URL:

https://download.winzipdriverupdater.com/wzdu/wzdu53.exe

Full analysis: https://app.any.run/tasks/6af960dd-4449-4924-82a6-a003bb00ddd7
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: February 19, 2020, 06:00:18
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

BF473CF071815FC11E756832BDAB3D59

SHA1:

A36DC92359BC32D74BF0016AB5506177D966589B

SHA256:

BD5C1FD231394B0F1D8ED7B88CFA5E0D6F8A705B8F73906CE4104B93603B9CF8

SSDEEP:

3:N8SElDUaT8mqBQQQCn:2SKDnADmQ9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • wzdu53.exe (PID: 2580)
      • wzdu53.exe (PID: 3420)
      • 4f29b389-bb2f-4baa-b8fc-668ee91a0560.exe (PID: 2112)
      • ga_utility.exe (PID: 1116)
      • WinZipSmartMonitorSetup.exe (PID: 3492)
      • WinZip Smart Monitor Service.exe (PID: 2616)
      • WinZip Smart Monitor Service.exe (PID: 2856)
      • Settings.exe (PID: 376)
      • DriverUpdater.exe (PID: 308)
      • DriverUpdater.exe (PID: 3044)
      • ga_utility.exe (PID: 376)
      • DriverUpdater.exe (PID: 1944)
      • DriverUpdater.exe (PID: 676)
      • DriverUpdater.exe (PID: 3464)
      • DriverUpdater.exe (PID: 2412)
      • Settings.exe (PID: 2520)
      • Uninstall.exe (PID: 2908)
      • Upd49FF.tmp (PID: 1456)
      • WinZip Smart Monitor Service.exe (PID: 1460)
      • Settings.exe (PID: 664)
      • WinZipSmartMonitor.exe (PID: 2000)
      • WinZipSmartMonitor.exe (PID: 3620)
      • WinZip Smart Monitor Service.exe (PID: 2192)
      • WinZip Smart Monitor Service.exe (PID: 2816)
      • Settings.exe (PID: 2948)
      • Settings.exe (PID: 2492)
      • WinZipSmartMonitor.exe (PID: 1860)
      • 7za.exe (PID: 1712)
      • 7za.exe (PID: 3488)

    • Loads dropped or rewritten executable

      • 4f29b389-bb2f-4baa-b8fc-668ee91a0560.exe (PID: 2112)
      • WinZipSmartMonitorSetup.exe (PID: 3492)
      • Upd49FF.tmp (PID: 1456)
      • Uninstall.exe (PID: 2908)
      • DrvInst.exe (PID: 2472)
      • DriverUpdater.exe (PID: 676)

    • Changes settings of System certificates

      • Settings.exe (PID: 376)
      • DriverUpdater.exe (PID: 676)
      • ga_utility.exe (PID: 1116)

    • Loads the Task Scheduler DLL interface

      • DriverUpdater.exe (PID: 308)
      • DriverUpdater.exe (PID: 676)

    • Loads the Task Scheduler COM API

      • DriverUpdater.exe (PID: 308)
      • DriverUpdater.exe (PID: 676)

    • Downloads executable files from the Internet

      • WinZip Smart Monitor Service.exe (PID: 2856)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 628)
      • wzdu53.exe (PID: 3420)
      • chrome.exe (PID: 2752)
      • 4f29b389-bb2f-4baa-b8fc-668ee91a0560.exe (PID: 2112)
      • WinZipSmartMonitorSetup.exe (PID: 3492)
      • DriverUpdater.exe (PID: 308)
      • Upd49FF.tmp (PID: 1456)
      • WinZip Smart Monitor Service.exe (PID: 2856)
      • Uninstall.exe (PID: 2908)
      • 7za.exe (PID: 1712)
      • DrvInst.exe (PID: 2484)
      • DriverUpdater.exe (PID: 676)
      • DrvInst.exe (PID: 2472)

    • Reads Internet Cache Settings

      • ga_utility.exe (PID: 1116)
      • DriverUpdater.exe (PID: 308)
      • ga_utility.exe (PID: 376)
      • DriverUpdater.exe (PID: 676)
      • WinZipSmartMonitor.exe (PID: 1860)

    • Creates files in the program directory

      • WinZipSmartMonitorSetup.exe (PID: 3492)
      • DriverUpdater.exe (PID: 308)
      • 4f29b389-bb2f-4baa-b8fc-668ee91a0560.exe (PID: 2112)
      • DriverUpdater.exe (PID: 3044)
      • DriverUpdater.exe (PID: 676)
      • Settings.exe (PID: 2520)
      • Upd49FF.tmp (PID: 1456)
      • WinZipSmartMonitor.exe (PID: 2000)
      • 7za.exe (PID: 1712)
      • 7za.exe (PID: 3488)

    • Executed as Windows Service

      • WinZip Smart Monitor Service.exe (PID: 2856)
      • WinZip Smart Monitor Service.exe (PID: 2816)
      • vssvc.exe (PID: 3940)

    • Removes files from Windows directory

      • WinZip Smart Monitor Service.exe (PID: 2856)
      • WinZip Smart Monitor Service.exe (PID: 2816)
      • DrvInst.exe (PID: 2484)
      • DrvInst.exe (PID: 2472)

    • Adds / modifies Windows certificates

      • Settings.exe (PID: 376)
      • DriverUpdater.exe (PID: 676)
      • ga_utility.exe (PID: 1116)

    • Starts SC.EXE for service management

      • WinZipSmartMonitorSetup.exe (PID: 3492)
      • Uninstall.exe (PID: 2908)

    • Creates files in the Windows directory

      • WinZip Smart Monitor Service.exe (PID: 2856)
      • WinZip Smart Monitor Service.exe (PID: 2816)
      • DrvInst.exe (PID: 2472)
      • DrvInst.exe (PID: 2484)

    • Creates a software uninstall entry

      • 4f29b389-bb2f-4baa-b8fc-668ee91a0560.exe (PID: 2112)
      • DriverUpdater.exe (PID: 1944)

    • Executed via COM

      • Settings.exe (PID: 2520)
      • Settings.exe (PID: 2492)
      • DllHost.exe (PID: 2820)
      • DrvInst.exe (PID: 2484)
      • DrvInst.exe (PID: 2472)
      • rundll32.exe (PID: 3916)

    • Starts Internet Explorer

      • DriverUpdater.exe (PID: 3464)

    • Starts application with an unusual extension

      • WinZip Smart Monitor Service.exe (PID: 2856)

    • Reads internet explorer settings

      • DriverUpdater.exe (PID: 676)

    • Creates files in the user directory

      • DriverUpdater.exe (PID: 676)

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 628)

    • Searches for installed software

      • DriverUpdater.exe (PID: 676)

    • Creates files in the driver directory

      • DrvInst.exe (PID: 2472)
      • DrvInst.exe (PID: 2484)

    • Creates or modifies windows services

      • DrvInst.exe (PID: 2472)

  • INFO

    • Reads the hosts file

      • chrome.exe (PID: 628)
      • chrome.exe (PID: 2752)

    • Application launched itself

      • chrome.exe (PID: 628)
      • iexplore.exe (PID: 3372)

    • Reads Internet Cache Settings

      • chrome.exe (PID: 628)
      • iexplore.exe (PID: 3372)
      • iexplore.exe (PID: 3720)

    • Reads settings of System Certificates

      • ga_utility.exe (PID: 1116)
      • chrome.exe (PID: 2752)
      • WinZip Smart Monitor Service.exe (PID: 2856)
      • DriverUpdater.exe (PID: 676)
      • iexplore.exe (PID: 3372)
      • iexplore.exe (PID: 3720)

    • Changes internet zones settings

      • iexplore.exe (PID: 3372)

    • Creates files in the user directory

      • iexplore.exe (PID: 3720)
      • iexplore.exe (PID: 3372)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3720)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3720)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3720)

    • Low-level read access rights to disk partition

      • vssvc.exe (PID: 3940)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
112
Monitored processes
64
Malicious processes
13
Suspicious processes
8

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs wzdu53.exe no specs wzdu53.exe 4f29b389-bb2f-4baa-b8fc-668ee91a0560.exe chrome.exe no specs ga_utility.exe winzipsmartmonitorsetup.exe settings.exe no specs winzip smart monitor service.exe no specs sc.exe no specs winzip smart monitor service.exe driverupdater.exe chrome.exe no specs driverupdater.exe no specs ga_utility.exe driverupdater.exe no specs driverupdater.exe driverupdater.exe no specs driverupdater.exe no specs iexplore.exe settings.exe no specs iexplore.exe chrome.exe no specs upd49ff.tmp uninstall.exe sc.exe no specs winzip smart monitor service.exe no specs settings.exe no specs winzipsmartmonitor.exe no specs settings.exe no specs winzip smart monitor service.exe no specs winzipsmartmonitor.exe no specs settings.exe no specs winzip smart monitor service.exe winzipsmartmonitor.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs SPPSurrogate no specs vssvc.exe no specs 7za.exe 7za.exe no specs drvinst.exe drvinst.exe rundll32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
308"C:\Program Files\WinZip Driver Updater\DriverUpdater.exe" install lang=English -guid "373CC16B-025A-4C46-8DD9-C7720CBF973D"C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
4f29b389-bb2f-4baa-b8fc-668ee91a0560.exe
User:
admin
Company:
Corel Corporation
Integrity Level:
HIGH
Description:
WinZip Driver Updater
Exit code:
0
Version:
5,32,0,20
Modules
Images
c:\program files\winzip driver updater\driverupdater.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\newdev.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
376"C:\Program Files\WinZip Smart Monitor\Settings.exe" /RegServerC:\Program Files\WinZip Smart Monitor\Settings.exeWinZipSmartMonitorSetup.exe
User:
admin
Company:
Corel Corporation
Integrity Level:
HIGH
Description:
Settings
Exit code:
0
Version:
2,10,0,10
Modules
Images
c:\program files\winzip smart monitor\settings.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
376"C:\Users\admin\AppData\Local\Temp\nsx998B.tmp\ga_utility.exe" -install_success -guid "373CC16B-025A-4C46-8DD9-C7720CBF973D" -language "en" -app_version "5.32.0.20" -product_code "DU" -app_name "WinZip Driver Updater" -track_id "UA-66457935-11"C:\Users\admin\AppData\Local\Temp\nsx998B.tmp\ga_utility.exe
4f29b389-bb2f-4baa-b8fc-668ee91a0560.exe
User:
admin
Integrity Level:
HIGH
Description:
ga_utility
Exit code:
0
Version:
1,0,0,6
Modules
Images
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\advapi32.dll
580"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1024,8207175108809653409,16631101827843906530,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=3381374378070313338 --mojo-platform-channel-handle=4268 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
628"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://download.winzipdriverupdater.com/wzdu/wzdu53.exe"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
664"C:\Program Files\WinZip Smart Monitor\Settings.exe" /UnregServerC:\Program Files\WinZip Smart Monitor\Settings.exeUninstall.exe
User:
admin
Company:
Corel Corporation
Integrity Level:
HIGH
Description:
Settings
Exit code:
0
Version:
2,10,0,10
Modules
Images
c:\program files\winzip smart monitor\settings.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
664"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1024,8207175108809653409,16631101827843906530,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=10830869626586876773 --mojo-platform-channel-handle=4288 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\advapi32.dll
676"C:\Program Files\WinZip Driver Updater\DriverUpdater.exe" -no_update -scan -first_start_after_install -guid "373CC16B-025A-4C46-8DD9-C7720CBF973D" C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
4f29b389-bb2f-4baa-b8fc-668ee91a0560.exe
User:
admin
Company:
Corel Corporation
Integrity Level:
HIGH
Description:
WinZip Driver Updater
Exit code:
0
Version:
5,32,0,20
Modules
Images
c:\program files\winzip driver updater\driverupdater.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\newdev.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
1116"C:\Users\admin\AppData\Local\Temp\nsx998B.tmp\ga_utility.exe" -install_start -guid "373CC16B-025A-4C46-8DD9-C7720CBF973D" -language "en" -app_version "5.32.0.20" -product_code "DU" -app_name "WinZip Driver Updater" -track_id "UA-66457935-11"C:\Users\admin\AppData\Local\Temp\nsx998B.tmp\ga_utility.exe
4f29b389-bb2f-4baa-b8fc-668ee91a0560.exe
User:
admin
Integrity Level:
HIGH
Description:
ga_utility
Exit code:
0
Version:
1,0,0,6
Modules
Images
c:\users\admin\appdata\local\temp\nsx998b.tmp\ga_utility.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\wininet.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
1456"C:\Windows\TEMP\Upd49FF.tmp" /INSTALLPATH=C:\Program Files\WinZip Smart MonitorC:\Windows\TEMP\Upd49FF.tmp
WinZip Smart Monitor Service.exe
User:
admin
Company:
Corel Corporation
Integrity Level:
HIGH
Description:
WinZip Smart Monitor installer
Exit code:
0
Version:
2.11.1.8
Modules
Images
c:\windows\temp\upd49ff.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
6 564
Read events
3 938
Write events
2 500
Delete events
126

Modification events

(PID) Process:(628) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(628) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(628) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(628) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(628) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(628) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(628) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(628) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3120-13213713943555664
Value:
0
(PID) Process:(628) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(628) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:628-13226565629735125
Value:
259
Executable files
55
Suspicious files
242
Text files
1 184
Unknown types
95

Dropped files

PID
Process
Filename
Type
628chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5E4CCEFE-274.pma
MD5:
SHA256:
628chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\608f0501-2cb4-4c4d-946b-795c7c31b449.tmp
MD5:
SHA256:
628chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000028.dbtmp
MD5:
SHA256:
628chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RFa65ea3.TMPtext
MD5:
SHA256:
628chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RFa65e45.TMPtext
MD5:
SHA256:
628chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RFa65e55.TMPtext
MD5:
SHA256:
628chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:
SHA256:
628chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:
SHA256:
628chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
MD5:
SHA256:
628chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old~RFa65fac.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
71
TCP/UDP connections
156
DNS requests
65
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1116
ga_utility.exe
GET
200
172.217.16.163:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDx9it%2Fyk0DxwgAAAAALC4g
US
der
472 b
whitelisted
2856
WinZip Smart Monitor Service.exe
GET
200
143.204.208.165:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
der
1.70 Kb
whitelisted
3720
iexplore.exe
GET
200
143.204.208.108:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
der
1.51 Kb
whitelisted
1116
ga_utility.exe
GET
200
172.217.16.163:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
676
DriverUpdater.exe
GET
200
143.204.208.165:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
der
1.70 Kb
whitelisted
3720
iexplore.exe
GET
200
13.35.254.41:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D
US
der
1.39 Kb
shared
3720
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrBBNpPfHTPX6Jy6BVzyBPnBWMnQQUPnQtH89FdQR%2BP8Cihz5MQ4NRE8YCEAUI1xTz%2FIA59ca8CEavehY%3D
US
der
279 b
whitelisted
3720
iexplore.exe
GET
200
143.204.208.108:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
der
1.51 Kb
whitelisted
3720
iexplore.exe
GET
200
143.204.208.108:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D
US
der
1.39 Kb
shared
2856
WinZip Smart Monitor Service.exe
GET
200
143.204.208.108:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D
US
der
1.39 Kb
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2752
chrome.exe
172.217.22.35:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
2752
chrome.exe
23.58.216.147:443
download.winzipdriverupdater.com
Akamai Technologies, Inc.
US
whitelisted
2752
chrome.exe
216.58.207.45:443
Google Inc.
US
whitelisted
2752
chrome.exe
172.217.18.4:443
www.google.com
Google Inc.
US
whitelisted
2752
chrome.exe
216.58.206.3:443
ssl.gstatic.com
Google Inc.
US
whitelisted
2752
chrome.exe
172.217.18.14:443
sb-ssl.google.com
Google Inc.
US
whitelisted
1116
ga_utility.exe
216.58.205.232:443
ssl.google-analytics.com
Google Inc.
US
whitelisted
1116
ga_utility.exe
172.217.16.163:80
ocsp.pki.goog
Google Inc.
US
whitelisted
2856
WinZip Smart Monitor Service.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
308
DriverUpdater.exe
216.58.205.232:443
ssl.google-analytics.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 172.217.22.35
whitelisted
download.winzipdriverupdater.com
  • 23.58.216.147
whitelisted
accounts.google.com
  • 52.54.209.7
  • 52.4.170.111
shared
www.google.com
  • 172.217.18.4
malicious
ssl.gstatic.com
  • 216.58.206.3
whitelisted
sb-ssl.google.com
  • 172.217.18.14
whitelisted
ssl.google-analytics.com
  • 216.58.205.232
whitelisted
ocsp.pki.goog
  • 172.217.16.163
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
goto.winzip.com
  • 52.86.198.112
  • 54.88.235.220
unknown

Threats

PID
Process
Class
Message
2856
WinZip Smart Monitor Service.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2856
WinZip Smart Monitor Service.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://download.winzipdriverupdater.com/wzdu/wzdu53.exe