File name:

Free Snipping Tool - 3.5.0.0.msi

Full analysis: https://app.any.run/tasks/17e84f49-33ad-4bdf-b46c-768f5a45345a
Verdict: Malicious activity
Analysis date: September 06, 2019, 08:51:23
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
generated-doc
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Security: 0, Code page: 1252, Revision Number: {76D90771-FF81-4007-A5FB-3D4ED53B1BE4}, Number of Words: 10, Subject: Free Snipping Tool, Author: Free Snipping Tool, Name of Creating Application: Advanced Installer 14.7 build 9cf640d4e3, Template: ;1033, Comments: This installer database contains the logic and data required to install Free Snipping Tool., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
MD5:

02568F850C75D10CC0C5CC8D0C82823C

SHA1:

FFC2E7B0B1177AC04FBE05CF0B63C6DAD5AD8F64

SHA256:

CA9469F021CCF666A6018EC8720AAE76870B550D4D63B45CEA0C984193CF7C7A

SSDEEP:

196608:4uNAk2330OSXDwXEHZeCHozW2kTHDQJMqQ9Xtoa6IecJh/0:46WkOuEXE5wfCjQJMqQ9doXzcJy

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Free Snipping Tool.exe (PID: 2012)
      • updater.exe (PID: 3792)
      • Free Snipping Tool.exe (PID: 1032)
      • Install Chrome Extension.exe (PID: 3144)
      • updater.exe (PID: 2564)
      • Free Snipping Tool.exe (PID: 2648)
      • Install Chrome Extension.exe (PID: 356)
      • updater.exe (PID: 3396)
      • Install Chrome Extension.exe (PID: 4000)
      • Free Snipping Tool.exe (PID: 2200)
      • Install Chrome Extension.exe (PID: 316)
      • updater.exe (PID: 3784)

    • Loads dropped or rewritten executable

      • Free Snipping Tool.exe (PID: 1032)
      • Free Snipping Tool.exe (PID: 2012)
      • Install Chrome Extension.exe (PID: 3144)
      • Free Snipping Tool.exe (PID: 2648)
      • Free Snipping Tool.exe (PID: 2200)
      • Install Chrome Extension.exe (PID: 316)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 2656)
      • msiexec.exe (PID: 2176)
      • Free Snipping Tool.exe (PID: 2012)
      • updater.exe (PID: 3792)

    • Executed as Windows Service

      • vssvc.exe (PID: 3384)

    • Creates files in the user directory

      • msiexec.exe (PID: 2176)
      • updater.exe (PID: 3792)
      • updater.exe (PID: 2564)

    • Executed via COM

      • DrvInst.exe (PID: 3368)

    • Changes the autorun value in the registry

      • msiexec.exe (PID: 2176)

    • Reads Environment values

      • Free Snipping Tool.exe (PID: 2012)
      • Free Snipping Tool.exe (PID: 2648)

    • Starts itself from another location

      • updater.exe (PID: 3792)

    • Modifies the open verb of a shell class

      • Install Chrome Extension.exe (PID: 3144)
      • Install Chrome Extension.exe (PID: 316)

    • Starts Microsoft Installer

      • updater.exe (PID: 2564)

    • Starts CMD.EXE for commands execution

      • updater.exe (PID: 2564)
      • cmd.exe (PID: 2460)

    • Application launched itself

      • cmd.exe (PID: 2460)

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 3432)

  • INFO

    • Low-level read access rights to disk partition

      • vssvc.exe (PID: 3384)

    • Loads dropped or rewritten executable

      • MsiExec.exe (PID: 3920)
      • MsiExec.exe (PID: 2380)
      • MsiExec.exe (PID: 2788)
      • msiexec.exe (PID: 2176)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 2176)

    • Searches for installed software

      • msiexec.exe (PID: 2176)

    • Application launched itself

      • msiexec.exe (PID: 2176)
      • chrome.exe (PID: 3432)

    • Reads the hosts file

      • chrome.exe (PID: 3432)
      • chrome.exe (PID: 2496)

    • Manual execution by user

      • chrome.exe (PID: 3432)
      • taskmgr.exe (PID: 4004)

    • Reads settings of System Certificates

      • chrome.exe (PID: 2496)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (81.9)
.mst | Windows SDK Setup Transform Script (9.2)
.msp | Windows Installer Patch (7.6)
.msi | Microsoft Installer (100)

EXIF

FlashPix

LastPrinted: 2009:12:11 11:47:44
CreateDate: 2009:12:11 11:47:44
ModifyDate: 2009:12:11 11:47:44
Security: None
CodePage: Windows Latin 1 (Western European)
RevisionNumber: {76D90771-FF81-4007-A5FB-3D4ED53B1BE4}
Words: 10
Subject: Free Snipping Tool
Author: Free Snipping Tool
LastModifiedBy: -
Software: Advanced Installer 14.7 build 9cf640d4e3
Template: ;1033
Comments: This installer database contains the logic and data required to install Free Snipping Tool.
Title: Installation Database
Keywords: Installer, MSI, Database
Pages: 200
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
112
Monitored processes
67
Malicious processes
8
Suspicious processes
3

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start msiexec.exe msiexec.exe msiexec.exe no specs vssvc.exe no specs drvinst.exe no specs msiexec.exe no specs free snipping tool.exe free snipping tool.exe updater.exe updater.exe install chrome extension.exe no specs install chrome extension.exe msiexec.exe no specs msiexec.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs taskmgr.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs free snipping tool.exe chrome.exe no specs chrome.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs chrome.exe no specs updater.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs free snipping tool.exe chrome.exe no specs install chrome extension.exe no specs install chrome extension.exe chrome.exe no specs updater.exe chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
316"C:\Users\admin\AppData\Roaming\Free Snipping Tool\App\Install Chrome Extension.exe" "C:\Users\admin\AppData\Roaming\Free Snipping Tool\App\Free Snipping Tool.exe"C:\Users\admin\AppData\Roaming\Free Snipping Tool\App\Install Chrome Extension.exe
Free Snipping Tool.exe
User:
admin
Integrity Level:
HIGH
Description:
Install Chrome Extension
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\roaming\free snipping tool\app\install chrome extension.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
356"C:\Users\admin\AppData\Roaming\Free Snipping Tool\App\Install Chrome Extension.exe" "C:\Users\admin\AppData\Roaming\Free Snipping Tool\App\Free Snipping Tool.exe"C:\Users\admin\AppData\Roaming\Free Snipping Tool\App\Install Chrome Extension.exeFree Snipping Tool.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Install Chrome Extension
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\roaming\free snipping tool\app\install chrome extension.exe
c:\systemroot\system32\ntdll.dll
552"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=976,87443803271877298,713407960664475755,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=7964899616689826414 --mojo-platform-channel-handle=3624 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
796"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=976,87443803271877298,713407960664475755,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11816304809064683663 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
872"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=976,87443803271877298,713407960664475755,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=5499311560180309253 --mojo-platform-channel-handle=3492 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
888"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=976,87443803271877298,713407960664475755,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=12285371687002042669 --mojo-platform-channel-handle=4560 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
924"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=976,87443803271877298,713407960664475755,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=1321458935981763543 --mojo-platform-channel-handle=4148 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1032"C:\Users\admin\AppData\Roaming\Free Snipping Tool\App\Free Snipping Tool.exe" C:\Users\admin\AppData\Roaming\Free Snipping Tool\App\Free Snipping Tool.exe
MsiExec.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Free Snipping Tool
Exit code:
0
Version:
3.5.0.0
Modules
Images
c:\users\admin\appdata\roaming\free snipping tool\app\free snipping tool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1032"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=976,87443803271877298,713407960664475755,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=17084001388607581243 --mojo-platform-channel-handle=4176 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\windows\system32\msv1_0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\ws2_32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runt73a1fc9d#\b90f40ba78ef47ed0a9a563e242f6322\system.runtime.remoting.ni.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shell32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\cd03f9386e02f56502e01a25ddd7e0a7\system.configuration.ni.dll
c:\windows\system32\uxtheme.dll
1360"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=976,87443803271877298,713407960664475755,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=4402809806987053785 --mojo-platform-channel-handle=3532 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
4 183
Read events
2 972
Write events
1 013
Delete events
198

Modification events

(PID) Process:(2176) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
4000000000000000F62E674D9064D50180080000840C0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2176) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4000000000000000F62E674D9064D50180080000840C0000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2176) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
24
(PID) Process:(2176) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
40000000000000009E03BD4D9064D50180080000840C0000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2176) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
40000000000000009E03BD4D9064D501800800001C080000E803000001000000000000000000000022989A96272A5C45A9B74AA94D2EB7FD0000000000000000
(PID) Process:(3384) vssvc.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
Operation:writeName:IDENTIFY (Enter)
Value:
40000000000000006E16D04D9064D501380D0000900F0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3384) vssvc.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Enter)
Value:
40000000000000006E16D04D9064D501380D0000F80B0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3384) vssvc.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
Operation:writeName:IDENTIFY (Enter)
Value:
40000000000000006E16D04D9064D501380D0000100C0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3384) vssvc.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Enter)
Value:
40000000000000006E16D04D9064D501380D0000940F0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3384) vssvc.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Leave)
Value:
40000000000000007C3DD74D9064D501380D0000940F0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
Executable files
64
Suspicious files
57
Text files
447
Unknown types
29

Dropped files

PID
Process
Filename
Type
2656msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI9B5B.tmp
MD5:
SHA256:
2656msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI9BAA.tmp
MD5:
SHA256:
2656msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI9C67.tmp
MD5:
SHA256:
2656msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI9C87.tmp
MD5:
SHA256:
2176msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
2176msiexec.exeC:\Windows\Installer\16d621.msi
MD5:
SHA256:
2176msiexec.exeC:\Windows\Installer\MSID7E6.tmp
MD5:
SHA256:
2176msiexec.exeC:\Users\admin\AppData\Local\Temp\~DF9061B69926CDDC1F.TMP
MD5:
SHA256:
2176msiexec.exeC:\System Volume Information\SPP\OnlineMetadataCache\{969a9822-2a27-455c-a9b7-4aa94d2eb7fd}_OnDiskSnapshotPropbinary
MD5:
SHA256:
3368DrvInst.exeC:\Windows\INF\setupapi.ev1binary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
28
TCP/UDP connections
35
DNS requests
27
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2496
chrome.exe
GET
302
172.217.18.14:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx
US
html
514 b
whitelisted
2496
chrome.exe
GET
302
172.217.18.14:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx
US
html
514 b
whitelisted
2012
Free Snipping Tool.exe
GET
200
172.217.16.206:80
http://www.google-analytics.com/collect?t=pageview&v=1&tid=UA-113804478-3&dh=freesnippingtool.com&dp=/hits-3.5.0.0&dt=hits&z=bdb54673-72da-498a-b5a6-39ddf4519919&cid=22c137ab-283a-4a9f-b722-7de953fccfb4
US
image
35 b
whitelisted
2012
Free Snipping Tool.exe
GET
200
172.217.16.206:80
http://www.google-analytics.com/collect?t=pageview&v=1&tid=UA-113804478-3&dh=freesnippingtool.com&dp=/activated-UpdateCheckAuto&dt=Activated%20Update%20Check%20Auto&z=e0e216b2-6d8b-48da-9c5b-11742ef7c68f&cid=7cc094b2-a89e-42e6-89bb-83b1b200bad3
US
image
35 b
whitelisted
2648
Free Snipping Tool.exe
POST
200
172.217.16.206:80
http://www.google-analytics.com/collect
US
image
35 b
whitelisted
2496
chrome.exe
GET
200
173.194.150.135:80
http://r1---sn-f5f7ln7s.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=212.7.222.142&mm=28&mn=sn-f5f7ln7s&ms=nvh&mt=1567759494&mv=u&mvi=0&pl=22&shardbypass=yes
US
crx
862 Kb
whitelisted
2012
Free Snipping Tool.exe
POST
200
172.217.16.206:80
http://www.google-analytics.com/collect
US
image
35 b
whitelisted
2648
Free Snipping Tool.exe
GET
200
172.217.16.206:80
http://www.google-analytics.com/collect?t=pageview&v=1&tid=UA-113804478-3&dh=freesnippingtool.com&dp=/hits-3.6.0.0&dt=hits&z=451c8226-d566-49a8-ae38-9d5c6ee013bb&cid=a92863ec-138b-42de-b1d5-9b9ba16e28e0
US
image
35 b
whitelisted
2012
Free Snipping Tool.exe
POST
200
172.217.16.206:80
http://www.google-analytics.com/collect
US
image
35 b
whitelisted
2648
Free Snipping Tool.exe
POST
200
172.217.16.206:80
http://www.google-analytics.com/collect
US
image
35 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2012
Free Snipping Tool.exe
172.217.16.206:80
www.google-analytics.com
Google Inc.
US
whitelisted
3792
updater.exe
23.111.140.234:443
freesnippingtool.com
HIVELOCITY VENTURES CORP
US
suspicious
2496
chrome.exe
172.217.16.163:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
2496
chrome.exe
172.217.16.131:443
www.google.com.ua
Google Inc.
US
whitelisted
2496
chrome.exe
216.58.208.33:443
clients2.googleusercontent.com
Google Inc.
US
whitelisted
2496
chrome.exe
216.58.208.35:443
www.gstatic.com
Google Inc.
US
whitelisted
2496
chrome.exe
216.58.208.42:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2496
chrome.exe
172.217.18.14:443
apis.google.com
Google Inc.
US
whitelisted
2496
chrome.exe
172.217.18.14:80
apis.google.com
Google Inc.
US
whitelisted
2496
chrome.exe
172.217.21.195:443
fonts.gstatic.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.google-analytics.com
  • 172.217.16.206
whitelisted
freesnippingtool.com
  • 23.111.140.234
suspicious
clientservices.googleapis.com
  • 172.217.16.163
whitelisted
accounts.google.com
  • 172.217.23.141
shared
clients2.google.com
  • 172.217.22.46
whitelisted
www.google.com.ua
  • 172.217.16.131
whitelisted
clients2.googleusercontent.com
  • 216.58.208.33
whitelisted
fonts.googleapis.com
  • 216.58.208.42
whitelisted
www.gstatic.com
  • 216.58.208.35
whitelisted
fonts.gstatic.com
  • 172.217.21.195
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Free Snipping Tool - 3.5.0.0.msi