.exe (PID: 2828)
    • Changes the title of the Internet Explorer window

      • iexplore.exe (PID: 3392)
    • Changes internet zones settings

      • ie4uinit.exe (PID: 1804)
    • Reads Microsoft Outlook installation path

      • ie4uinit.exe (PID: 1804)
  • INFO

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3372)
      • ie4uinit.exe (PID: 1804)
      • ie4uinit.exe (PID: 1100)
      • unregmp2.exe (PID: 2828)
      • ie4uinit.exe (PID: 3812)
      • chrmstp.exe (PID: 3956)
      • setup.exe (PID: 3576)
      • regsvr32.exe (PID: 2464)
      • IMEKLMG.EXE (PID: 3356)
      • IMEKLMG.EXE (PID: 3544)
      • wmpnscfg.exe (PID: 120)
      • wmpnscfg.exe (PID: 3572)
      • GettingStarted.exe (PID: 856)
      • rundll32.exe (PID: 900)
      • migwiz.exe (PID: 368)
    • Reads the computer name

      • wmpnscfg.exe (PID: 3372)
      • IMEKLMG.EXE (PID: 3544)
      • setup.exe (PID: 3100)
      • setup.exe (PID: 3712)
      • IMEKLMG.EXE (PID: 3356)
      • wmpnscfg.exe (PID: 120)
      • wmpnscfg.exe (PID: 3572)
    • Application launched itself

      • chrome.exe (PID: 580)
      • chrmstp.exe (PID: 288)
      • chrmstp.exe (PID: 3956)
      • msedge.exe (PID: 4080)
      • iexplore.exe (PID: 3392)
      • msedge.exe (PID: 2336)
    • Reads security settings of Internet Explorer

      • sipnotify.exe (PID: 3940)
      • migwiz.exe (PID: 368)
      • ie4uinit.exe (PID: 1804)
    • Checks supported languages

      • wmpnscfg.exe (PID: 3372)
      • setup.exe (PID: 3576)
      • setup.exe (PID: 3100)
      • setup.exe (PID: 3712)
      • IMEKLMG.EXE (PID: 3544)
      • IMEKLMG.EXE (PID: 3356)
      • wmpnscfg.exe (PID: 120)
      • wmpnscfg.exe (PID: 3572)
      • IMKRMIG.EXE (PID: 2748)
    • Checks proxy server information

      • ie4uinit.exe (PID: 1804)
    • Reads the software policy settings

      • sipnotify.exe (PID: 3940)
    • Creates files in the program directory

      • ie4uinit.exe (PID: 1804)
      • chrmstp.exe (PID: 288)
      • chrmstp.exe (PID: 3956)
      • setup.exe (PID: 3100)
      • setup.exe (PID: 3576)
      • setup.exe (PID: 3712)
    • Process checks whether UAC notifications are on

      • IMEKLMG.EXE (PID: 3544)
      • IMEKLMG.EXE (PID: 3356)
    • The process uses the downloaded file

      • iexplore.exe (PID: 3276)
      • ie_to_edge_stub.exe (PID: 1848)
      • migwiz.exe (PID: 368)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
115
Monitored processes
58
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details

Process information

PID
CMD
Path
Indicators
Parent process
120"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
Administrator
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
288"C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exechrmstp.exe
User:
Administrator
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome Installer
Exit code:
73
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\109.0.5414.120\installer\chrmstp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shell32.dll
368"C:\Windows\System32\migwiz\migwiz.exe" C:\Windows\System32\migwiz\migwiz.exeexplorer.exe
User:
Administrator
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Easy Transfer Application
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\migwiz\migwiz.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
580"C:\Program Files\Google\Chrome\Application\chrome.exe" --disk-cache-dir=null --disk-cache-size=1 --media-cache-size=1 --disable-gpu-shader-disk-cache --disable-background-networking --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints "https://musiclab.chromeexperiments.com/Song-Maker/song/4913063796539392"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
856"C:\Windows\System32\GettingStarted.exe" {A97AF2A4-8EF1-49C1-8B4C-68B8AE925549} http://go.microsoft.com/fwlink/?LinkID=139460C:\Windows\System32\GettingStarted.exeexplorer.exe
User:
Administrator
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Getting Started
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\gettingstarted.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
900"C:\Windows\system32\rundll32.exe" C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcutC:\Windows\System32\rundll32.exeexplorer.exe
User:
Administrator
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
1020C:\Windows\System32\rundll32 C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /mC:\Windows\System32\rundll32.exeie4uinit.exe
User:
Administrator
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
1100"C:\Windows\System32\ie4uinit.exe" -EnableTLSC:\Windows\System32\ie4uinit.exeexplorer.exe
User:
Administrator
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
IE Per-User Initialization Utility
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\windows\system32\ie4uinit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1104"C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x160,0x164,0x168,0x134,0x16c,0x1418ba8,0x1418bb8,0x1418bc4C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exechrmstp.exe
User:
Administrator
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome Installer
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\109.0.5414.120\installer\chrmstp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shell32.dll
1136"C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x160,0x164,0x168,0x134,0x16c,0x1418ba8,0x1418bb8,0x1418bc4C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exechrmstp.exe
User:
Administrator
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome Installer
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\109.0.5414.120\installer\chrmstp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shell32.dll
Total events
79 535
Read events
77 835
Write events
1 446
Delete events
254

Modification events

(PID) Process:(580) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(580) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(580) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(580) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(580) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(580) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(580) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(580) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(580) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(580) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid
Value:
Executable files
6
Suspicious files
326
Text files
199
Unknown types
2

Dropped files

PID
Process
Filename
Type
580chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF82ae1.TMP
MD5:
SHA256:
580chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
580chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF82b00.TMPtext
MD5:ECD3386BCC950E73B86EB128A5F57622
SHA256:C9A068EAFBC587EDFC89392F64DDD350EEB96C5CF195CDB030BAB8F6DD33833B
580chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldtext
MD5:FA25AF7098FC1571F24F200A9D105D58
SHA256:4F40C87070B7A151FB241CCF36E7027AA703C15CA0ACB0A1759DA07B2C318574
580chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old~RF82d04.TMPtext
MD5:65239F35CB63C76EA1F59EF64F7AAFF4
SHA256:252EF82CC03FDE4BEF13CF81CD1AC5CE45854212D1A7359035E7A5D6BEDBE229
580chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Variationsbinary
MD5:961E3604F228B0D10541EBF921500C86
SHA256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
580chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RF834a5.TMP
MD5:
SHA256:
580chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old
MD5:
SHA256:
580chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datbinary
MD5:9C016064A1F864C8140915D77CF3389A
SHA256:0E7265D4A8C16223538EDD8CD620B8820611C74538E420A88E333BE7F62AC787
580chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Versiontext
MD5:9F941EA08DBDCA2EB3CFA1DBBBA6F5DC
SHA256:127F71DF0D2AD895D4F293E62284D85971AE047CA15F90B87BF6335898B0B655
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
153
DNS requests
49
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
304
199.232.210.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
US
whitelisted
3940
sipnotify.exe
HEAD
200
23.197.138.118:80
http://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2JgkA?v=133696225640720000
US
whitelisted
3940
sipnotify.exe
GET
200
23.197.138.118:80
http://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2JgkA?v=133696225640720000
US
compressed
78.4 Kb
whitelisted
3392
iexplore.exe
GET
200
87.248.204.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2d3a5fec2fc88c1b
US
compressed
4.66 Kb
whitelisted
3392
iexplore.exe
GET
200
87.248.204.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8b839b582e84608d
US
compressed
4.66 Kb
whitelisted
3392
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
US
binary
471 b
whitelisted
3276
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
US
binary
471 b
whitelisted
3392
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEA8fFXWCzc0zc0vcX82UGjM%3D
US
binary
312 b
whitelisted
3276
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
US
binary
471 b
whitelisted
3276
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
US
binary
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1060
svchost.exe
224.0.0.252:5355
whitelisted
1372
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3440
chrome.exe
142.250.186.179:443
musiclab.chromeexperiments.com
GOOGLE
US
whitelisted
580
chrome.exe
239.255.255.250:1900
whitelisted
3440
chrome.exe
173.194.76.84:443
accounts.google.com
GOOGLE
US
whitelisted
3440
chrome.exe
142.250.184.234:443
fonts.googleapis.com
GOOGLE
US
whitelisted
3440
chrome.exe
142.250.186.131:443
www.gstatic.com
GOOGLE
US
whitelisted
3440
chrome.exe
172.217.16.195:443
fonts.gstatic.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.78
whitelisted
musiclab.chromeexperiments.com
  • 142.250.186.179
whitelisted
accounts.google.com
  • 173.194.76.84
whitelisted
fonts.googleapis.com
  • 142.250.184.234
whitelisted
www.gstatic.com
  • 142.250.186.131
whitelisted
fonts.gstatic.com
  • 172.217.16.195
whitelisted
www.googletagmanager.com
  • 142.250.184.232
whitelisted
region1.google-analytics.com
  • 216.239.34.36
  • 216.239.32.36
whitelisted
storage.googleapis.com
  • 172.217.16.219
  • 172.217.18.27
  • 142.250.185.155
  • 142.250.184.219
  • 142.250.186.155
  • 142.250.185.91
  • 142.250.184.251
  • 142.250.186.123
  • 142.250.185.123
  • 142.250.186.59
  • 216.58.206.91
  • 172.217.18.123
  • 216.58.212.187
  • 216.58.206.59
  • 142.250.186.187
  • 216.58.212.155
whitelisted
content-autofill.googleapis.com
  • 216.58.212.138
  • 142.250.186.42
  • 216.58.206.74
  • 172.217.18.10
  • 142.250.184.202
  • 216.58.212.170
  • 142.250.185.234
  • 142.250.74.202
  • 142.250.185.202
  • 216.58.206.42
  • 172.217.16.138
  • 142.250.186.74
  • 142.250.186.138
  • 142.250.181.234
  • 172.217.16.202
  • 172.217.23.106
whitelisted

Threats

No threats detected
No debug info