File name:

ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exe

Full analysis: https://app.any.run/tasks/bf992635-c732-4770-8400-58ef9db32c56
Verdict: Malicious activity
Analysis date: July 28, 2019, 18:00:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

FFA89649FE44BB9E81821DF182BA83DC

SHA1:

FD7BA3DE6B98B8024CA9A8F236BF5352415A1431

SHA256:

B2E301E05112E9E8AF169ABAD58B6F860BD231DF06223570A83337C4921D0AC9

SSDEEP:

6144:B0w+UD6QjTEzJ1AJJo2QzsbJE9nMxHh9TwGi7d3JHBauCy:Br+HGTEN1AsTzsbcMxBdAHBJ5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • setup.exe (PID: 316)
      • setup.exe (PID: 116)
      • elementsbrowser.exe (PID: 3756)
      • elementsbrowser.exe (PID: 3320)
      • elementsbrowser.exe (PID: 904)
      • elementsbrowser.exe (PID: 1092)
      • elementsbrowser.exe (PID: 932)
      • elementsbrowser.exe (PID: 552)
      • elementsbrowser.exe (PID: 2204)
      • elementsbrowser.exe (PID: 3764)
      • elementsbrowser.exe (PID: 3104)
      • setup.exe (PID: 3152)
      • setup.exe (PID: 1868)

    • Loads the Task Scheduler COM API

      • setup.exe (PID: 316)

  • SUSPICIOUS

    • Creates files in the user directory

      • ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exe (PID: 3864)
      • setup.exe (PID: 316)
      • elementsbrowser.exe (PID: 552)

    • Executable content was dropped or overwritten

      • mini_installer.exe (PID: 3148)
      • ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exe (PID: 3864)
      • setup.exe (PID: 316)

    • Modifies the open verb of a shell class

      • setup.exe (PID: 316)

    • Creates a software uninstall entry

      • setup.exe (PID: 316)

    • Application launched itself

      • elementsbrowser.exe (PID: 552)
      • setup.exe (PID: 3152)

    • Reads Internet Cache Settings

      • setup.exe (PID: 316)

  • INFO

    • Reads settings of System Certificates

      • setup.exe (PID: 316)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:12:11 14:48:01+01:00
PEType: PE32
LinkerVersion: 12
CodeSize: 161792
InitializedDataSize: 162816
UninitializedDataSize: -
EntryPoint: 0x1887b
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.1.19.0
ProductVersionNumber: 1.1.19.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Russian
CharacterSet: Unicode
CompanyName: Elements Browser
FileDescription: Elements Browser Setup
FileVersion: 1.1.19.0
InternalName: Elements Browser Setup
LegalCopyright: Copyright (C) 2018
OriginalFileName: elementsbrowsersetup.exe
ProductName: Elements Browser Setup
ProductVersion: 1.1.19.0

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 11-Dec-2018 13:48:01
Detected languages:
  • Russian - Russia
CompanyName: Elements Browser
FileDescription: Elements Browser Setup
FileVersion: 1.1.19.0
InternalName: Elements Browser Setup
LegalCopyright: Copyright (C) 2018
OriginalFilename: elementsbrowsersetup.exe
ProductName: Elements Browser Setup
ProductVersion: 1.1.19.0

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x000000F8

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 5
Time date stamp: 11-Dec-2018 13:48:01
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x00027643
0x00027800
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.6322
.rdata
0x00029000
0x0000C7C6
0x0000C800
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
4.77509
.data
0x00036000
0x00003688
0x00001600
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
3.54189
.rsrc
0x0003A000
0x000152C8
0x00015400
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
6.74626
.reloc
0x00050000
0x000026A0
0x00002800
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
6.52566

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.19214
1630
UNKNOWN
Russian - Russia
RT_MANIFEST
2
5.58206
2216
UNKNOWN
Russian - Russia
RT_ICON
3
5.40055
1384
UNKNOWN
Russian - Russia
RT_ICON
4
7.91744
11661
UNKNOWN
Russian - Russia
RT_ICON
5
4.1064
9640
UNKNOWN
Russian - Russia
RT_ICON
6
5.9814
4264
UNKNOWN
Russian - Russia
RT_ICON
7
6.35535
1128
UNKNOWN
Russian - Russia
RT_ICON
100
2.71858
104
UNKNOWN
Russian - Russia
RT_GROUP_ICON
150
3.4278
480
UNKNOWN
Russian - Russia
RT_DIALOG
151
3.43049
280
UNKNOWN
Russian - Russia
RT_DIALOG

Imports

ADVAPI32.dll
GDI32.dll
KERNEL32.dll
RPCRT4.dll
SHELL32.dll
SHLWAPI.dll
USER32.dll
VERSION.dll
WININET.dll
imagehlp.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
53
Monitored processes
15
Malicious processes
6
Suspicious processes
1

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start elementsbrowsersetup 30addcf9bee940ea94cabfaa399a4b5a.exe mini_installer.exe setup.exe setup.exe no specs elementsbrowser.exe elementsbrowser.exe no specs elementsbrowser.exe no specs elementsbrowser.exe no specs elementsbrowser.exe no specs elementsbrowser.exe no specs elementsbrowser.exe no specs elementsbrowser.exe no specs elementsbrowser.exe no specs setup.exe setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116C:\Users\admin\AppData\Local\Temp\CR_6FEB1.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Elements Browser\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Elements --annotation=ver=64.25.3282.140 --initial-client-data=0xf8,0xfc,0x100,0xe8,0x104,0xcddbb0,0xcddbc0,0xcddbccC:\Users\admin\AppData\Local\Temp\CR_6FEB1.tmp\setup.exesetup.exe
User:
admin
Company:
The Elements Authors
Integrity Level:
MEDIUM
Description:
Elements Installer
Exit code:
0
Version:
64.25.3282.140
Modules
Images
c:\users\admin\appdata\local\temp\cr_6feb1.tmp\setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
316"C:\Users\admin\AppData\Local\Temp\CR_6FEB1.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Temp\CR_6FEB1.tmp\ELEMENTSBROWSER.PACKED.7Z" /make_default=true /import_data=true /desktop_shortcut=true /quicklaunch_shortcut=true /taskbar_shortcut=true /promo_shortcuts=true /installer_version=1.1.19 /instver=1.1.19C:\Users\admin\AppData\Local\Temp\CR_6FEB1.tmp\setup.exe
mini_installer.exe
User:
admin
Company:
The Elements Authors
Integrity Level:
MEDIUM
Description:
Elements Installer
Exit code:
0
Version:
64.25.3282.140
Modules
Images
c:\users\admin\appdata\local\temp\cr_6feb1.tmp\setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\user32.dll
552"C:\Users\admin\AppData\Local\Elements Browser\Application\elementsbrowser.exe"C:\Users\admin\AppData\Local\Elements Browser\Application\elementsbrowser.exe
setup.exe
User:
admin
Company:
The Elements Authors
Integrity Level:
MEDIUM
Description:
Elements
Exit code:
0
Version:
64.25.3282.140
Modules
Images
c:\users\admin\appdata\local\elements browser\application\elementsbrowser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\elements browser\application\64.25.3282.140\elementsbrowser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
904"C:\Users\admin\AppData\Local\Elements Browser\Application\elementsbrowser.exe" --type=renderer --field-trial-handle=1104,3140725591079946034,12851169797462606301,131072 --service-pipe-token=9F8A5719C1B57254961A1C3D16C31116 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true,cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-checker-imaging --enable-compositor-image-animations --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9F8A5719C1B57254961A1C3D16C31116 --renderer-client-id=3 --mojo-platform-channel-handle=1972 /prefetch:1C:\Users\admin\AppData\Local\Elements Browser\Application\elementsbrowser.exeelementsbrowser.exe
User:
admin
Company:
The Elements Authors
Integrity Level:
LOW
Description:
Elements
Exit code:
0
Version:
64.25.3282.140
Modules
Images
c:\users\admin\appdata\local\elements browser\application\elementsbrowser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\elements browser\application\64.25.3282.140\elementsbrowser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
932"C:\Users\admin\AppData\Local\Elements Browser\Application\elementsbrowser.exe" --type=renderer --field-trial-handle=1104,3140725591079946034,12851169797462606301,131072 --service-pipe-token=9569160EEBA0575801ABF8E1045F3BBE --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true,cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-checker-imaging --enable-compositor-image-animations --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9569160EEBA0575801ABF8E1045F3BBE --renderer-client-id=5 --mojo-platform-channel-handle=2004 /prefetch:1C:\Users\admin\AppData\Local\Elements Browser\Application\elementsbrowser.exeelementsbrowser.exe
User:
admin
Company:
The Elements Authors
Integrity Level:
LOW
Description:
Elements
Exit code:
0
Version:
64.25.3282.140
Modules
Images
c:\users\admin\appdata\local\elements browser\application\elementsbrowser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\elements browser\application\64.25.3282.140\elementsbrowser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1092"C:\Users\admin\AppData\Local\Elements Browser\Application\elementsbrowser.exe" --type=renderer --field-trial-handle=1104,3140725591079946034,12851169797462606301,131072 --service-pipe-token=3F46A5EB68B005FC55706312BC202079 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true,cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-checker-imaging --enable-compositor-image-animations --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3F46A5EB68B005FC55706312BC202079 --renderer-client-id=4 --mojo-platform-channel-handle=1928 /prefetch:1C:\Users\admin\AppData\Local\Elements Browser\Application\elementsbrowser.exeelementsbrowser.exe
User:
admin
Company:
The Elements Authors
Integrity Level:
LOW
Description:
Elements
Exit code:
0
Version:
64.25.3282.140
Modules
Images
c:\users\admin\appdata\local\elements browser\application\elementsbrowser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\elements browser\application\64.25.3282.140\elementsbrowser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1868"C:\Users\admin\AppData\Local\Elements Browser\Application\64.25.3282.140\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Elements Browser\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Elements --annotation=ver=64.25.3282.140 --initial-client-data=0xf8,0xfc,0x100,0xec,0x104,0xccdbb0,0xccdbc0,0xccdbccC:\Users\admin\AppData\Local\Elements Browser\Application\64.25.3282.140\Installer\setup.exesetup.exe
User:
admin
Company:
The Elements Authors
Integrity Level:
HIGH
Description:
Elements Installer
Exit code:
0
Version:
64.25.3282.140
2204"C:\Users\admin\AppData\Local\Elements Browser\Application\elementsbrowser.exe" --type=gpu-process --field-trial-handle=1104,3140725591079946034,12851169797462606301,131072 --gpu-preferences=GAAAAAAAAAAABwAAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --service-request-channel-token=57BFEA354751A35C0CCBE4E71B5B70B3 --mojo-platform-channel-handle=1112 --ignored=" --type=renderer " /prefetch:2C:\Users\admin\AppData\Local\Elements Browser\Application\elementsbrowser.exeelementsbrowser.exe
User:
admin
Company:
The Elements Authors
Integrity Level:
LOW
Description:
Elements
Exit code:
0
Version:
64.25.3282.140
Modules
Images
c:\users\admin\appdata\local\elements browser\application\elementsbrowser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\elements browser\application\64.25.3282.140\elementsbrowser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3104"C:\Users\admin\AppData\Local\Elements Browser\Application\elementsbrowser.exe" --type=utility --field-trial-handle=1104,3140725591079946034,12851169797462606301,131072 --lang=en-US --service-sandbox-type=utility --service-request-channel-token=47F1BD996ABBBDB9961B6B9656F34BA6 --mojo-platform-channel-handle=3140 --ignored=" --type=renderer " /prefetch:8C:\Users\admin\AppData\Local\Elements Browser\Application\elementsbrowser.exeelementsbrowser.exe
User:
admin
Company:
The Elements Authors
Integrity Level:
LOW
Description:
Elements
Exit code:
0
Version:
64.25.3282.140
Modules
Images
c:\users\admin\appdata\local\elements browser\application\elementsbrowser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\elements browser\application\64.25.3282.140\elementsbrowser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3148"C:\Users\admin\AppData\Local\Elements Browser\Application\Elements\mini_installer.exe" /make_default=true /import_data=true /desktop_shortcut=true /quicklaunch_shortcut=true /taskbar_shortcut=true /promo_shortcuts=true /installer_version=1.1.19 /instver=1.1.19C:\Users\admin\AppData\Local\Elements Browser\Application\Elements\mini_installer.exe
ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exe
User:
admin
Company:
The Elements Authors
Integrity Level:
MEDIUM
Description:
Elements Installer
Exit code:
0
Version:
64.25.3282.140
Modules
Images
c:\users\admin\appdata\local\elements browser\application\elements\mini_installer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
Total events
1 580
Read events
915
Write events
665
Delete events
0

Modification events

(PID) Process:(3864) ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exeKey:HKEY_CURRENT_USER\Software\Elements Browser
Operation:writeName:client_id
Value:
78fe1b28-1a97-4144-b75b-9bbcab8fb921
(PID) Process:(3864) ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exeKey:HKEY_CURRENT_USER\Software\Elements Browser
Operation:writeName:installer_version
Value:
1.1.19
(PID) Process:(3864) ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exeKey:HKEY_CURRENT_USER\Software\Elements Browser
Operation:writeName:installer_id
Value:
30addcf9-bee9-40ea-94ca-bfaa399a4b5a
(PID) Process:(3864) ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exeKey:HKEY_CURRENT_USER\Software\Elements Browser
Operation:writeName:silent_install
Value:
0
(PID) Process:(3864) ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(3864) ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(3864) ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a_RASAPI32
Operation:writeName:FileTracingMask
Value:
4294901760
(PID) Process:(3864) ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
4294901760
(PID) Process:(3864) ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(3864) ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
Executable files
8
Suspicious files
13
Text files
97
Unknown types
16

Dropped files

PID
Process
Filename
Type
3864ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\v2[1]
MD5:
SHA256:
3864ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@e-tab[1].txt
MD5:
SHA256:
3864ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\installattempt[1]
MD5:
SHA256:
3864ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\elements[1].bin
MD5:
SHA256:
3864ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exeC:\Users\admin\AppData\Local\Temp\ele55B.tmp
MD5:
SHA256:
3864ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exeC:\Users\admin\AppData\Local\Elements Browser\Application\Elements\mini_installer.exe
MD5:
SHA256:
3148mini_installer.exeC:\Users\admin\AppData\Local\Temp\CR_6FEB1.tmp\ELEMENTSBROWSER.PACKED.7Z
MD5:
SHA256:
3148mini_installer.exeC:\Users\admin\AppData\Local\Temp\CR_6FEB1.tmp\SETUP.EX_
MD5:
SHA256:
316setup.exeC:\Users\admin\AppData\Local\Elements Browser\Temp\source316_25797\elementsbrowser.7z
MD5:
SHA256:
316setup.exeC:\Users\admin\AppData\Local\Elements Browser\Temp\source316_25797\27052388-ea9c-4a38-990a-9521f916e815.tmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
45
TCP/UDP connections
18
DNS requests
5
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
552
elementsbrowser.exe
GET
200
88.208.7.6:80
http://api.elementsbrowser.com/files/newtab/icons/vk-7c0a890a07a509e97180d47a46b16c10.ico
NL
image
60.4 Kb
malicious
3864
ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exe
POST
200
88.208.7.88:80
http://e-tab.ru/activity/newtab/installattempt
NL
text
287 b
malicious
552
elementsbrowser.exe
GET
200
88.208.7.6:80
http://api.elementsbrowser.com/proxyconfig/get?
NL
text
55 b
malicious
552
elementsbrowser.exe
GET
200
88.208.7.6:80
http://api.elementsbrowser.com/files/newtab/icons/ok-29d38b5a94400dd54be85deed1cd06d4.ico
NL
image
63.3 Kb
malicious
552
elementsbrowser.exe
GET
200
88.208.7.6:80
http://api.elementsbrowser.com/files/newtab/icons/star-conflict-icon.ico
NL
image
264 Kb
malicious
552
elementsbrowser.exe
GET
200
88.208.7.6:80
http://api.elementsbrowser.com/files/newtab/icons/warface-a20a4302c655f54ffadc4f958e69cd83.ico
NL
image
143 Kb
malicious
552
elementsbrowser.exe
GET
200
88.208.7.6:80
http://api.elementsbrowser.com/files/newtab/themes/thumb_kelly-sikkema-313553-unsplash_1555675180.jpg
NL
image
8.45 Kb
malicious
552
elementsbrowser.exe
GET
200
88.208.7.6:80
http://api.elementsbrowser.com/files/newtab/themes/thumb_alesia-kazantceva-254885-unsplash_1555675111.jpg
NL
image
9.19 Kb
malicious
552
elementsbrowser.exe
GET
200
88.208.7.6:80
http://api.elementsbrowser.com/files/newtab/icons/wows-2c6e2008acdd52d7786d4b29ec0f36ab.ico
NL
image
201 Kb
malicious
552
elementsbrowser.exe
GET
200
88.208.7.6:80
http://api.elementsbrowser.com/files/newtab/themes/thumb_photo-1440227537815-f4476b789291-558d1afd1df1d6961f6736d1aa45ffd7.jpg
NL
image
5.07 Kb
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3864
ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exe
88.208.7.7:443
api.elementsbrowser.me
DataWeb Global Group B.V.
NL
malicious
316
setup.exe
88.208.7.7:443
api.elementsbrowser.me
DataWeb Global Group B.V.
NL
malicious
552
elementsbrowser.exe
88.208.7.6:443
api.elementsbrowser.com
DataWeb Global Group B.V.
NL
malicious
552
elementsbrowser.exe
88.208.7.6:80
api.elementsbrowser.com
DataWeb Global Group B.V.
NL
malicious
552
elementsbrowser.exe
104.18.48.180:443
cost.rip
Cloudflare Inc
US
shared
3864
ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exe
88.208.7.88:80
e-tab.ru
DataWeb Global Group B.V.
NL
malicious

DNS requests

Domain
IP
Reputation
api.elementsbrowser.me
  • 88.208.7.7
malicious
e-tab.ru
  • 88.208.7.88
malicious
api.elementsbrowser.com
  • 88.208.7.6
malicious
cost.rip
  • 104.18.48.180
  • 104.18.49.180
suspicious
reg.cost.rip
  • 104.18.49.180
  • 104.18.48.180
suspicious

Threats

PID
Process
Class
Message
3864
ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exe
A Network Trojan was detected
ET USER_AGENTS PUA Related User-Agent (WINTERNET)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ElementsBrowserSetup 30addcf9bee940ea94cabfaa399a4b5a.exe