File name:

google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe

Full analysis: https://app.any.run/tasks/4c983081-af2d-44ca-9b73-12f65f9d2831
Verdict: Malicious activity
Analysis date: April 17, 2024, 07:11:33
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

0AA71949E68D58DBB0342D55525ECEDE

SHA1:

E3CDEBF06C62FF9BF2A704A311F1032B167144A9

SHA256:

874AF282D7B54F4FDE8E00A4DC9CF396D066330C2AA6D87CD40C7DBE6A66E2EE

SSDEEP:

49152:AByZXFjEdkGlLbg3QfDE3TdJX+LFoSFchPrnmW01ZcRMaxAf7yRE6bzMEq6UnQFt:ABaXFjDH3QfY3LX+ePr70aMYEmRE68qv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe (PID: 1288)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe (PID: 1288)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe (PID: 1288)

    • The process creates files with name similar to system file names

      • google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe (PID: 1288)

    • Process requests binary or script from the Internet

      • google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe (PID: 1288)

    • Reads security settings of Internet Explorer

      • google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe (PID: 1288)

    • Reads the Internet Settings

      • google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe (PID: 1288)

  • INFO

    • Checks supported languages

      • google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe (PID: 1288)

    • Reads the computer name

      • google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe (PID: 1288)

    • Checks proxy server information

      • google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe (PID: 1288)

    • Create files in a temporary directory

      • google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe (PID: 1288)

    • Reads the machine GUID from the registry

      • google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe (PID: 1288)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:02:24 19:19:59+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 10
CodeSize: 28672
InitializedDataSize: 445952
UninitializedDataSize: 16896
EntryPoint: 0x39e3
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 43.0.2357.134
ProductVersionNumber: 43.0.2357.134
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: For additional details, visit PortableApps.com
CompanyName: PortableApps.com
FileDescription: Google Chrome Portable
FileVersion: 43.0.2357.134
InternalName: Google Chrome Portable
LegalCopyright: 2007-2015 PortableApps.com, PortableApps.com Installer 3.0.19.0
LegalTrademarks: PortableApps.com is a registered trademark of Rare Ideas, LLC.
OriginalFileName: GoogleChromePortable_43.0.2357.134_online.paf.exe
PortableAppscomAppID: GoogleChromePortable
PortableAppscomDownloadFileName: 43.0.2357.134_chrome_installer.exe
PortableAppscomDownloadKnockURL: ${DownloadKnockURL}
PortableAppscomDownloadMD5: 86731dc801edb96d804b1ba2bebd36d5
PortableAppscomDownloadName: Google Chrome (Stable)
PortableAppscomDownloadURL: http://cache.pack.google.com/edgedl/chrome/win/4ED6DD719811795B/43.0.2357.134_chrome_installer.exe
PortableAppscomFormatVersion: 3.0.19
PortableAppscomInstallerVersion: 3.0.19.0
ProductName: Google Chrome Portable
ProductVersion: 43.0.2357.134
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe

Process information

PID
CMD
Path
Indicators
Parent process
1288"C:\Users\admin\AppData\Local\Temp\google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe" C:\Users\admin\AppData\Local\Temp\google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
explorer.exe
User:
admin
Company:
PortableApps.com
Integrity Level:
MEDIUM
Description:
Google Chrome Portable
Exit code:
2
Version:
43.0.2357.134
Modules
Images
c:\users\admin\appdata\local\temp\google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
3 938
Read events
3 894
Write events
35
Delete events
9

Modification events

(PID) Process:(1288) google-chrome-portable-43-0-2357-134-multi-win_online.paf.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1288) google-chrome-portable-43-0-2357-134-multi-win_online.paf.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-2
Value:
Access the computers and devices that are on your network.
(PID) Process:(1288) google-chrome-portable-43-0-2357-134-multi-win_online.paf.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:Browse For Folder Width
Value:
318
(PID) Process:(1288) google-chrome-portable-43-0-2357-134-multi-win_online.paf.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:Browse For Folder Height
Value:
288
(PID) Process:(1288) google-chrome-portable-43-0-2357-134-multi-win_online.paf.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(1288) google-chrome-portable-43-0-2357-134-multi-win_online.paf.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(1288) google-chrome-portable-43-0-2357-134-multi-win_online.paf.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(1288) google-chrome-portable-43-0-2357-134-multi-win_online.paf.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(1288) google-chrome-portable-43-0-2357-134-multi-win_online.paf.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(1288) google-chrome-portable-43-0-2357-134-multi-win_online.paf.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
6
Suspicious files
0
Text files
2
Unknown types
1

Dropped files

PID
Process
Filename
Type
1288google-chrome-portable-43-0-2357-134-multi-win_online.paf.exeC:\Users\admin\AppData\Local\Temp\nsbEE37.tmp\modern-wizard.bmpimage
MD5:55204D08CFF24975E88885403F13FD59
SHA256:0A9A711B205DC87B6B0FE491253BC1DDB4A46A02F26AB622C209B1311125DD20
1288google-chrome-portable-43-0-2357-134-multi-win_online.paf.exeC:\Users\admin\AppData\Local\Temp\nsbEE37.tmp\LangDLL.dllexecutable
MD5:A1CD3F159EF78D9ACE162F067B544FD9
SHA256:47B9E251C9C90F43E3524965AECC07BD53C8E09C5B9F9862B44C306667E2B0B6
1288google-chrome-portable-43-0-2357-134-multi-win_online.paf.exeC:\Users\admin\AppData\Local\Temp\nsbEE37.tmp\inetc.dllexecutable
MD5:5DA9DF435FF20853A2C45026E7681CEF
SHA256:9C52C74B8E115DB0BDE90F56382EBCC12AFF05EB2232F80A4701E957E09635E2
1288google-chrome-portable-43-0-2357-134-multi-win_online.paf.exeC:\Users\admin\AppData\Local\Temp\nsbEE37.tmp\System.dllexecutable
MD5:BF712F32249029466FA86756F5546950
SHA256:7851CB12FA4131F1FEE5DE390D650EF65CAC561279F1CFE70AD16CC9780210AF
1288google-chrome-portable-43-0-2357-134-multi-win_online.paf.exeC:\Users\admin\AppData\Local\Temp\nsbEE37.tmp\modern-header.bmpimage
MD5:6036D1B4E0827FFF4B3CEFD42C3DADE8
SHA256:E7790421D0A8FC7CB649FADEDA21A4986313DFC639DB294704D326A49C38B2A2
1288google-chrome-portable-43-0-2357-134-multi-win_online.paf.exeC:\Users\admin\AppData\Local\Temp\nsbEE37.tmp\w7tbp.dllexecutable
MD5:9A3031CC4CEF0DBA236A28EECDF0AFB5
SHA256:53BB519E3293164947AC7CBD7E612F637D77A7B863E3534BA1A7E39B350D3C00
1288google-chrome-portable-43-0-2357-134-multi-win_online.paf.exeC:\Users\admin\AppData\Local\Temp\nsbEE37.tmp\FindProcDLL.dllexecutable
MD5:6F73B00AEF6C49EAC62128EF3ECA677E
SHA256:6EB09CE25C7FC62E44DC2F71761C6D60DD4B2D0C7D15E9651980525103AAC0A9
1288google-chrome-portable-43-0-2357-134-multi-win_online.paf.exeC:\Users\admin\AppData\Local\Temp\nsbEE37.tmp\nsDialogs.dllexecutable
MD5:4CCC4A742D4423F2F0ED744FD9C81F63
SHA256:416133DD86C0DFF6B0FCAF1F46DFE97FDC85B37F90EFFB2D369164A8F7E13AE6
1288google-chrome-portable-43-0-2357-134-multi-win_online.paf.exeC:\Users\admin\AppData\Local\Temp\nsgEE07.tmpbinary
MD5:E530ED9ECDB1FB34C3078AF6CFD1B45B
SHA256:2E0B252D54CF5E7669DC733A203AB0C28C6AA0C7C0DB900E78D6D32A2EDAF6A0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
9
DNS requests
3
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1288
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
GET
302
172.217.18.14:80
http://cache.pack.google.com/edgedl/chrome/win/4ED6DD719811795B/43.0.2357.134_chrome_installer.exe
unknown
unknown
1288
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
GET
302
74.125.8.102:80
http://r1---sn-5hne6nzs.c.pack.google.com/edgedl/chrome/win/4ED6DD719811795B/43.0.2357.134_chrome_installer.exe?cms_redirect=yes&mh=S4&mip=216.24.216.69&mm=28&mn=sn-5hne6nzs&ms=nvh&mt=1713337211&mv=m&mvi=1&pl=24&rmhost=r2---sn-5hne6nzs.c.pack.google.com&shardbypass=sd&smhost=r5---sn-5hne6nz6.c.pack.google.com
unknown
unknown
1288
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
GET
302
74.125.8.102:80
http://r1---sn-5hne6nzs.c.pack.google.com/edgedl/chrome/win/4ED6DD719811795B/43.0.2357.134_chrome_installer.exe?mh=S4&pl=24&shardbypass=sd&redirect_counter=1&cm2rm=sn-5hness7e&fexp=24350254&req_id=ff5e4ef43dd0af55&cms_redirect=yes&cmsv=e&mip=216.24.216.69&mm=34&mn=sn-5hne6nzs&ms=ltu&mt=1713337703&mv=m&mvi=1&rmhost=r2---sn-5hne6nzs.c.pack.google.com&smhost=r5---sn-5hne6nz6.c.pack.google.com
unknown
unknown
1288
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
GET
302
74.125.8.102:80
http://r1---sn-5hne6nzs.c.pack.google.com/edgedl/chrome/win/4ED6DD719811795B/43.0.2357.134_chrome_installer.exe?mh=S4&pl=24&shardbypass=sd&redirect_counter=1&cm2rm=sn-5hness7e&fexp=24350254&req_id=a4a3616e0df127ff&cms_redirect=yes&cmsv=e&mip=216.24.216.69&mm=34&mn=sn-5hne6nzs&ms=ltu&mt=1713337703&mv=m&mvi=1&rmhost=r2---sn-5hne6nzs.c.pack.google.com&smhost=r5---sn-5hne6nz6.c.pack.google.com
unknown
unknown
1288
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
GET
302
172.217.18.14:80
http://cache.pack.google.com/edgedl/chrome/win/4ED6DD719811795B/43.0.2357.134_chrome_installer.exe
unknown
unknown
1288
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
GET
404
216.58.206.78:80
http://dl.google.com/edgedl/chrome/win/4ED6DD719811795B/43.0.2357.134_chrome_installer.exe?mh=S4&pl=24&shardbypass=sd&cm2rm=sn-5hness7e&fexp=24350254&req_id=a4a3616e0df127ff&cms_redirect=yes&cmsv=e&mip=216.24.216.69&mm=34&mn=sn-5hne6nzs&ms=ltu&mt=1713337703&mv=m&mvi=1&rmhost=r2---sn-5hne6nzs.c.pack.google.com&smhost=r5---sn-5hne6nz6.c.pack.google.com&rm=sn-5hness7e
unknown
unknown
1288
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
GET
302
74.125.8.102:80
http://r1---sn-5hne6nzs.c.pack.google.com/edgedl/chrome/win/4ED6DD719811795B/43.0.2357.134_chrome_installer.exe?cms_redirect=yes&mh=S4&mip=216.24.216.69&mm=28&mn=sn-5hne6nzs&ms=nvh&mt=1713337211&mv=m&mvi=1&pl=24&rmhost=r2---sn-5hne6nzs.c.pack.google.com&shardbypass=sd&smhost=r5---sn-5hne6nz6.c.pack.google.com
unknown
unknown
1288
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
GET
404
216.58.206.78:80
http://dl.google.com/edgedl/chrome/win/4ED6DD719811795B/43.0.2357.134_chrome_installer.exe?mh=S4&pl=24&shardbypass=sd&cm2rm=sn-5hness7e&fexp=24350254&req_id=ff5e4ef43dd0af55&cms_redirect=yes&cmsv=e&mip=216.24.216.69&mm=34&mn=sn-5hne6nzs&ms=ltu&mt=1713337703&mv=m&mvi=1&rmhost=r2---sn-5hne6nzs.c.pack.google.com&smhost=r5---sn-5hne6nz6.c.pack.google.com&rm=sn-5hness7e
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1288
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
172.217.18.14:80
cache.pack.google.com
GOOGLE
US
whitelisted
1288
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
74.125.8.102:80
r1---sn-5hne6nzs.c.pack.google.com
GOOGLE
US
whitelisted
1288
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
216.58.206.78:80
dl.google.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
cache.pack.google.com
  • 172.217.18.14
whitelisted
r1---sn-5hne6nzs.c.pack.google.com
  • 74.125.8.102
whitelisted
dl.google.com
  • 216.58.206.78
whitelisted

Threats

PID
Process
Class
Message
1288
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
1288
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
1288
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
1288
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
1288
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
1288
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
1288
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
1288
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
google-chrome-portable-43-0-2357-134-multi-win_online.paf.exe