File name:

22880867128.zip

Full analysis: https://app.any.run/tasks/6007f071-3595-4b40-a9ca-91485d7a28cc
Verdict: Malicious activity
Analysis date: July 08, 2025, 23:17:53
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
qrcode
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

724C29FAE5338E887EBE666632A210EC

SHA1:

A1475BB69D9DA61DF6E607DA2E5B1D339CD235A0

SHA256:

8E44E63FBC23FCC12B9058163CF7BC221A450FD7975261D350EC0EDD669F7900

SSDEEP:

98304:1N6+fQj8D6KSZUdslQ6jtK1liRNi5DRVy/b/lHNmLkqZGuFcL9MtkBq3K4PbKGb1:d6lwC/CJwMu2I9U

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 5708)

    • Changes the autorun value in the registry

      • setup.exe (PID: 2120)

  • SUSPICIOUS

    • Writes data into a file (POWERSHELL)

      • powershell.exe (PID: 5708)

    • Uses base64 encoding (POWERSHELL)

      • powershell.exe (PID: 5708)

    • Executing commands from ".cmd" file

      • powershell.exe (PID: 5708)

    • Reads security settings of Internet Explorer

      • chrome.exe (PID: 4132)
      • updater.exe (PID: 5240)

    • The executable file from the user directory is run by the CMD process

      • chrome.exe (PID: 4132)

    • Executable content was dropped or overwritten

      • powershell.exe (PID: 5708)
      • updater.exe (PID: 5240)
      • 138.0.7204.97_chrome_installer_uncompressed.exe (PID: 7132)
      • updater.exe (PID: 1036)
      • setup.exe (PID: 2120)
      • updater.exe (PID: 6488)
      • updater.exe (PID: 6172)

    • Starts CMD.EXE for commands execution

      • powershell.exe (PID: 5708)

    • Application launched itself

      • chrome.exe (PID: 4132)
      • updater.exe (PID: 1036)
      • updater.exe (PID: 5240)
      • updater.exe (PID: 5168)
      • setup.exe (PID: 2120)
      • setup.exe (PID: 4664)
      • updater.exe (PID: 6172)
      • updater.exe (PID: 6488)

    • Executes as Windows Service

      • updater.exe (PID: 1036)
      • updater.exe (PID: 5168)
      • updater.exe (PID: 6172)

    • Searches for installed software

      • setup.exe (PID: 2120)

    • Creates a software uninstall entry

      • setup.exe (PID: 2120)

  • INFO

    • Manual execution by a user

      • powershell.exe (PID: 5708)
      • chrome.exe (PID: 5708)

    • Converts byte array into ASCII string (POWERSHELL)

      • powershell.exe (PID: 5708)

    • The sample compiled with english language support

      • powershell.exe (PID: 5708)
      • updater.exe (PID: 5240)
      • updater.exe (PID: 1036)
      • 138.0.7204.97_chrome_installer_uncompressed.exe (PID: 7132)
      • setup.exe (PID: 2120)
      • updater.exe (PID: 6172)
      • updater.exe (PID: 6488)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 5708)

    • Reads the computer name

      • chrome.exe (PID: 4132)
      • chrome.exe (PID: 6936)
      • updater.exe (PID: 5240)
      • updater.exe (PID: 1036)
      • 138.0.7204.97_chrome_installer_uncompressed.exe (PID: 7132)
      • updater.exe (PID: 5168)
      • setup.exe (PID: 4664)
      • setup.exe (PID: 2120)
      • elevation_service.exe (PID: 1388)
      • updater.exe (PID: 6172)
      • updater.exe (PID: 6488)

    • Checks supported languages

      • chrome.exe (PID: 4132)
      • chrome.exe (PID: 6936)
      • updater.exe (PID: 5240)
      • updater.exe (PID: 320)
      • updater.exe (PID: 1036)
      • updater.exe (PID: 3836)
      • updater.exe (PID: 6176)
      • 138.0.7204.97_chrome_installer_uncompressed.exe (PID: 7132)
      • updater.exe (PID: 5168)
      • setup.exe (PID: 4664)
      • setup.exe (PID: 3584)
      • setup.exe (PID: 892)
      • setup.exe (PID: 2120)
      • updater.exe (PID: 4132)
      • updater.exe (PID: 6172)
      • elevation_service.exe (PID: 1388)
      • updater.exe (PID: 3396)
      • updater.exe (PID: 6488)
      • UpdaterSetup.exe (PID: 5416)

    • Process checks computer location settings

      • chrome.exe (PID: 4132)

    • Create files in a temporary directory

      • chrome.exe (PID: 6936)
      • updater.exe (PID: 5240)

    • Creates files in the program directory

      • updater.exe (PID: 320)
      • updater.exe (PID: 5240)
      • updater.exe (PID: 1036)
      • updater.exe (PID: 5168)
      • setup.exe (PID: 2120)
      • setup.exe (PID: 4664)
      • updater.exe (PID: 6172)
      • updater.exe (PID: 3396)
      • updater.exe (PID: 6488)

    • Process checks whether UAC notifications are on

      • updater.exe (PID: 5240)
      • updater.exe (PID: 1036)
      • updater.exe (PID: 5168)
      • updater.exe (PID: 6172)
      • updater.exe (PID: 6488)

    • Checks proxy server information

      • updater.exe (PID: 5240)
      • slui.exe (PID: 5980)

    • Reads the software policy settings

      • updater.exe (PID: 5240)
      • updater.exe (PID: 5168)
      • slui.exe (PID: 5980)
      • updater.exe (PID: 6172)

    • Creates files or folders in the user directory

      • updater.exe (PID: 5240)

    • Reads the machine GUID from the registry

      • updater.exe (PID: 5240)

    • Launching a file from a Registry key

      • setup.exe (PID: 2120)

    • Connects to unusual port

      • chrome.exe (PID: 6140)

    • Application launched itself

      • chrome.exe (PID: 5708)

    • Executes as Windows Service

      • elevation_service.exe (PID: 1388)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0009
ZipCompression: Deflated
ZipModifyDate: 1980:00:00 00:00:00
ZipCRC: 0x1e9476e6
ZipCompressedSize: 9547683
ZipUncompressedSize: 20147990
ZipFileName: 6ddd5e13bbe796098dc01458a1df8fcc22e6d6e3908cf6951dc3f68b4ab14cec
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
202
Monitored processes
63
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe no specs powershell.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs slui.exe chrome.exe no specs chrome.exe updater.exe updater.exe no specs updater.exe no specs updater.exe no specs updater.exe updater.exe no specs 138.0.7204.97_chrome_installer_uncompressed.exe no specs setup.exe no specs setup.exe no specs setup.exe no specs setup.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe elevation_service.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs updater.exe updater.exe no specs updatersetup.exe no specs updater.exe no specs updater.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
320C:\Users\admin\AppData\Local\Temp\Google6936_1753163432\bin\updater.exe --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7194.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x2a8,0x2ac,0x2b0,0xe8,0x2b4,0xf429c0,0xf429cc,0xf429d8C:\Users\admin\AppData\Local\Temp\Google6936_1753163432\bin\updater.exeupdater.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Updater (x86)
Exit code:
0
Version:
138.0.7194.0
Modules
Images
c:\users\admin\appdata\local\temp\google6936_1753163432\bin\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
684"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --force-high-res-timeticks=disabled --field-trial-handle=1864,i,18189946056374023687,5195566575631177136,262144 --variations-seed-version --mojo-platform-channel-handle=6772 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
138.0.7204.97
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
768"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\22880867128.zipC:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
788"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --force-high-res-timeticks=disabled --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=1864,i,18189946056374023687,5195566575631177136,262144 --variations-seed-version --mojo-platform-channel-handle=3228 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
138.0.7204.97
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\138.0.7204.97\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
856"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --force-high-res-timeticks=disabled --field-trial-handle=1864,i,18189946056374023687,5195566575631177136,262144 --variations-seed-version --mojo-platform-channel-handle=6584 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
138.0.7204.97
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\138.0.7204.97\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
892C:\WINDOWS\SystemTemp\chrome_Unpacker_BeginUnzipping5168_982556146\CR_03B05.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\WINDOWS\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=138.0.7204.97 --initial-client-data=0x29c,0x2a0,0x2a4,0x278,0x2a8,0x7ff708a645a0,0x7ff708a645ac,0x7ff708a645b8C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5168_982556146\CR_03B05.tmp\setup.exesetup.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Chrome Installer
Exit code:
0
Version:
138.0.7204.97
Modules
Images
c:\windows\systemtemp\chrome_unpacker_beginunzipping5168_982556146\cr_03b05.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\acgenral.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1036"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe" --system --windows-service --service=update-internalC:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exeservices.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Updater (x86)
Exit code:
0
Version:
138.0.7194.0
Modules
Images
c:\program files (x86)\google\googleupdater\138.0.7194.0\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
1324"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --force-high-res-timeticks=disabled --field-trial-handle=1864,i,18189946056374023687,5195566575631177136,262144 --variations-seed-version --mojo-platform-channel-handle=7036 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
138.0.7204.97
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1388"C:\Program Files\Google\Chrome\Application\138.0.7204.97\elevation_service.exe"C:\Program Files\Google\Chrome\Application\138.0.7204.97\elevation_service.exeservices.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Chrome
Exit code:
0
Version:
138.0.7204.97
Modules
Images
c:\program files\google\chrome\application\138.0.7204.97\elevation_service.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
1532"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --force-high-res-timeticks=disabled --field-trial-handle=1864,i,18189946056374023687,5195566575631177136,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
138.0.7204.97
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\138.0.7204.97\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
23 993
Read events
23 800
Write events
180
Delete events
13

Modification events

(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\22880867128.zip
(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3D0000002D000000FD03000016020000
Executable files
11
Suspicious files
165
Text files
76
Unknown types
15

Dropped files

PID
Process
Filename
Type
768WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb768.2028\6ddd5e13bbe796098dc01458a1df8fcc22e6d6e3908cf6951dc3f68b4ab14cec
MD5:
SHA256:
6936chrome.exeC:\Users\admin\AppData\Local\Temp\Google6936_4268481\UPDATER.PACKED.7Z
MD5:
SHA256:
5708powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_dwmzgd5o.gtz.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
5708powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF17e937.TMPbinary
MD5:00A03B286E6E0EBFF8D9C492365D5EC2
SHA256:4DBFC417D053BA6867308671F1C61F4DCAFC61F058D4044DB532DA6D3BDE3615
5708powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7EUHIKF2DIU91UMV7QBF.tempbinary
MD5:6902964D43CCCB702152FE175AC08FBD
SHA256:E6BB6D499275EC26C67AC895449F3C2858F61171E65B0D8945EC536A9BF9160F
5708powershell.exeC:\Users\admin\AppData\Local\Temp\tmp55A.cmdtext
MD5:30D9AA7B36B406647A4C48B28E946FE6
SHA256:1E48A7D1C9D06913209FE958433C3ED4E9DF4769EAF3496DA718CA7053F0A141
5708powershell.exeC:\Users\admin\Documents\J1Csum3Dcj\chrome.exeexecutable
MD5:3DD19908797988BA9620FB0F3CB9EB3E
SHA256:E016826480795338935497C71135050A2E6787C69C6A3575AB6DD47152566860
5708powershell.exeC:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractivebinary
MD5:BDDC11C023D6CD69A04503F85A2743A5
SHA256:9E056C13F598D879C38E352AC29A1186789E7124876B299D1CF69C15FC4894C3
5708powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msbinary
MD5:6902964D43CCCB702152FE175AC08FBD
SHA256:E6BB6D499275EC26C67AC895449F3C2858F61171E65B0D8945EC536A9BF9160F
5708powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_2klad0q0.eye.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
18
TCP/UDP connections
84
DNS requests
79
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.216.77.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6672
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1268
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4088
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
1180
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5240
updater.exe
GET
200
216.58.212.163:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
1180
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5240
updater.exe
GET
200
216.58.212.163:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
5240
updater.exe
GET
200
142.250.185.195:80
http://o.pki.goog/we2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTuMJxAT2trYla0jia%2F5EUSmLrk3QQUdb7Ed66J9kQ3fc%2BxaB8dGuvcNFkCECdz283NVEpjCi5UeCEUBvs%3D
unknown
whitelisted
5168
updater.exe
GET
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/diffgen-puffin/%7B8a69d345-d564-463c-aff1-a69d9e530f96%7D/f11035a609826e842104c6a00f39912a0d6a8ea396d32d9c6dc7fa62167cab8a
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3964
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1268
svchost.exe
23.216.77.42:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1268
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6672
svchost.exe
20.190.160.132:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
whitelisted
google.com
  • 142.250.185.142
whitelisted
crl.microsoft.com
  • 23.216.77.42
  • 23.216.77.28
  • 23.216.77.6
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
login.live.com
  • 20.190.160.132
  • 40.126.32.72
  • 20.190.160.4
  • 20.190.160.131
  • 40.126.32.133
  • 20.190.160.66
  • 40.126.32.74
  • 20.190.160.3
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
nexusrules.officeapps.live.com
  • 52.111.243.30
whitelisted
client.wns.windows.com
  • 172.211.123.250
  • 172.211.123.248
whitelisted
arc.msn.com
  • 20.103.156.88
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
6140
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6140
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Process
Message
chrome.exe
I0000 00:00:1752016782.833495 1204 voice_transcription.cc:58] Registering VoiceTranscriptionCapability
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
22880867128.zip