URL:

https://bongacams.com/

Full analysis: https://app.any.run/tasks/3b668944-07cd-43b2-a76d-36d57c52e86f
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: January 10, 2024, 19:23:25
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

B6C140A523D4F40443F1B860C992B3E6

SHA1:

5E22247F9F4C9E255468CA9B5459425A3FB999C8

SHA256:

62116D350ED359DA05A92F8F9772FE3A384AC51987AE380524BDBB0DAE8E515B

SSDEEP:

3:N8urtn:2G

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • setup.exe (PID: 3100)

  • SUSPICIOUS

    • Disables SEHOP

      • GoogleUpdate.exe (PID: 876)

    • Creates/Modifies COM task schedule object

      • GoogleUpdate.exe (PID: 2800)

    • Reads the Internet Settings

      • GoogleUpdate.exe (PID: 2060)
      • GoogleUpdate.exe (PID: 2908)

    • Reads settings of System Certificates

      • GoogleUpdate.exe (PID: 2060)
      • GoogleUpdate.exe (PID: 2908)

    • Checks Windows Trust Settings

      • GoogleUpdate.exe (PID: 2908)

    • Reads security settings of Internet Explorer

      • GoogleUpdate.exe (PID: 2908)

    • Searches for installed software

      • setup.exe (PID: 3100)

    • Creates a software uninstall entry

      • setup.exe (PID: 3100)

  • INFO

    • Create files in a temporary directory

      • ChromeSetup.exe (PID: 1388)
      • GoogleUpdate.exe (PID: 2908)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 2036)
      • ChromeSetup.exe (PID: 1388)
      • GoogleUpdate.exe (PID: 876)
      • GoogleUpdateSetup.exe (PID: 680)
      • iexplore.exe (PID: 1740)
      • setup.exe (PID: 3100)
      • 109.0.5414.120_chrome_installer.exe (PID: 3192)

    • Reads the computer name

      • GoogleUpdate.exe (PID: 2464)
      • GoogleUpdate.exe (PID: 876)
      • GoogleUpdate.exe (PID: 568)
      • GoogleUpdate.exe (PID: 2800)
      • GoogleUpdate.exe (PID: 2060)
      • GoogleUpdate.exe (PID: 2908)
      • GoogleUpdate.exe (PID: 2436)
      • 109.0.5414.120_chrome_installer.exe (PID: 3192)
      • setup.exe (PID: 3100)
      • setup.exe (PID: 3188)
      • GoogleCrashHandler.exe (PID: 2776)
      • GoogleUpdate.exe (PID: 2768)
      • GoogleUpdate.exe (PID: 3640)
      • elevation_service.exe (PID: 2668)

    • Checks supported languages

      • ChromeSetup.exe (PID: 1388)
      • GoogleUpdate.exe (PID: 2464)
      • GoogleUpdateSetup.exe (PID: 680)
      • GoogleUpdate.exe (PID: 876)
      • GoogleUpdate.exe (PID: 568)
      • GoogleUpdate.exe (PID: 2800)
      • GoogleUpdate.exe (PID: 2060)
      • GoogleUpdate.exe (PID: 2908)
      • GoogleUpdate.exe (PID: 2436)
      • 109.0.5414.120_chrome_installer.exe (PID: 3192)
      • setup.exe (PID: 3100)
      • setup.exe (PID: 3128)
      • setup.exe (PID: 3188)
      • setup.exe (PID: 3080)
      • GoogleCrashHandler.exe (PID: 2776)
      • GoogleUpdateOnDemand.exe (PID: 3504)
      • GoogleUpdate.exe (PID: 2768)
      • GoogleUpdate.exe (PID: 3640)
      • elevation_service.exe (PID: 2668)

    • Application launched itself

      • iexplore.exe (PID: 2036)
      • setup.exe (PID: 3100)
      • setup.exe (PID: 3188)
      • GoogleUpdate.exe (PID: 2436)
      • chrome.exe (PID: 3652)

    • The process uses the downloaded file

      • iexplore.exe (PID: 2036)
      • ChromeSetup.exe (PID: 1388)
      • chrome.exe (PID: 2500)
      • chrome.exe (PID: 4004)
      • chrome.exe (PID: 2984)

    • Creates files in the program directory

      • GoogleUpdate.exe (PID: 876)
      • GoogleUpdate.exe (PID: 568)
      • GoogleUpdate.exe (PID: 2908)
      • GoogleUpdate.exe (PID: 2060)
      • GoogleUpdate.exe (PID: 2436)
      • GoogleUpdateSetup.exe (PID: 680)
      • 109.0.5414.120_chrome_installer.exe (PID: 3192)
      • GoogleUpdate.exe (PID: 2800)
      • setup.exe (PID: 3100)
      • setup.exe (PID: 3188)
      • GoogleCrashHandler.exe (PID: 2776)
      • GoogleUpdate.exe (PID: 2768)

    • Reads the machine GUID from the registry

      • GoogleUpdate.exe (PID: 876)
      • GoogleUpdate.exe (PID: 2908)
      • GoogleUpdate.exe (PID: 2436)
      • GoogleUpdate.exe (PID: 2464)
      • GoogleUpdate.exe (PID: 2060)
      • setup.exe (PID: 3100)
      • setup.exe (PID: 3188)
      • GoogleUpdate.exe (PID: 2768)
      • GoogleUpdate.exe (PID: 3640)
      • elevation_service.exe (PID: 2668)

    • Executes as Windows Service

      • GoogleUpdate.exe (PID: 2436)
      • elevation_service.exe (PID: 2668)

    • Checks proxy server information

      • GoogleUpdate.exe (PID: 2908)

    • Creates files or folders in the user directory

      • GoogleUpdate.exe (PID: 2908)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
86
Monitored processes
44
Malicious processes
6
Suspicious processes
1

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe chromesetup.exe no specs googleupdate.exe no specs googleupdatesetup.exe googleupdate.exe no specs googleupdate.exe no specs googleupdate.exe no specs googleupdate.exe googleupdate.exe googleupdate.exe 109.0.5414.120_chrome_installer.exe no specs setup.exe setup.exe no specs setup.exe no specs setup.exe no specs googlecrashhandler.exe no specs googleupdate.exe googleupdateondemand.exe no specs googleupdate.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs elevation_service.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
568"C:\Program Files\Google\Update\GoogleUpdate.exe" /regsvcC:\Program Files\Google\Update\GoogleUpdate.exeGoogleUpdate.exe
User:
admin
Company:
Google Inc.
Integrity Level:
HIGH
Description:
Google Installer
Exit code:
0
Version:
1.3.33.23
Modules
Images
c:\program files\google\update\googleupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
680"C:\Users\admin\AppData\Local\Temp\GUM4C37.tmp\GoogleUpdateSetup.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={0E973500-F801-6AAE-5113-0DA8ACE95549}&lang=en&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=stable-arch_x86-statsdef_1&installdataindex=defaultbrowser" /installelevated /nomitagC:\Users\admin\AppData\Local\Temp\GUM4C37.tmp\GoogleUpdateSetup.exe
GoogleUpdate.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Update Setup
Exit code:
0
Version:
1.3.36.352
Modules
Images
c:\users\admin\appdata\local\temp\gum4c37.tmp\googleupdatesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
876"C:\Program Files\Google\Temp\GUM5466.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={0E973500-F801-6AAE-5113-0DA8ACE95549}&lang=en&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=stable-arch_x86-statsdef_1&installdataindex=defaultbrowser" /installelevatedC:\Program Files\Google\Temp\GUM5466.tmp\GoogleUpdate.exeGoogleUpdateSetup.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Installer
Exit code:
0
Version:
1.3.36.351
Modules
Images
c:\program files\google\temp\gum5466.tmp\googleupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
984"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1536 --field-trial-handle=1212,i,14645822048124533660,8934103362195686408,131072 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1388"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ChromeSetup.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ChromeSetup.exeiexplore.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Update Setup
Exit code:
0
Version:
1.3.36.352
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\b6qgx7lp\chromesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
1492"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=1340 --field-trial-handle=1212,i,14645822048124533660,8934103362195686408,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1732"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2116 --field-trial-handle=1212,i,14645822048124533660,8934103362195686408,131072 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1740"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2036 CREDAT:3544335 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
1876"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1212,i,14645822048124533660,8934103362195686408,131072 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1932"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3276 --field-trial-handle=1212,i,14645822048124533660,8934103362195686408,131072 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
45 968
Read events
41 864
Write events
3 993
Delete events
111

Modification events

(PID) Process:(2036) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(2036) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(2036) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(2036) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2036) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2036) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2036) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2036) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2036) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2036) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
213
Suspicious files
130
Text files
99
Unknown types
0

Dropped files

PID
Process
Filename
Type
2088iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
2088iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\DNBG1FNU.txttext
MD5:AC0CE2E97EB07485C80C9378014351E2
SHA256:D9779DBF85982DA2C02844DA921BE13CC0D7F501EBBBD89FB61E3526B46AFAFD
2088iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:CF93404AEBACDF7D1FBEA37633947548
SHA256:88C92BE43E1FA93DE8E36E46067503969AC55AC44E527EF708AAE1AE938F0543
2088iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3F26ED5DE6B4E859CCCA6035ECB8D9CBbinary
MD5:381564D74ECFCC3B0A3D5F1186273393
SHA256:788A83EF4F55586EA2FECA13FF08624D77BBC36A405B7A0B172F06280E461309
2088iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27binary
MD5:BFA0BF9C1D5D01D4664346C17110DD90
SHA256:1FC52E4B9CED0E77AA1AB1E8D414DA3E0917945C6BC881CF9E01A25985192C98
2088iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:7CD142F588C7F6DC099E1638F052D941
SHA256:4D3839B837F0D0EDF2190B02A6510BEEE710AE2CF95DD9717A7599034221EC39
2088iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\VXRBNXU3.txttext
MD5:49D5BC7D52677EF118711CBF0FE6C859
SHA256:70EF13CFBC727177747C13F346AF9F640263CE2DE81EDAF1990B68C176689CD0
2088iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZMJ1NFZA.txttext
MD5:0F071F72ABEDFF8008DFAD4CA7D82BB0
SHA256:636050614CBA6F24E7E1A9F367A97C4B3FC3F5795F74368018B5E95BFA72AC48
2088iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3F26ED5DE6B4E859CCCA6035ECB8D9CBbinary
MD5:831779C0387F8051504B021C0DC660B9
SHA256:40F4CF6ECD2FF7B1467D16A697B1061D8833FC9908870D47C15E58B745EFC081
2088iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:A4F70334F4AE5D31134D96198C5D9F6D
SHA256:920E172EFE035402824A90C23A18344DB7DB60D2C2CB19A074A5888D55B66BAA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
46
TCP/UDP connections
87
DNS requests
48
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2088
iexplore.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
binary
1.42 Kb
unknown
2088
iexplore.exe
GET
200
184.24.77.207:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6243fee378382ed7
unknown
compressed
4.66 Kb
unknown
2088
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD7vSzSbK8Z0QnHSrEZ7mPf
unknown
binary
472 b
unknown
2088
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
binary
724 b
unknown
2088
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD0ceK8uSuS%2FQr%2B%2Byr%2Bm9RV
unknown
binary
472 b
unknown
2088
iexplore.exe
GET
200
172.64.149.23:80
http://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEQCTi7COYph7T3X5jLalBFyW
unknown
binary
2.18 Kb
unknown
2036
iexplore.exe
GET
304
184.24.77.207:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1a6e676fbb64f2cc
unknown
unknown
2088
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGupzMnM%2BqGaCjIQPyd58u0%3D
unknown
binary
471 b
unknown
1740
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCECbzjAowsPTyEMLulIc7EGw%3D
unknown
binary
471 b
unknown
1740
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCECO0Y37WzHRLPzhV9vNju
unknown
binary
472 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2088
iexplore.exe
195.85.23.88:443
bongacams.com
Cloudflare London, LLC
CZ
unknown
2088
iexplore.exe
184.24.77.207:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
2088
iexplore.exe
172.64.149.23:80
ocsp.comodoca.com
CLOUDFLARENET
US
unknown
2088
iexplore.exe
195.85.23.96:443
de.bongacams.com
Cloudflare London, LLC
CZ
unknown
2088
iexplore.exe
142.250.184.200:443
www.googletagmanager.com
GOOGLE
US
unknown
2088
iexplore.exe
195.85.23.30:443
i.bcicdn.com
Cloudflare London, LLC
CZ
unknown
2088
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2088
iexplore.exe
142.250.185.131:80
ocsp.pki.goog
GOOGLE
US
whitelisted
2088
iexplore.exe
216.239.34.36:443
region1.analytics.google.com
GOOGLE
US
unknown

DNS requests

Domain
IP
Reputation
bongacams.com
  • 195.85.23.88
  • 195.85.23.89
unknown
ctldl.windowsupdate.com
  • 184.24.77.207
  • 184.24.77.178
  • 184.24.77.173
  • 184.24.77.199
  • 184.24.77.192
  • 184.24.77.205
  • 184.24.77.189
  • 184.24.77.209
  • 184.24.77.211
whitelisted
ocsp.comodoca.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
ocsp.usertrust.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
de.bongacams.com
  • 195.85.23.96
unknown
i.bcicdn.com
  • 195.85.23.30
  • 195.85.23.226
unknown
www.googletagmanager.com
  • 142.250.184.200
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
ocsp.pki.goog
  • 142.250.185.131
whitelisted
region1.analytics.google.com
  • 216.239.34.36
  • 216.239.32.36
whitelisted

Threats

PID
Process
Class
Message
856
svchost.exe
Misc activity
ET INFO Packed Executable Download
856
svchost.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
856
svchost.exe
Misc activity
ET INFO EXE - Served Attached HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://bongacams.com/