File name:

22880867128.zip

Full analysis: https://app.any.run/tasks/6007f071-3595-4b40-a9ca-91485d7a28cc
Verdict: Malicious activity
Analysis date: July 08, 2025, 23:17:53
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
qrcode
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

724C29FAE5338E887EBE666632A210EC

SHA1:

A1475BB69D9DA61DF6E607DA2E5B1D339CD235A0

SHA256:

8E44E63FBC23FCC12B9058163CF7BC221A450FD7975261D350EC0EDD669F7900

SSDEEP:

98304:1N6+fQj8D6KSZUdslQ6jtK1liRNi5DRVy/b/lHNmLkqZGuFcL9MtkBq3K4PbKGb1:d6lwC/CJwMu2I9U

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 5708)

    • Changes the autorun value in the registry

      • setup.exe (PID: 2120)

  • SUSPICIOUS

    • Uses base64 encoding (POWERSHELL)

      • powershell.exe (PID: 5708)

    • Executing commands from ".cmd" file

      • powershell.exe (PID: 5708)

    • Executable content was dropped or overwritten

      • powershell.exe (PID: 5708)
      • updater.exe (PID: 5240)
      • updater.exe (PID: 1036)
      • 138.0.7204.97_chrome_installer_uncompressed.exe (PID: 7132)
      • setup.exe (PID: 2120)
      • updater.exe (PID: 6172)
      • updater.exe (PID: 6488)

    • Writes data into a file (POWERSHELL)

      • powershell.exe (PID: 5708)

    • Starts CMD.EXE for commands execution

      • powershell.exe (PID: 5708)

    • The executable file from the user directory is run by the CMD process

      • chrome.exe (PID: 4132)

    • Reads security settings of Internet Explorer

      • chrome.exe (PID: 4132)
      • updater.exe (PID: 5240)

    • Application launched itself

      • chrome.exe (PID: 4132)
      • updater.exe (PID: 5240)
      • updater.exe (PID: 1036)
      • setup.exe (PID: 2120)
      • setup.exe (PID: 4664)
      • updater.exe (PID: 6172)
      • updater.exe (PID: 6488)
      • updater.exe (PID: 5168)

    • Executes as Windows Service

      • updater.exe (PID: 1036)
      • updater.exe (PID: 5168)
      • updater.exe (PID: 6172)

    • Creates a software uninstall entry

      • setup.exe (PID: 2120)

    • Searches for installed software

      • setup.exe (PID: 2120)

  • INFO

    • Manual execution by a user

      • powershell.exe (PID: 5708)
      • chrome.exe (PID: 5708)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 5708)

    • Converts byte array into ASCII string (POWERSHELL)

      • powershell.exe (PID: 5708)

    • The sample compiled with english language support

      • powershell.exe (PID: 5708)
      • updater.exe (PID: 5240)
      • updater.exe (PID: 1036)
      • 138.0.7204.97_chrome_installer_uncompressed.exe (PID: 7132)
      • setup.exe (PID: 2120)
      • updater.exe (PID: 6172)
      • updater.exe (PID: 6488)

    • Reads the computer name

      • chrome.exe (PID: 4132)
      • chrome.exe (PID: 6936)
      • updater.exe (PID: 5240)
      • updater.exe (PID: 1036)
      • updater.exe (PID: 5168)
      • 138.0.7204.97_chrome_installer_uncompressed.exe (PID: 7132)
      • setup.exe (PID: 4664)
      • updater.exe (PID: 6172)
      • elevation_service.exe (PID: 1388)
      • updater.exe (PID: 6488)
      • setup.exe (PID: 2120)

    • Checks supported languages

      • chrome.exe (PID: 4132)
      • updater.exe (PID: 5240)
      • updater.exe (PID: 320)
      • updater.exe (PID: 3836)
      • updater.exe (PID: 1036)
      • updater.exe (PID: 5168)
      • chrome.exe (PID: 6936)
      • updater.exe (PID: 6176)
      • setup.exe (PID: 2120)
      • 138.0.7204.97_chrome_installer_uncompressed.exe (PID: 7132)
      • setup.exe (PID: 4664)
      • setup.exe (PID: 892)
      • setup.exe (PID: 3584)
      • elevation_service.exe (PID: 1388)
      • updater.exe (PID: 6172)
      • updater.exe (PID: 4132)
      • UpdaterSetup.exe (PID: 5416)
      • updater.exe (PID: 3396)
      • updater.exe (PID: 6488)

    • Process checks computer location settings

      • chrome.exe (PID: 4132)

    • Creates files in the program directory

      • updater.exe (PID: 320)
      • updater.exe (PID: 1036)
      • updater.exe (PID: 5240)
      • updater.exe (PID: 5168)
      • setup.exe (PID: 2120)
      • setup.exe (PID: 4664)
      • updater.exe (PID: 6172)
      • updater.exe (PID: 6488)
      • updater.exe (PID: 3396)

    • Process checks whether UAC notifications are on

      • updater.exe (PID: 1036)
      • updater.exe (PID: 5240)
      • updater.exe (PID: 5168)
      • updater.exe (PID: 6172)
      • updater.exe (PID: 6488)

    • Create files in a temporary directory

      • chrome.exe (PID: 6936)
      • updater.exe (PID: 5240)

    • Reads the software policy settings

      • updater.exe (PID: 5168)
      • updater.exe (PID: 5240)
      • slui.exe (PID: 5980)
      • updater.exe (PID: 6172)

    • Checks proxy server information

      • updater.exe (PID: 5240)
      • slui.exe (PID: 5980)

    • Reads the machine GUID from the registry

      • updater.exe (PID: 5240)

    • Creates files or folders in the user directory

      • updater.exe (PID: 5240)

    • Launching a file from a Registry key

      • setup.exe (PID: 2120)

    • Executes as Windows Service

      • elevation_service.exe (PID: 1388)

    • Application launched itself

      • chrome.exe (PID: 5708)

    • Connects to unusual port

      • chrome.exe (PID: 6140)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0009
ZipCompression: Deflated
ZipModifyDate: 1980:00:00 00:00:00
ZipCRC: 0x1e9476e6
ZipCompressedSize: 9547683
ZipUncompressedSize: 20147990
ZipFileName: 6ddd5e13bbe796098dc01458a1df8fcc22e6d6e3908cf6951dc3f68b4ab14cec
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
202
Monitored processes
63
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe no specs powershell.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs slui.exe chrome.exe no specs chrome.exe updater.exe updater.exe no specs updater.exe no specs updater.exe no specs updater.exe updater.exe no specs 138.0.7204.97_chrome_installer_uncompressed.exe no specs setup.exe no specs setup.exe no specs setup.exe no specs setup.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe elevation_service.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs updater.exe updater.exe no specs updatersetup.exe no specs updater.exe no specs updater.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
320C:\Users\admin\AppData\Local\Temp\Google6936_1753163432\bin\updater.exe --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7194.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x2a8,0x2ac,0x2b0,0xe8,0x2b4,0xf429c0,0xf429cc,0xf429d8C:\Users\admin\AppData\Local\Temp\Google6936_1753163432\bin\updater.exeupdater.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Updater (x86)
Exit code:
0
Version:
138.0.7194.0
Modules
Images
c:\users\admin\appdata\local\temp\google6936_1753163432\bin\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
684"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --force-high-res-timeticks=disabled --field-trial-handle=1864,i,18189946056374023687,5195566575631177136,262144 --variations-seed-version --mojo-platform-channel-handle=6772 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
138.0.7204.97
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
768"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\22880867128.zipC:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
788"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --force-high-res-timeticks=disabled --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=1864,i,18189946056374023687,5195566575631177136,262144 --variations-seed-version --mojo-platform-channel-handle=3228 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
138.0.7204.97
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\138.0.7204.97\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
856"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --force-high-res-timeticks=disabled --field-trial-handle=1864,i,18189946056374023687,5195566575631177136,262144 --variations-seed-version --mojo-platform-channel-handle=6584 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
138.0.7204.97
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\138.0.7204.97\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
892C:\WINDOWS\SystemTemp\chrome_Unpacker_BeginUnzipping5168_982556146\CR_03B05.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\WINDOWS\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=138.0.7204.97 --initial-client-data=0x29c,0x2a0,0x2a4,0x278,0x2a8,0x7ff708a645a0,0x7ff708a645ac,0x7ff708a645b8C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5168_982556146\CR_03B05.tmp\setup.exesetup.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Chrome Installer
Exit code:
0
Version:
138.0.7204.97
Modules
Images
c:\windows\systemtemp\chrome_unpacker_beginunzipping5168_982556146\cr_03b05.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\acgenral.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1036"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe" --system --windows-service --service=update-internalC:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exeservices.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Updater (x86)
Exit code:
0
Version:
138.0.7194.0
Modules
Images
c:\program files (x86)\google\googleupdater\138.0.7194.0\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
1324"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --force-high-res-timeticks=disabled --field-trial-handle=1864,i,18189946056374023687,5195566575631177136,262144 --variations-seed-version --mojo-platform-channel-handle=7036 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
138.0.7204.97
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1388"C:\Program Files\Google\Chrome\Application\138.0.7204.97\elevation_service.exe"C:\Program Files\Google\Chrome\Application\138.0.7204.97\elevation_service.exeservices.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Chrome
Exit code:
0
Version:
138.0.7204.97
Modules
Images
c:\program files\google\chrome\application\138.0.7204.97\elevation_service.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
1532"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --force-high-res-timeticks=disabled --field-trial-handle=1864,i,18189946056374023687,5195566575631177136,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
138.0.7204.97
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\138.0.7204.97\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
23 993
Read events
23 800
Write events
180
Delete events
13

Modification events

(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\22880867128.zip
(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(768) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3D0000002D000000FD03000016020000
Executable files
11
Suspicious files
165
Text files
76
Unknown types
15

Dropped files

PID
Process
Filename
Type
768WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb768.2028\6ddd5e13bbe796098dc01458a1df8fcc22e6d6e3908cf6951dc3f68b4ab14cec
MD5:
SHA256:
6936chrome.exeC:\Users\admin\AppData\Local\Temp\Google6936_4268481\UPDATER.PACKED.7Z
MD5:
SHA256:
5708powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF17e937.TMPbinary
MD5:00A03B286E6E0EBFF8D9C492365D5EC2
SHA256:4DBFC417D053BA6867308671F1C61F4DCAFC61F058D4044DB532DA6D3BDE3615
5240updater.exeC:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exeexecutable
MD5:A1044445F76098186DE3B146ABDA9876
SHA256:8CA4F944172F0904B4D70E40A5D61B54439109502E7E3E20D71F8A83BEAD9CE8
5708powershell.exeC:\Users\admin\AppData\Local\Temp\tmp55A.cmdtext
MD5:30D9AA7B36B406647A4C48B28E946FE6
SHA256:1E48A7D1C9D06913209FE958433C3ED4E9DF4769EAF3496DA718CA7053F0A141
5240updater.exeC:\Program Files (x86)\Google\GoogleUpdater\updater.logtext
MD5:DA58D2761EEFDEF782EF97ACE1DA3170
SHA256:A1EF203A33622E4EE53B7E83544916AE889610FEFB2CF7793857D2F302B8A4C2
5708powershell.exeC:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractivebinary
MD5:BDDC11C023D6CD69A04503F85A2743A5
SHA256:9E056C13F598D879C38E352AC29A1186789E7124876B299D1CF69C15FC4894C3
5240updater.exeC:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\Crashpad\settings.datbinary
MD5:FE54929104DCC50F06F2A48A73838DE4
SHA256:A192BEC4964BEC8E02A0F58635C947EDFF0B349CA1FEC8391E84B5A556BA11F7
5240updater.exeC:\Program Files (x86)\Google\GoogleUpdater\e0ad1493-596e-4947-872e-e82f5d2607c7.tmpbinary
MD5:4D8DF8FA0D5BE0C431DB342041019C34
SHA256:D9CF12B4F14BD5ABB0B6C967A3DFE3293FEBF1FF251E7ACECBEDB6801CF52E5C
5708powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_2klad0q0.eye.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
18
TCP/UDP connections
84
DNS requests
79
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.216.77.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6672
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5240
updater.exe
GET
200
142.250.185.195:80
http://o.pki.goog/we2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTuMJxAT2trYla0jia%2F5EUSmLrk3QQUdb7Ed66J9kQ3fc%2BxaB8dGuvcNFkCECdz283NVEpjCi5UeCEUBvs%3D
unknown
whitelisted
1180
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5240
updater.exe
GET
200
216.58.212.163:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
5168
updater.exe
GET
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/diffgen-puffin/%7B8a69d345-d564-463c-aff1-a69d9e530f96%7D/f11035a609826e842104c6a00f39912a0d6a8ea396d32d9c6dc7fa62167cab8a
unknown
whitelisted
1180
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
4088
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
5240
updater.exe
GET
200
216.58.212.163:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
6140
chrome.exe
GET
200
142.250.185.238:80
http://clients2.google.com/time/1/current?cup2key=9:ERvcwfSMET7XgzF3ag9dqAmV5YaRTaSo1Bqpf6vjr_I&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3964
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1268
svchost.exe
23.216.77.42:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1268
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6672
svchost.exe
20.190.160.132:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
whitelisted
google.com
  • 142.250.185.142
whitelisted
crl.microsoft.com
  • 23.216.77.42
  • 23.216.77.28
  • 23.216.77.6
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
login.live.com
  • 20.190.160.132
  • 40.126.32.72
  • 20.190.160.4
  • 20.190.160.131
  • 40.126.32.133
  • 20.190.160.66
  • 40.126.32.74
  • 20.190.160.3
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
nexusrules.officeapps.live.com
  • 52.111.243.30
whitelisted
client.wns.windows.com
  • 172.211.123.250
  • 172.211.123.248
whitelisted
arc.msn.com
  • 20.103.156.88
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
6140
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6140
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Process
Message
chrome.exe
I0000 00:00:1752016782.833495 1204 voice_transcription.cc:58] Registering VoiceTranscriptionCapability
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
22880867128.zip