URL:

https://www.filepuma.com/download/google_chrome_64bit_92.0.4515.131-29512/download/

Full analysis: https://app.any.run/tasks/57d25014-fde5-463a-b0be-a1e5e493ab11
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: August 01, 2024, 08:16:26
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
crypto-regex
Indicators:
MD5:

F7E07D6B62B797F4410DCBE482320FA0

SHA1:

B38A09412B9733B4F58311791B31185203A5D65F

SHA256:

9184C32C116D462F48E2C99F77F0D5E4ECA23291530278836F329E899C239BB2

SSDEEP:

3:N8DSLQ6Q5LKK8LrJUK96difTqCXkCn:2OLQ7VKBPJUK96dirBXp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • setup.exe (PID: 7252)
      • Google_Chrome_(64bit)_v92.0.4515.131.exe (PID: 7124)
      • GoogleUpdateSetup.exe (PID: 6792)
      • chrome_installer.exe (PID: 6688)
      • setup.exe (PID: 6804)

    • Actions looks like stealing of personal data

      • setup.exe (PID: 7252)

    • Scans artifacts that could help determine the target

      • GoogleUpdate.exe (PID: 6876)

    • Changes the autorun value in the registry

      • setup.exe (PID: 6804)

  • SUSPICIOUS

    • Searches for installed software

      • explorer.exe (PID: 7676)
      • setup.exe (PID: 6804)

    • Executes as Windows Service

      • VSSVC.exe (PID: 2616)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 4060)

    • Application launched itself

      • setup.exe (PID: 7252)
      • GoogleUpdate.exe (PID: 6876)
      • setup.exe (PID: 6804)

    • Executable content was dropped or overwritten

      • setup.exe (PID: 7252)
      • Google_Chrome_(64bit)_v92.0.4515.131.exe (PID: 7124)
      • GoogleUpdateSetup.exe (PID: 6792)
      • chrome_installer.exe (PID: 6688)
      • setup.exe (PID: 6804)

    • Reads security settings of Internet Explorer

      • GoogleUpdate.exe (PID: 7152)
      • GoogleUpdate.exe (PID: 6936)
      • GoogleUpdate.exe (PID: 6876)

    • Reads the date of Windows installation

      • GoogleUpdate.exe (PID: 7152)
      • GoogleUpdate.exe (PID: 6936)

    • Checks Windows Trust Settings

      • GoogleUpdate.exe (PID: 6876)

    • Creates a software uninstall entry

      • setup.exe (PID: 6804)

    • Creates file in the systems drive root

      • explorer.exe (PID: 4552)

    • Found regular expressions for crypto-addresses (YARA)

      • chrome.exe (PID: 7244)

    • Potential Corporate Privacy Violation

      • svchost.exe (PID: 2256)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 6356)
      • chrome.exe (PID: 3552)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 6356)

    • Reads Microsoft Office registry keys

      • chrome.exe (PID: 6356)
      • explorer.exe (PID: 4552)
      • chrome.exe (PID: 3552)

    • Drops the executable file immediately after the start

      • chrome.exe (PID: 6356)

    • Checks supported languages

      • TextInputHost.exe (PID: 7980)
      • msiexec.exe (PID: 4060)
      • setup.exe (PID: 5072)
      • setup.exe (PID: 7252)
      • GoogleUpdate.exe (PID: 7152)
      • GoogleUpdateSetup.exe (PID: 6792)
      • Google_Chrome_(64bit)_v92.0.4515.131.exe (PID: 7124)
      • GoogleUpdate.exe (PID: 6936)
      • GoogleUpdate.exe (PID: 6984)
      • GoogleUpdate.exe (PID: 6628)
      • GoogleUpdate.exe (PID: 6876)
      • chrome_installer.exe (PID: 6688)
      • setup.exe (PID: 6804)
      • GoogleUpdateOnDemand.exe (PID: 7336)
      • GoogleUpdate.exe (PID: 3116)
      • GoogleUpdate.exe (PID: 7576)
      • setup.exe (PID: 6552)

    • Reads the computer name

      • TextInputHost.exe (PID: 7980)
      • msiexec.exe (PID: 4060)
      • setup.exe (PID: 7252)
      • GoogleUpdate.exe (PID: 7152)
      • GoogleUpdate.exe (PID: 6936)
      • GoogleUpdate.exe (PID: 6876)
      • GoogleUpdate.exe (PID: 6984)
      • GoogleUpdate.exe (PID: 6628)
      • setup.exe (PID: 6804)
      • chrome_installer.exe (PID: 6688)
      • GoogleUpdate.exe (PID: 3116)
      • GoogleUpdate.exe (PID: 7576)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 4552)

    • The process uses the downloaded file

      • chrome.exe (PID: 8104)
      • explorer.exe (PID: 4552)
      • Google_Chrome_(64bit)_v92.0.4515.131.exe (PID: 7124)
      • GoogleUpdateSetup.exe (PID: 6792)

    • Create files in a temporary directory

      • setup.exe (PID: 7252)
      • Google_Chrome_(64bit)_v92.0.4515.131.exe (PID: 7124)
      • GoogleUpdate.exe (PID: 6876)
      • explorer.exe (PID: 4552)

    • Creates files or folders in the user directory

      • explorer.exe (PID: 4552)
      • GoogleUpdate.exe (PID: 6876)

    • Manual execution by a user

      • Google_Chrome_(64bit)_v92.0.4515.131.exe (PID: 7124)

    • Reads the software policy settings

      • explorer.exe (PID: 4552)
      • GoogleUpdate.exe (PID: 6876)
      • GoogleUpdate.exe (PID: 6628)
      • GoogleUpdate.exe (PID: 3116)

    • Checks proxy server information

      • explorer.exe (PID: 4552)
      • GoogleUpdate.exe (PID: 6628)
      • GoogleUpdate.exe (PID: 6876)
      • GoogleUpdate.exe (PID: 3116)

    • Process checks computer location settings

      • GoogleUpdate.exe (PID: 7152)
      • GoogleUpdate.exe (PID: 6936)

    • Creates files in the program directory

      • GoogleUpdate.exe (PID: 6936)
      • GoogleUpdate.exe (PID: 6628)
      • GoogleUpdate.exe (PID: 6876)
      • GoogleUpdateSetup.exe (PID: 6792)
      • chrome_installer.exe (PID: 6688)
      • GoogleUpdate.exe (PID: 3116)
      • setup.exe (PID: 6804)

    • Reads the machine GUID from the registry

      • GoogleUpdate.exe (PID: 6876)

    • Dropped object may contain TOR URL's

      • explorer.exe (PID: 4552)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
271
Monitored processes
118
Malicious processes
14
Suspicious processes
1

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs textinputhost.exe no specs COpenControlPanel no specs explorer.exe no specs chrome.exe no specs msiexec.exe no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs setup.exe setup.exe rundll32.exe no specs explorer.exe google_chrome_(64bit)_v92.0.4515.131.exe googleupdate.exe no specs googleupdatesetup.exe googleupdate.exe no specs googleupdate.exe no specs googleupdate.exe googleupdate.exe chrome_installer.exe setup.exe setup.exe no specs googleupdate.exe googleupdateondemand.exe no specs googleupdate.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs comppkgsrv.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs svchost.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs THREAT chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
368"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1728,14303335840995843551,6028695205409574415,131072 --lang=en-US --service-sandbox-type=utility --disable-quic --mojo-platform-channel-handle=3696 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
92.0.4515.131
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
460"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1728,14303335840995843551,6028695205409574415,131072 --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=6076 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
92.0.4515.131
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1452"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1728,14303335840995843551,6028695205409574415,131072 --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=5660 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
92.0.4515.131
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1568"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,14303335840995843551,6028695205409574415,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
92.0.4515.131
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1692"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,14303335840995843551,6028695205409574415,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
92.0.4515.131
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1920"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1728,14303335840995843551,6028695205409574415,131072 --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=6016 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
92.0.4515.131
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2088"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1728,14303335840995843551,6028695205409574415,131072 --lang=en-US --service-sandbox-type=utility --disable-quic --mojo-platform-channel-handle=6024 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
92.0.4515.131
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2256C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2524"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,14303335840995843551,6028695205409574415,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
92.0.4515.131
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2616C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
153 370
Read events
151 907
Write events
1 177
Delete events
286

Modification events

(PID) Process:(6356) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6356) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6356) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(6356) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(6356) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6356) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(6356) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6356) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(6356) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(6356) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid
Value:
Executable files
145
Suspicious files
862
Text files
213
Unknown types
59

Dropped files

PID
Process
Filename
Type
6356chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
6356chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
6356chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
6356chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old
MD5:
SHA256:
6356chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RFe5e0a.TMP
MD5:
SHA256:
6356chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old
MD5:
SHA256:
6356chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RFe5dfa.TMP
MD5:
SHA256:
6356chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6356chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Variationsbinary
MD5:961E3604F228B0D10541EBF921500C86
SHA256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
6356chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:723783C35EAEEE1492EDB30847AE6750
SHA256:C29323F784CF873BF34992E7A2B4630B19641BF42980109E31D5AF2D487DF6F8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
43
TCP/UDP connections
240
DNS requests
203
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5976
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5976
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
3568
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6692
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
3900
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
3900
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3
unknown
whitelisted
3900
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
532
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5632
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
6356
chrome.exe
239.255.255.250:1900
whitelisted
6628
chrome.exe
172.67.74.254:443
www.filepuma.com
CLOUDFLARENET
US
unknown
6628
chrome.exe
74.125.128.84:443
accounts.google.com
GOOGLE
US
whitelisted
6628
chrome.exe
104.21.234.235:443
rsms.me
CLOUDFLARENET
unknown
6628
chrome.exe
142.250.184.227:443
fonts.gstatic.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
google.com
  • 142.250.186.110
  • 142.251.39.110
  • 142.250.186.78
whitelisted
www.filepuma.com
  • 172.67.74.254
  • 104.26.0.63
  • 104.26.1.63
unknown
accounts.google.com
  • 74.125.128.84
whitelisted
rsms.me
  • 104.21.234.235
  • 104.21.234.234
whitelisted
fonts.googleapis.com
  • 142.250.185.106
whitelisted
translate.google.com
  • 142.250.185.110
whitelisted
fonts.gstatic.com
  • 142.250.184.227
  • 142.250.186.35
whitelisted
images.filepuma.com
  • 104.26.0.63
  • 172.67.74.254
  • 104.26.1.63
shared
www.gstatic.com
  • 142.250.185.163
  • 142.250.185.227
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY DNS Query for TOR Hidden Domain .onion Accessible Via TOR
Misc activity
ET INFO File Sharing Related Domain in DNS Lookup (wetransfer .com)
Misc activity
ET INFO File Sharing Domain Observed in TLS SNI (wetransfer .com)
Misc activity
ET INFO File Sharing Domain Observed in TLS SNI (wetransfer .com)
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.filepuma.com/download/google_chrome_64bit_92.0.4515.131-29512/download/