| File name: | ChromeSetup (1) (3).exe |
| Full analysis: | https://app.any.run/tasks/71c02298-46e9-48c2-a8ae-d26a7a4620a5 |
| Verdict: | Malicious activity |
| Threats: | Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns. |
| Analysis date: | April 07, 2026, 18:10:16 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 9 sections |
| MD5: | 9A996DC823EFD4A45B89937A10AE8EEA |
| SHA1: | 973F3A15D41F2E0FE8F0E64D31920F0F4FB53328 |
| SHA256: | B633516A7250A18F7C0A1B1E0B3773E3A4B443424656A0433D7CD408AA2BF48F |
| SSDEEP: | 98304:qfc93QQbqNR9XU49w0uMIjvM7e9WC4OtfGVt/K68xBNzDbeu8t3wXQlNERIMnpFe:bKWu |
MALICIOUS
Changes the autorun value in the registry
- platform_experience_helper.exe (PID: 6092)
Steals credentials from Web Browsers
- platform_experience_helper.exe (PID: 6092)
SUSPICIOUS
Application launched itself
- ChromeSetup (1) (3).exe (PID: 1904)
- updater.exe (PID: 7724)
- setup.exe (PID: 3112)
- setup.exe (PID: 1268)
Executable content was dropped or overwritten
- ChromeSetup (1) (3).exe (PID: 2396)
- updater.exe (PID: 7724)
- updater.exe (PID: 7348)
- 147.0.7727.56_chrome_installer_uncompressed.exe (PID: 6576)
- setup.exe (PID: 1268)
- platform_experience_helper.exe (PID: 6092)
- updater.exe (PID: 6628)
Searches for installed software
- setup.exe (PID: 1268)
Possible stealing from browsers
- os_update_handler.exe (PID: 6384)
INFO
Reads the computer name
- ChromeSetup (1) (3).exe (PID: 1904)
- ChromeSetup (1) (3).exe (PID: 2396)
- updater.exe (PID: 7724)
- 147.0.7727.56_chrome_installer_uncompressed.exe (PID: 6576)
- setup.exe (PID: 3112)
- setup.exe (PID: 1268)
- os_update_handler.exe (PID: 6384)
- elevation_service.exe (PID: 2532)
- platform_experience_helper.exe (PID: 6092)
Checks supported languages
- ChromeSetup (1) (3).exe (PID: 1904)
- ChromeSetup (1) (3).exe (PID: 2396)
- updater.exe (PID: 7876)
- updater.exe (PID: 7724)
- 147.0.7727.56_chrome_installer_uncompressed.exe (PID: 6576)
- setup.exe (PID: 1268)
- setup.exe (PID: 5220)
- setup.exe (PID: 3112)
- setup.exe (PID: 1724)
- elevation_service.exe (PID: 2532)
- os_update_handler.exe (PID: 6384)
- platform_experience_helper.exe (PID: 6092)
The sample compiled with english language support
- ChromeSetup (1) (3).exe (PID: 1904)
- ChromeSetup (1) (3).exe (PID: 2396)
- updater.exe (PID: 7348)
- updater.exe (PID: 7724)
- 147.0.7727.56_chrome_installer_uncompressed.exe (PID: 6576)
- setup.exe (PID: 1268)
- updater.exe (PID: 6628)
- platform_experience_helper.exe (PID: 6092)
Reads security settings of Internet Explorer
- ChromeSetup (1) (3).exe (PID: 1904)
- updater.exe (PID: 7724)
Process checks computer location settings
- ChromeSetup (1) (3).exe (PID: 1904)
Create files in a temporary directory
- ChromeSetup (1) (3).exe (PID: 2396)
- updater.exe (PID: 7724)
Process checks whether UAC notifications are on
- updater.exe (PID: 7724)
Creates files or folders in the user directory
- updater.exe (PID: 7724)
Creates a software uninstall entry
- setup.exe (PID: 1268)
Reads the machine GUID from the registry
- updater.exe (PID: 7724)
Application launched itself
- chrome.exe (PID: 8044)
Manual execution by a user
- chrome.exe (PID: 8044)
Executes as Windows Service
- elevation_service.exe (PID: 2532)
Launching a file from a Registry key
- platform_experience_helper.exe (PID: 6092)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Generic Win/DOS Executable (50) |
|---|---|---|
| .exe | | | DOS Executable Generic (49.9) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2026:03:12 03:02:57+00:00 |
| ImageFileCharacteristics: | Executable, Large address aware, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 14 |
| CodeSize: | 3717120 |
| InitializedDataSize: | 7749120 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x217e40 |
| OSVersion: | 10 |
| ImageVersion: | - |
| SubsystemVersion: | 10 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 148.0.7730.0 |
| ProductVersionNumber: | 148.0.7730.0 |
| FileFlagsMask: | 0x0017 |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | English (U.S.) |
| CharacterSet: | Unicode |
| CompanyName: | Google LLC |
| FileDescription: | Google Installer (x86) |
| FileVersion: | 148.0.7730.0 |
| InternalName: | Google Installer (x86) |
| LegalCopyright: | Copyright 2026 Google LLC. All rights reserved. |
| OriginalFileName: | UpdaterSetup.exe |
| ProductName: | Google Installer (x86) |
| ProductVersion: | 148.0.7730.0 |
| CompanyShortName: | |
| ProductShortName: | GoogleUpdater |
| LastChange: | 7e38df31c02dfcf89afe77c0c3bcc5d360516d78-refs/branch-heads/7730@{#1} |
| OfficialBuild: | 1 |
Total processes
170
Monitored processes
33
Malicious processes
1
Suspicious processes
1
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 680 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-pre-read-main-dll --force-high-res-timeticks=disabled --gpu-preferences=SAAAAAAAAADgAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --metrics-shmem-handle=1764,i,5308616924334396889,9459089645443443063,262144 --field-trial-handle=1920,i,5542333626502550736,17864952662060641103,262144 --variations-seed-version --pseudonymization-salt-handle=1932,i,5238843491035376223,15610975437107027070,4 --trace-process-track-uuid=3190708988185955192 --mojo-platform-channel-handle=1916 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 147.0.7727.56 Modules
| |||||||||||||||
| 1116 | "C:\Program Files (x86)\Google\GoogleUpdater\148.0.7730.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\148.0.7730.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=148.0.7730.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater_history.jsonl" --initial-client-data=0x2a0,0x2a4,0x2a8,0x29c,0x2ac,0x11cc4ac,0x11cc4b8,0x11cc4c4 | C:\Program Files (x86)\Google\GoogleUpdater\148.0.7730.0\updater.exe | — | updater.exe | |||||||||||
User: SYSTEM Company: Google LLC Integrity Level: SYSTEM Description: Google Updater (x86) Exit code: 0 Version: 148.0.7730.0 Modules
| |||||||||||||||
| 1140 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --force-high-res-timeticks=disabled --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=8 --metrics-shmem-handle=3932,i,16174281347608137387,10118066010879422580,2097152 --field-trial-handle=1920,i,5542333626502550736,17864952662060641103,262144 --variations-seed-version --pseudonymization-salt-handle=1932,i,5238843491035376223,15610975437107027070,4 --trace-process-track-uuid=3190708993808206286 --mojo-platform-channel-handle=3948 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 147.0.7727.56 Modules
| |||||||||||||||
| 1268 | "C:\WINDOWS\SystemTemp\GoogleUpdater_chrome_Unpacker_BeginUnzipping6628_2002377656\CR_5F039.tmp\setup.exe" --uncompressed-archive="C:\WINDOWS\SystemTemp\GoogleUpdater_chrome_Unpacker_BeginUnzipping6628_2002377656\CR_5F039.tmp\CHROME.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Windows\SystemTemp\GoogleUpdater_chrome_Unpacker_BeginUnzipping6628_2002377656\05727313-b802-4efc-85d3-950ce6e04b9c.tmp" | C:\Windows\SystemTemp\GoogleUpdater_chrome_Unpacker_BeginUnzipping6628_2002377656\CR_5F039.tmp\setup.exe | 147.0.7727.56_chrome_installer_uncompressed.exe | ||||||||||||
User: SYSTEM Company: Google LLC Integrity Level: SYSTEM Description: Google Chrome Installer Exit code: 0 Version: 147.0.7727.56 Modules
| |||||||||||||||
| 1724 | C:\WINDOWS\SystemTemp\GoogleUpdater_chrome_Unpacker_BeginUnzipping6628_2002377656\CR_5F039.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\WINDOWS\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=147.0.7727.56 --attachment=C:\WINDOWS\SystemTemp\chrome_installer.log --initial-client-data=0x290,0x294,0x298,0x26c,0x29c,0x7ff63f20a840,0x7ff63f20a84c,0x7ff63f20a858 | C:\Windows\SystemTemp\GoogleUpdater_chrome_Unpacker_BeginUnzipping6628_2002377656\CR_5F039.tmp\setup.exe | — | setup.exe | |||||||||||
User: SYSTEM Company: Google LLC Integrity Level: SYSTEM Description: Google Chrome Installer Exit code: 0 Version: 147.0.7727.56 Modules
| |||||||||||||||
| 1904 | "C:\Users\admin\AppData\Local\Temp\ChromeSetup (1) (3).exe" | C:\Users\admin\AppData\Local\Temp\ChromeSetup (1) (3).exe | — | explorer.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Installer (x86) Exit code: 0 Version: 148.0.7730.0 Modules
| |||||||||||||||
| 2156 | "C:\Program Files (x86)\Google\GoogleUpdater\148.0.7730.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\148.0.7730.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=148.0.7730.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater_history.jsonl" --initial-client-data=0x2a4,0x2a8,0x2ac,0x2a0,0x2b0,0x11cc4ac,0x11cc4b8,0x11cc4c4 | C:\Program Files (x86)\Google\GoogleUpdater\148.0.7730.0\updater.exe | — | updater.exe | |||||||||||
User: SYSTEM Company: Google LLC Integrity Level: SYSTEM Description: Google Updater (x86) Version: 148.0.7730.0 Modules
| |||||||||||||||
| 2396 | "C:\Users\admin\AppData\Local\Temp\ChromeSetup (1) (3).exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={172BADC7-5212-6A85-6933-2A6B124A120C}&lang=en&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=-arch_x64-statsdef_1&installdataindex=empty&brand=GGRF --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/enterprise_companion/*=2,*/chrome/updater/*=2 --expect-elevated | C:\Users\admin\AppData\Local\Temp\ChromeSetup (1) (3).exe | ChromeSetup (1) (3).exe | ||||||||||||
User: admin Company: Google LLC Integrity Level: HIGH Description: Google Installer (x86) Exit code: 0 Version: 148.0.7730.0 Modules
| |||||||||||||||
| 2532 | "C:\Program Files\Google\Chrome\Application\147.0.7727.56\elevation_service.exe" | C:\Program Files\Google\Chrome\Application\147.0.7727.56\elevation_service.exe | — | services.exe | |||||||||||
User: SYSTEM Company: Google LLC Integrity Level: SYSTEM Description: Google Chrome Exit code: 0 Version: 147.0.7727.56 Modules
| |||||||||||||||
| 2876 | "C:\Program Files (x86)\Google\GoogleUpdater\148.0.7730.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\148.0.7730.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=148.0.7730.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater_history.jsonl" --initial-client-data=0x2a0,0x2a4,0x2a8,0x29c,0x2ac,0x11cc4ac,0x11cc4b8,0x11cc4c4 | C:\Program Files (x86)\Google\GoogleUpdater\148.0.7730.0\updater.exe | — | updater.exe | |||||||||||
User: SYSTEM Company: Google LLC Integrity Level: SYSTEM Description: Google Updater (x86) Exit code: 0 Version: 148.0.7730.0 Modules
| |||||||||||||||
Total events
2 928
Read events
2 753
Write events
162
Delete events
13
Modification events
| (PID) Process: | (7724) updater.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\Clients\{44fc7fe2-65ce-487c-93f4-edee46eeaaab} |
| Operation: | write | Name: | pv |
Value: 148.0.7730.0 | |||
| (PID) Process: | (7724) updater.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\Clients\{44fc7fe2-65ce-487c-93f4-edee46eeaaab} |
| Operation: | write | Name: | name |
Value: GoogleUpdater | |||
| (PID) Process: | (7724) updater.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{44fc7fe2-65ce-487c-93f4-edee46eeaaab} |
| Operation: | write | Name: | pv |
Value: 148.0.7730.0 | |||
| (PID) Process: | (7724) updater.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{44fc7fe2-65ce-487c-93f4-edee46eeaaab} |
| Operation: | write | Name: | name |
Value: GoogleUpdater | |||
| (PID) Process: | (7348) updater.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4622B28-A747-44C7-96AF-319BE5C3B261}\TypeLib |
| Operation: | write | Name: | Version |
Value: 1.0 | |||
| (PID) Process: | (7348) updater.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4622B28-A747-44C7-96AF-319BE5C3B261}\TypeLib |
| Operation: | write | Name: | Version |
Value: 1.0 | |||
| (PID) Process: | (7348) updater.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\TypeLib |
| Operation: | write | Name: | Version |
Value: 1.0 | |||
| (PID) Process: | (7348) updater.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\TypeLib |
| Operation: | write | Name: | Version |
Value: 1.0 | |||
| (PID) Process: | (7348) updater.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\TypeLib |
| Operation: | write | Name: | Version |
Value: 1.0 | |||
| (PID) Process: | (7348) updater.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\TypeLib |
| Operation: | write | Name: | Version |
Value: 1.0 | |||
Executable files
31
Suspicious files
267
Text files
86
Unknown types
1
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2396 | ChromeSetup (1) (3).exe | C:\Users\admin\AppData\Local\Temp\Google2396_913687853\UPDATER.PACKED.7Z | — | |
MD5:— | SHA256:— | |||
| 2396 | ChromeSetup (1) (3).exe | C:\Users\admin\AppData\Local\Temp\Google2396_2144801790\updater.7z | — | |
MD5:— | SHA256:— | |||
| 7876 | updater.exe | C:\Program Files (x86)\Google\GoogleUpdater\updater_history.jsonl | text | |
MD5:4B1272B4767E0AE5E232337C49725B3D | SHA256:72F1BEC9C410F9CF717AB580FD194550295256B92F33EC59D5A8438263CAA192 | |||
| 2396 | ChromeSetup (1) (3).exe | C:\Users\admin\AppData\Local\Temp\Google2396_2144801790\bin\uninstall.cmd | text | |
MD5:96D8312A0955F7169EC966EB46D93423 | SHA256:A38E49C0E87A9DD81682346392D45C965783C25D5EC6AAA373CB9799C2A602E2 | |||
| 7724 | updater.exe | C:\Program Files (x86)\Google\GoogleUpdater\148.0.7730.0\Crashpad\settings.dat | binary | |
MD5:311F70C354709A3E06665FDC92C303F8 | SHA256:4105C216F6726DBB761642D5F1CEA981DEB3EF22C3C95D1BBAFA99C9B8EDFFC8 | |||
| 7348 | updater.exe | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | executable | |
MD5:96306010391D755EC750E9259633854C | SHA256:7DAFA7239F9D6256B1FD27F20B4791A4D00CE862B01921EEF6E46667ECAEEFBF | |||
| 7724 | updater.exe | C:\Program Files (x86)\Google\GoogleUpdater\2dd3da77-0818-4f1b-9524-1509f482c912.tmp | text | |
MD5:DB073BDA329DC0EFA54AB43CDE8B5D23 | SHA256:888AFE299CFBE864743C1003FCCDA435545828FF694D35459AF7DA5E1A39CD50 | |||
| 7348 | updater.exe | C:\Windows\SystemTemp\Google7348_1903503155\7348_1259025838\GoogleUpdate.exe | executable | |
MD5:FC6BEC2FD20110CF75394784819949D6 | SHA256:323C097DEFB278F09A20AACA7B05AEA20A1C859414CCA9CAEA263FA5A627A1AE | |||
| 7348 | updater.exe | C:\Program Files (x86)\Google\GoogleUpdater\prefs.json~RFe0df6.TMP | text | |
MD5:DB073BDA329DC0EFA54AB43CDE8B5D23 | SHA256:888AFE299CFBE864743C1003FCCDA435545828FF694D35459AF7DA5E1A39CD50 | |||
| 7348 | updater.exe | C:\Program Files (x86)\Google\GoogleUpdater\296293dc-55ac-4abf-9071-eec55fd925ab.tmp | text | |
MD5:321A0068136C62DF1BD74CA575693511 | SHA256:47F77BBBA69FA8C6D5893F506053234A037A848F0951CA61BFC2C771E74492CA | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
61
TCP/UDP connections
49
DNS requests
47
Threats
1
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
5276 | MoUsoCoreWorker.exe | GET | 304 | 51.104.136.2:443 | https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop | US | — | — | whitelisted |
— | — | GET | 200 | 23.11.41.157:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D | NL | binary | 312 b | whitelisted |
— | — | GET | 200 | 204.79.197.203:80 | http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ3L3%2F%2Fa6ADK8NraY2GXzVaYrHG4AQUb6t%2B2v%2BXQ3LsO2d33oJhNYhHQoUCEzMAAAAGb6JMMcOVb6sAAAAAAAY%3D | US | binary | 959 b | whitelisted |
7724 | updater.exe | GET | 200 | 192.178.183.94:80 | http://c.pki.goog/r/gsr1.crl | US | binary | 1.70 Kb | whitelisted |
7724 | updater.exe | GET | 200 | 142.251.127.94:80 | http://o.pki.goog/we2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTuMJxAT2trYla0jia%2F5EUSmLrk3QQUdb7Ed66J9kQ3fc%2BxaB8dGuvcNFkCEFejfme9J0yACbDvNYhiWz0%3D | US | binary | 279 b | whitelisted |
6628 | updater.exe | GET | — | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/diffgen-puffin/%7B8a69d345-d564-463c-aff1-a69d9e530f96%7D/9b038d6aaa6d7f08320ea4fbc506781ba6d36e139771d0c4620f777fbcbe7b3f | US | — | — | whitelisted |
5276 | MoUsoCoreWorker.exe | GET | 304 | 51.104.136.2:443 | https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3094&FlightIds=&UpdateOfferedDays=4294967295&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&sku=48&ActivationChannel=Retail&AttrDataVer=186&IsMDMEnrolled=0&ProcessorCores=6&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&TotalPhysicalRAM=6144&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&UpdateServiceUrl=http%3A%2F%2Fneverupdatewindows10.com&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30 | US | — | — | whitelisted |
6628 | updater.exe | POST | 200 | 192.178.183.94:443 | https://update.googleapis.com/service/update2/json?cup2key=16:rKnp6h7hf6GXs1LTA6s0YjsppI_00EEkToeIO5PbgKc&cup2hreq=c2e613e177508e73e3230826fab1ebdecc7972e4dacd76e1d033193bca32b6df | US | text | 378 Kb | whitelisted |
7724 | updater.exe | GET | 200 | 142.251.36.110:443 | https://dl.google.com/update2/installers/icons/%7B8a69d345-d564-463c-aff1-a69d9e530f96%7D.bmp?lang=en-US | US | image | 6.52 Kb | whitelisted |
1140 | SIHClient.exe | GET | 304 | 74.179.77.204:443 | https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL | US | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | Not routed | — | whitelisted |
4212 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
5276 | MoUsoCoreWorker.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
— | — | 48.192.1.64:443 | activation-v2.sls.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
— | — | 2.16.241.205:443 | www.bing.com | AKAMAI-ASN1 | NL | whitelisted |
— | — | 23.11.41.157:80 | ocsp.digicert.com | AKAMAI-AMS | NL | whitelisted |
— | — | 204.79.197.203:80 | oneocsp.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
4 | System | 192.168.100.255:138 | — | Not routed | — | whitelisted |
6628 | updater.exe | 192.178.183.94:443 | update.googleapis.com | GOOGLE | US | whitelisted |
7724 | updater.exe | 142.251.36.110:443 | dl.google.com | GOOGLE | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
activation-v2.sls.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
oneocsp.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
update.googleapis.com |
| whitelisted |
dl.google.com |
| whitelisted |
c.pki.goog |
| whitelisted |
o.pki.goog |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
4212 | svchost.exe | Unknown Traffic | ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW) |