File name:

naps2-7.4.2-win.exe

Full analysis: https://app.any.run/tasks/6c8474dc-68e3-4d5d-89a9-dab6d4a79119
Verdict: Malicious activity
Analysis date: June 25, 2024, 16:18:21
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

B072C208B8C2B624BBCEAE96A8517C19

SHA1:

2373CD8B966FECE9C975AA8B32B7DA416F976B59

SHA256:

7FBB9692084E18E7CB42D5BFA6ABD3565C103CC1EDEB0BAA7A1C63D115C5F41D

SSDEEP:

98304:J+cD4dnXUWMX//8qdI7dajsbK7KMfQF2FE/E2LXYa4emwWVZ6jofvv65kixWeLpW:fOciVyJPNsgoONMyMyJwg

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • naps2-7.4.2-win.exe (PID: 3416)
      • naps2-7.4.2-win.exe (PID: 2108)
      • naps2-7.4.2-win.tmp (PID: 2300)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • naps2-7.4.2-win.exe (PID: 3416)
      • naps2-7.4.2-win.exe (PID: 2108)
      • naps2-7.4.2-win.tmp (PID: 2300)

    • Reads the Windows owner or organization settings

      • naps2-7.4.2-win.tmp (PID: 2300)

    • Process drops legitimate windows executable

      • naps2-7.4.2-win.tmp (PID: 2300)

    • Application launched itself

      • NAPS2.exe (PID: 1952)

  • INFO

    • Checks supported languages

      • naps2-7.4.2-win.exe (PID: 3416)
      • naps2-7.4.2-win.tmp (PID: 3532)
      • naps2-7.4.2-win.exe (PID: 2108)
      • naps2-7.4.2-win.tmp (PID: 2300)
      • NAPS2.exe (PID: 1952)
      • NAPS2.Worker.exe (PID: 3672)
      • NAPS2.exe (PID: 3572)
      • NAPS2.exe (PID: 524)

    • Create files in a temporary directory

      • naps2-7.4.2-win.exe (PID: 3416)
      • naps2-7.4.2-win.exe (PID: 2108)

    • Reads the computer name

      • naps2-7.4.2-win.tmp (PID: 3532)
      • naps2-7.4.2-win.tmp (PID: 2300)
      • NAPS2.exe (PID: 1952)
      • NAPS2.exe (PID: 3572)
      • NAPS2.Worker.exe (PID: 3672)
      • NAPS2.exe (PID: 524)

    • Creates files in the program directory

      • naps2-7.4.2-win.tmp (PID: 2300)
      • NAPS2.exe (PID: 1952)

    • Creates a software uninstall entry

      • naps2-7.4.2-win.tmp (PID: 2300)

    • Reads the machine GUID from the registry

      • NAPS2.exe (PID: 3572)
      • NAPS2.exe (PID: 524)
      • NAPS2.exe (PID: 1952)
      • NAPS2.Worker.exe (PID: 3672)

    • Drops the executable file immediately after the start

      • chrome.exe (PID: 4036)

    • Creates files or folders in the user directory

      • NAPS2.exe (PID: 1952)

    • Manual execution by a user

      • chrome.exe (PID: 568)

    • Application launched itself

      • chrome.exe (PID: 568)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:04:14 16:10:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 89600
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 7.4.2.0
ProductVersionNumber: 7.4.2.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: NAPS2 Software
FileDescription: NAPS2 installer
FileVersion: 7.4.2
LegalCopyright: (c) 2009-2024
OriginalFileName:
ProductName: NAPS2
ProductVersion: 7.4.2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
65
Monitored processes
25
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start naps2-7.4.2-win.exe naps2-7.4.2-win.tmp no specs naps2-7.4.2-win.exe naps2-7.4.2-win.tmp naps2.exe no specs naps2.worker.exe no specs naps2.exe no specs naps2.exe no specs chrome.exe chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
524"C:\Program Files\NAPS2\NAPS2.exe" worker 1952C:\Program Files\NAPS2\NAPS2.exeNAPS2.exe
User:
admin
Company:
NAPS2
Integrity Level:
MEDIUM
Description:
NAPS2
Exit code:
0
Version:
7.4.2.0
Modules
Images
c:\program files\naps2\naps2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
568"C:\Program Files\Google\Chrome\Application\chrome.exe" "--disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1168"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2160 --field-trial-handle=1144,i,404450266795888583,6848194652380683736,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1488"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1316 --field-trial-handle=1144,i,404450266795888583,6848194652380683736,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1832"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2108 --field-trial-handle=1144,i,404450266795888583,6848194652380683736,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1944"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3884 --field-trial-handle=1144,i,404450266795888583,6848194652380683736,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1952"C:\Program Files\NAPS2\NAPS2.exe"C:\Program Files\NAPS2\NAPS2.exenaps2-7.4.2-win.tmp
User:
admin
Company:
NAPS2
Integrity Level:
MEDIUM
Description:
NAPS2
Exit code:
0
Version:
7.4.2.0
Modules
Images
c:\program files\naps2\naps2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2108"C:\Users\admin\Downloads\naps2-7.4.2-win.exe" /SPAWNWND=$F0168 /NOTIFYWND=$6015A C:\Users\admin\Downloads\naps2-7.4.2-win.exe
naps2-7.4.2-win.tmp
User:
admin
Company:
NAPS2 Software
Integrity Level:
HIGH
Description:
NAPS2 installer
Exit code:
0
Version:
7.4.2
Modules
Images
c:\users\admin\downloads\naps2-7.4.2-win.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2136"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=3920 --field-trial-handle=1144,i,404450266795888583,6848194652380683736,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2300"C:\Users\admin\AppData\Local\Temp\is-34F3V.tmp\naps2-7.4.2-win.tmp" /SL5="$6010A,11234021,832512,C:\Users\admin\Downloads\naps2-7.4.2-win.exe" /SPAWNWND=$F0168 /NOTIFYWND=$6015A C:\Users\admin\AppData\Local\Temp\is-34F3V.tmp\naps2-7.4.2-win.tmp
naps2-7.4.2-win.exe
User:
admin
Company:
NAPS2 Software
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-34f3v.tmp\naps2-7.4.2-win.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
8 591
Read events
8 478
Write events
105
Delete events
8

Modification events

(PID) Process:(2300) naps2-7.4.2-win.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
FC08000004717B501BC7DA01
(PID) Process:(2300) naps2-7.4.2-win.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
130FF96C6FF6F72F1228CF1CF205991D060EB29260E85D6925767ADE761E65ED
(PID) Process:(2300) naps2-7.4.2-win.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(2300) naps2-7.4.2-win.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files\NAPS2\lib\Google.Protobuf.dll
(PID) Process:(2300) naps2-7.4.2-win.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
DFE046BF466ACD819F6D756F546DE4DA680934852E136E8213175123B7EB5DD0
(PID) Process:(2300) naps2-7.4.2-win.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\WIA_{1c3a7177-f3a7-439e-be47-e304a185f932}
Operation:writeName:Action
Value:
Scan with NAPS2
(PID) Process:(2300) naps2-7.4.2-win.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\WIA_{1c3a7177-f3a7-439e-be47-e304a185f932}
Operation:writeName:CLSID
Value:
WIACLSID
(PID) Process:(2300) naps2-7.4.2-win.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\WIA_{1c3a7177-f3a7-439e-be47-e304a185f932}
Operation:writeName:DefaultIcon
Value:
sti.dll,0
(PID) Process:(2300) naps2-7.4.2-win.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\WIA_{1c3a7177-f3a7-439e-be47-e304a185f932}
Operation:writeName:InitCmdLine
Value:
/WiaCmd;C:\Program Files\NAPS2\NAPS2.exe /StiDevice:%1 /StiEvent:%2;
(PID) Process:(2300) naps2-7.4.2-win.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\WIA_{1c3a7177-f3a7-439e-be47-e304a185f932}
Operation:writeName:Provider
Value:
NAPS2
Executable files
522
Suspicious files
106
Text files
49
Unknown types
8

Dropped files

PID
Process
Filename
Type
3416naps2-7.4.2-win.exeC:\Users\admin\AppData\Local\Temp\is-A949V.tmp\naps2-7.4.2-win.tmpexecutable
MD5:83FAC7064E6B71A7B278AA240F397813
SHA256:FC92D72BC4C365DCEF6BC064553674251DFAEFBABD082ED64D5AE259617754A5
2300naps2-7.4.2-win.tmpC:\Program Files\NAPS2\lib\is-JG6AT.tmpexecutable
MD5:D4FC377DF96077F4B38C4DF41535C610
SHA256:44B0B144E10AB00469BC4C9B29F14E903430746B0B5DBA3E5F896F4EACD90277
2300naps2-7.4.2-win.tmpC:\Program Files\NAPS2\lib\Google.Protobuf.dllexecutable
MD5:D4FC377DF96077F4B38C4DF41535C610
SHA256:44B0B144E10AB00469BC4C9B29F14E903430746B0B5DBA3E5F896F4EACD90277
2300naps2-7.4.2-win.tmpC:\Program Files\NAPS2\unins000.exeexecutable
MD5:DE7243D7EE8CD4E500288876125DCC92
SHA256:DB4A4235BFDD06632AB4F90C1AAA9012AFBEE9B5FD5176273F5D66F5E1C720FC
2300naps2-7.4.2-win.tmpC:\Program Files\NAPS2\lib\is-GK70H.tmpexecutable
MD5:9E9E0A210297968AAF2E00D13958C0B4
SHA256:CB9C05B5A1E1DB26FF43490EE26F2E02ABAE3F321D2DD5DDD43A68DA48EAB83D
2300naps2-7.4.2-win.tmpC:\Program Files\NAPS2\lib\is-85I89.tmpexecutable
MD5:541EA1C3E38526648909B2792611363F
SHA256:0D8A23ED2E943DD5F034BEE91482B38CFA232A38CADC883C337313D7AD3E9ECA
2300naps2-7.4.2-win.tmpC:\Program Files\NAPS2\lib\is-BCKA9.tmpexecutable
MD5:462683DE4129F0A4B42E4242BBCAAC36
SHA256:05C2126EA2A4C1BB817BF9E4E82E441D09241F2813B9EDA3E52B45AF7C37BEA4
2300naps2-7.4.2-win.tmpC:\Program Files\NAPS2\is-I0A9G.tmpexecutable
MD5:DE7243D7EE8CD4E500288876125DCC92
SHA256:DB4A4235BFDD06632AB4F90C1AAA9012AFBEE9B5FD5176273F5D66F5E1C720FC
2300naps2-7.4.2-win.tmpC:\Program Files\NAPS2\lib\is-TPFG7.tmpexecutable
MD5:632DBEB1E3EEC567E7244759CD1161FD
SHA256:11564C3C648F3D4FBDCE989B50AA4CB4C58D953B7CEC5A0FE8C484E7CF5146F3
2300naps2-7.4.2-win.tmpC:\Program Files\NAPS2\lib\is-A64UD.tmpexecutable
MD5:116DB1D4390A08B0C7D29207D3571246
SHA256:7E7351D338A89616EA33C6561276D459B96CAD6019732716B76187CA35326BCA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
26
DNS requests
28
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
304
23.50.131.216:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
unknown
1372
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
1372
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
1060
svchost.exe
GET
304
23.50.131.202:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a9f83325acc8ca75
unknown
unknown
844
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYTBmQUFZUHRkSkgtb01uSGNvRHZ2Tm5HQQ/1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
unknown
unknown
844
svchost.exe
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYTBmQUFZUHRkSkgtb01uSGNvRHZ2Tm5HQQ/1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
unknown
unknown
844
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/lvx4ng4qhhp4kpddwmwjgzrumu_2024.6.5.140657/eeigpngbgcognadeebkilcpcaedhellh_2024.06.05.140657_all_ccj7nw5iotmqmvpbhiiji4wfca.crx3
unknown
unknown
844
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/lvx4ng4qhhp4kpddwmwjgzrumu_2024.6.5.140657/eeigpngbgcognadeebkilcpcaedhellh_2024.06.05.140657_all_ccj7nw5iotmqmvpbhiiji4wfca.crx3
unknown
unknown
844
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/lvx4ng4qhhp4kpddwmwjgzrumu_2024.6.5.140657/eeigpngbgcognadeebkilcpcaedhellh_2024.06.05.140657_all_ccj7nw5iotmqmvpbhiiji4wfca.crx3
unknown
unknown
844
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/lvx4ng4qhhp4kpddwmwjgzrumu_2024.6.5.140657/eeigpngbgcognadeebkilcpcaedhellh_2024.06.05.140657_all_ccj7nw5iotmqmvpbhiiji4wfca.crx3
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
1372
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
1060
svchost.exe
224.0.0.252:5355
unknown
1372
svchost.exe
23.50.131.216:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1060
svchost.exe
23.50.131.202:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
2620
chrome.exe
142.250.181.227:443
clientservices.googleapis.com
GOOGLE
US
whitelisted
568
chrome.exe
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
ctldl.windowsupdate.com
  • 23.50.131.216
  • 23.50.131.202
  • 23.50.131.221
  • 23.50.131.208
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
clientservices.googleapis.com
  • 142.250.181.227
whitelisted
accounts.google.com
  • 142.251.31.84
shared
www.google.com
  • 142.250.186.36
whitelisted
update.googleapis.com
  • 216.58.206.67
whitelisted
encrypted-tbn0.gstatic.com
  • 172.217.18.14
whitelisted
www.gstatic.com
  • 142.250.185.99
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
naps2-7.4.2-win.exe