File name:

ChromeSetup.exe

Full analysis: https://app.any.run/tasks/09e7a0b5-5122-4d23-8e5b-3bb153ac5f5c
Verdict: Malicious activity
Analysis date: February 11, 2025, 06:40:50
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
qrcode
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

3C4FCDBD4A7B2AD48C9EDEE2D53230C5

SHA1:

1B767093B10C7247D5CCB6CE0FBEA77510E07CEF

SHA256:

A8ACBAC4359236B565A3AADFF04FCE931A86C5B39AC40E2BD9DDA2B307198059

SSDEEP:

98304:Ay6o5mLVVlsmmsAjYKdfufAhN+ZiBQwH6F/HCPElCAVYEwG7Cmoqo1WrbcCPd2sN:UwiQWUu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • setup.exe (PID: 5752)

  • SUSPICIOUS

    • Application launched itself

      • ChromeSetup.exe (PID: 6280)
      • updater.exe (PID: 6552)
      • updater.exe (PID: 6668)
      • updater.exe (PID: 6764)
      • setup.exe (PID: 5752)
      • setup.exe (PID: 5572)
      • updater.exe (PID: 4384)

    • Reads security settings of Internet Explorer

      • ChromeSetup.exe (PID: 6280)
      • updater.exe (PID: 6552)

    • Executes as Windows Service

      • updater.exe (PID: 6668)
      • updater.exe (PID: 6764)
      • updater.exe (PID: 4384)

    • Executable content was dropped or overwritten

      • updater.exe (PID: 6552)
      • updater.exe (PID: 6668)
      • 132.0.6834.160_chrome_installer.exe (PID: 2744)
      • setup.exe (PID: 5752)

    • Searches for installed software

      • setup.exe (PID: 5752)

    • Creates a software uninstall entry

      • setup.exe (PID: 5752)
      • chrome.exe (PID: 5404)

    • Checks Windows Trust Settings

      • updater.exe (PID: 6552)

  • INFO

    • The sample compiled with english language support

      • ChromeSetup.exe (PID: 6280)
      • updater.exe (PID: 6552)
      • updater.exe (PID: 6668)
      • 132.0.6834.160_chrome_installer.exe (PID: 2744)
      • setup.exe (PID: 5752)

    • Checks supported languages

      • ChromeSetup.exe (PID: 6500)
      • ChromeSetup.exe (PID: 6280)
      • updater.exe (PID: 6552)
      • updater.exe (PID: 6572)
      • updater.exe (PID: 6668)
      • updater.exe (PID: 6688)
      • updater.exe (PID: 6784)
      • updater.exe (PID: 6764)
      • 132.0.6834.160_chrome_installer.exe (PID: 2744)
      • setup.exe (PID: 5752)
      • setup.exe (PID: 2676)
      • setup.exe (PID: 5572)
      • setup.exe (PID: 5748)
      • elevation_service.exe (PID: 7104)
      • updater.exe (PID: 4384)
      • updater.exe (PID: 1216)
      • identity_helper.exe (PID: 8172)

    • Creates files in the program directory

      • updater.exe (PID: 6552)
      • ChromeSetup.exe (PID: 6500)
      • updater.exe (PID: 6764)
      • setup.exe (PID: 5752)
      • setup.exe (PID: 5572)
      • updater.exe (PID: 6572)
      • updater.exe (PID: 4384)
      • updater.exe (PID: 6668)

    • Reads the computer name

      • ChromeSetup.exe (PID: 6280)
      • ChromeSetup.exe (PID: 6500)
      • updater.exe (PID: 6552)
      • updater.exe (PID: 6668)
      • updater.exe (PID: 6764)
      • 132.0.6834.160_chrome_installer.exe (PID: 2744)
      • setup.exe (PID: 5752)
      • setup.exe (PID: 5572)
      • elevation_service.exe (PID: 7104)
      • updater.exe (PID: 4384)
      • identity_helper.exe (PID: 8172)

    • Process checks computer location settings

      • ChromeSetup.exe (PID: 6280)

    • Process checks whether UAC notifications are on

      • updater.exe (PID: 6552)
      • updater.exe (PID: 6668)
      • updater.exe (PID: 6764)
      • updater.exe (PID: 4384)

    • Reads the machine GUID from the registry

      • updater.exe (PID: 6552)

    • Checks proxy server information

      • updater.exe (PID: 6552)

    • Reads the software policy settings

      • updater.exe (PID: 6764)
      • updater.exe (PID: 6552)

    • Create files in a temporary directory

      • updater.exe (PID: 6552)

    • Creates files or folders in the user directory

      • updater.exe (PID: 6552)

    • Manual execution by a user

      • chrome.exe (PID: 5404)
      • msedge.exe (PID: 5208)
      • msedge.exe (PID: 7588)

    • Executes as Windows Service

      • elevation_service.exe (PID: 7104)

    • Application launched itself

      • chrome.exe (PID: 5404)
      • msedge.exe (PID: 5208)

    • Reads Environment values

      • identity_helper.exe (PID: 8172)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:01:28 16:01:55+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 3490816
InitializedDataSize: 7018496
UninitializedDataSize: -
EntryPoint: 0x1c1a90
OSVersion: 10
ImageVersion: -
SubsystemVersion: 10
Subsystem: Windows GUI
FileVersionNumber: 134.0.6985.0
ProductVersionNumber: 134.0.6985.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Google LLC
FileDescription: Google Installer
FileVersion: 134.0.6985.0
InternalName: Google Installer (x86)
LegalCopyright: Copyright 2025 Google LLC. All rights reserved.
OriginalFileName: UpdaterSetup.exe
ProductName: Google Installer
ProductVersion: 134.0.6985.0
CompanyShortName: Google
ProductShortName: GoogleUpdater
LastChange: 78fefa9200212ea1e7395f932d5f3eea2db9472b-refs/branch-heads/6985@{#1}
OfficialBuild: 1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
217
Monitored processes
87
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start chromesetup.exe no specs chromesetup.exe updater.exe updater.exe no specs updater.exe updater.exe no specs updater.exe updater.exe no specs 132.0.6834.160_chrome_installer.exe setup.exe setup.exe no specs setup.exe no specs setup.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe elevation_service.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs updater.exe no specs updater.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
204"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=5672,i,16214410228817213261,8132924769464266953,262144 --variations-seed-version --mojo-platform-channel-handle=6344 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
132.0.6834.160
244"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --field-trial-handle=6312,i,16214410228817213261,8132924769464266953,262144 --variations-seed-version --mojo-platform-channel-handle=6608 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
132.0.6834.160
1144"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=1560 --field-trial-handle=2220,i,9479895395308404301,2708870046714320723,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1216"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5620,i,16214410228817213261,8132924769464266953,262144 --variations-seed-version --mojo-platform-channel-handle=4620 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
132.0.6834.160
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\132.0.6834.160\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1216"C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=134.0.6985.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x79c460,0x79c46c,0x79c478C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exeupdater.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Updater
Exit code:
0
Version:
134.0.6985.0
1468"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6248,i,16214410228817213261,8132924769464266953,262144 --variations-seed-version --mojo-platform-channel-handle=6272 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
132.0.6834.160
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\132.0.6834.160\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1512"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4268,i,16214410228817213261,8132924769464266953,262144 --variations-seed-version --mojo-platform-channel-handle=4788 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
132.0.6834.160
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\132.0.6834.160\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1540"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=132.0.6834.160 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff82209dcf8,0x7ff82209dd04,0x7ff82209dd10C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
132.0.6834.160
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1596"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4108 --field-trial-handle=2220,i,9479895395308404301,2708870046714320723,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
2144"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --field-trial-handle=7132,i,16214410228817213261,8132924769464266953,262144 --variations-seed-version --mojo-platform-channel-handle=6696 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
132.0.6834.160
Total events
19 934
Read events
19 665
Write events
239
Delete events
30

Modification events

(PID) Process:(6764) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}
Operation:writeName:pv
Value:
134.0.6985.0
(PID) Process:(6552) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\Clients\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}
Operation:writeName:pv
Value:
134.0.6985.0
(PID) Process:(6552) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\Clients\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}
Operation:writeName:name
Value:
GoogleUpdater
(PID) Process:(6552) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}
Operation:writeName:pv
Value:
134.0.6985.0
(PID) Process:(6552) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}
Operation:writeName:name
Value:
GoogleUpdater
(PID) Process:(6552) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1DEF635A-C3EF-530A-8F03-E90E7C834B9F}
Operation:writeName:AppID
Value:
{1DEF635A-C3EF-530A-8F03-E90E7C834B9F}
(PID) Process:(6552) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1DEF635A-C3EF-530A-8F03-E90E7C834B9F}
Operation:writeName:LocalService
Value:
GoogleUpdaterInternalService134.0.6985.0
(PID) Process:(6552) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1DEF635A-C3EF-530A-8F03-E90E7C834B9F}
Operation:writeName:ServiceParameters
Value:
--com-service
(PID) Process:(6552) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9640E544-7267-58DA-B168-300752A6C920}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(6552) updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9640E544-7267-58DA-B168-300752A6C920}\TypeLib
Operation:writeName:Version
Value:
1.0
Executable files
22
Suspicious files
381
Text files
122
Unknown types
0

Dropped files

PID
Process
Filename
Type
6500ChromeSetup.exeC:\Windows\SystemTemp\Google6500_47402622\UPDATER.PACKED.7Z
MD5:
SHA256:
6552updater.exeC:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\Crashpad\settings.datbinary
MD5:B26705D371DE0B0E9483AB6E27693339
SHA256:3D0DA1D74258C69972CF33244B33AFE04EAC38550F7FA0CB4F814DDD5EBD999D
6552updater.exeC:\Program Files (x86)\Google\GoogleUpdater\bf31e590-b033-4d4b-8f24-f8fe04a823da.tmpbinary
MD5:D03FB25630A92535094995864FDA3162
SHA256:402B0099A38FF1C682745E74FCF2CEAE0CACA7A262FE0790BDBC2C34E5FE8730
6668updater.exeC:\Program Files (x86)\Google\GoogleUpdater\prefs.json~RF138512.TMPbinary
MD5:D03FB25630A92535094995864FDA3162
SHA256:402B0099A38FF1C682745E74FCF2CEAE0CACA7A262FE0790BDBC2C34E5FE8730
6552updater.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D6AA22DA63AEAA61826C0D7C76455F33_BE04BFFDC626E991C9EEB9B7D35CF4B8binary
MD5:8DF144EB4AA2C844EA1E548D49CBD490
SHA256:13CD07C003B9A2DE6E2F80CF2A0BFA8D585EA27A3819176FDB3B386AD86F4E66
6552updater.exeC:\Program Files (x86)\Google\GoogleUpdater\updater.logtext
MD5:285142133AAB7237C196378344F18C48
SHA256:B0DB6A698538F6DFC577C4E70A689AF74363EB6F4AB422D71F5B353FEF9D8FEA
6764updater.exeC:\Windows\SystemTemp\chrome_url_fetcher_6764_341434702\-8a69d345-d564-463c-aff1-a69d9e530f96-_132.0.6834.160_all_nqbdmqyvjg2irxa77fzqsfumdi.crx3
MD5:
SHA256:
6764updater.exeC:\Program Files (x86)\Google\GoogleUpdater\crx_cache\{8a69d345-d564-463c-aff1-a69d9e530f96}_1.22bc2d4629c0b81b9038682222f7bb77c8453a5c0e1ecca4df9b88279b8b62b0
MD5:
SHA256:
6764updater.exeC:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6764_1645458906\132.0.6834.160_chrome_installer.exe
MD5:
SHA256:
6552updater.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:0A51EAACD762DFED9EA54C0462D75049
SHA256:FEDA28C0BF9C2F596A1A16E39C8AC981785CC5CBED313B69BFEDB7A823A63D11
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
110
DNS requests
112
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
2.16.164.72:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1684
svchost.exe
GET
200
2.16.164.72:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1176
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6552
updater.exe
GET
200
142.250.186.131:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6552
updater.exe
GET
200
142.250.186.131:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
5544
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6764
updater.exe
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome/acb4xvqwkz6322ohbkqaifyhnspq_132.0.6834.160/-8a69d345-d564-463c-aff1-a69d9e530f96-_132.0.6834.160_all_nqbdmqyvjg2irxa77fzqsfumdi.crx3
unknown
whitelisted
5544
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4712
MoUsoCoreWorker.exe
2.16.164.72:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
1684
svchost.exe
2.16.164.72:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
1684
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.21.65.154:443
www.bing.com
Akamai International B.V.
NL
whitelisted
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1176
svchost.exe
20.190.160.131:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1176
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.18.110
whitelisted
crl.microsoft.com
  • 2.16.164.72
  • 2.16.164.120
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
www.bing.com
  • 2.21.65.154
  • 2.21.65.132
  • 104.126.37.161
  • 104.126.37.154
  • 104.126.37.144
  • 104.126.37.137
  • 104.126.37.153
  • 104.126.37.155
  • 104.126.37.146
  • 104.126.37.139
  • 104.126.37.160
whitelisted
ocsp.digicert.com
  • 2.23.77.188
  • 184.30.131.245
whitelisted
login.live.com
  • 20.190.160.131
  • 20.190.160.17
  • 40.126.32.72
  • 40.126.32.68
  • 20.190.160.128
  • 20.190.160.66
  • 40.126.32.138
  • 20.190.160.130
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted
update.googleapis.com
  • 142.250.185.195
whitelisted
dl.google.com
  • 216.58.206.78
whitelisted
c.pki.goog
  • 142.250.186.131
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ChromeSetup.exe