download:

/rest/browser/binaries/windows-installers/18329/comet_installer_latest.exe

Full analysis: https://app.any.run/tasks/d8d25636-8f4d-49c4-b72d-27749c94e1af
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: October 06, 2025, 05:32:40
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
anti-evasion
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

968E0209A85A57C62A6B40BE993036E6

SHA1:

9AFE2605FFC4623961DD8EDD696F9E76AFD16B30

SHA256:

CC50F2AAFB778C21B702C246ED480A14615208799113A29793962C3A8401BEB7

SSDEEP:

98304:5v9D+Dtt9Dh6bjZUciw9oYHO8j1G9r1KST3fbW4mnNhgyiCCNCF51iV1B2XM73sq:sbwgvXPwtdJhBtQnn8+pGBECiM99Fr

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • comet.exe (PID: 8076)

    • Steals credentials from Web Browsers

      • comet.exe (PID: 8076)

    • Create files in the Startup directory

      • comet.exe (PID: 8076)

    • Application was injected by another process

      • setup.exe (PID: 9600)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • comet_installer_latest.exe (PID: 2164)

    • The process drops C-runtime libraries

      • comet_installer_latest.exe (PID: 2164)

    • Executable content was dropped or overwritten

      • comet_installer_latest.exe (PID: 2164)
      • mini_installer.exe (PID: 3136)
      • setup.exe (PID: 2672)
      • setup.exe (PID: 9600)

    • Application launched itself

      • setup.exe (PID: 2672)
      • setup.exe (PID: 6972)
      • comet.exe (PID: 8076)
      • setup.exe (PID: 9600)
      • comet.exe (PID: 8084)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 6972)
      • comet.exe (PID: 8076)

    • There is functionality for taking screenshot (YARA)

      • crashpad_handler.exe (PID: 2812)
      • comet_installer.exe (PID: 5196)

    • The executable file from the user directory is run by the CMD process

      • comet.exe (PID: 8076)

    • Searches for installed software

      • setup.exe (PID: 2672)
      • SystemSettings.exe (PID: 720)
      • setup.exe (PID: 9600)

    • Reads the date of Windows installation

      • setup.exe (PID: 6972)
      • comet.exe (PID: 8076)
      • SystemSettings.exe (PID: 8420)
      • SystemSettings.exe (PID: 720)

    • Starts CMD.EXE for commands execution

      • comet_installer.exe (PID: 5196)

    • Reads Mozilla Firefox installation path

      • comet.exe (PID: 8076)

    • The process checks if it is being run in the virtual environment

      • comet.exe (PID: 8076)

    • Connects to unusual port

      • comet.exe (PID: 4608)

  • INFO

    • Create files in a temporary directory

      • comet_installer_latest.exe (PID: 2164)
      • comet_installer.exe (PID: 5196)
      • crashpad_handler.exe (PID: 2812)
      • mini_installer.exe (PID: 3136)
      • comet.exe (PID: 8076)
      • comet.exe (PID: 1764)
      • setup.exe (PID: 9600)

    • Checks supported languages

      • comet_installer_latest.exe (PID: 2164)
      • comet_installer.exe (PID: 5196)
      • crashpad_handler.exe (PID: 2812)
      • setup.exe (PID: 7548)
      • mini_installer.exe (PID: 3136)
      • setup.exe (PID: 2672)
      • setup.exe (PID: 7736)
      • comet.exe (PID: 8076)
      • comet.exe (PID: 1524)
      • setup.exe (PID: 6972)
      • comet.exe (PID: 7464)
      • comet.exe (PID: 4608)
      • comet.exe (PID: 4776)
      • comet.exe (PID: 6168)
      • comet.exe (PID: 2000)
      • comet.exe (PID: 7404)
      • comet.exe (PID: 8424)
      • comet.exe (PID: 8696)
      • comet.exe (PID: 8736)
      • comet.exe (PID: 8704)
      • comet.exe (PID: 8768)
      • comet.exe (PID: 8896)
      • comet.exe (PID: 8952)
      • comet.exe (PID: 8196)
      • comet.exe (PID: 9108)
      • comet.exe (PID: 9124)
      • comet.exe (PID: 8508)
      • comet.exe (PID: 8944)
      • comet.exe (PID: 9116)
      • comet.exe (PID: 8336)
      • comet.exe (PID: 8332)
      • comet.exe (PID: 5208)
      • comet.exe (PID: 8640)
      • comet.exe (PID: 7672)
      • comet.exe (PID: 1764)
      • comet.exe (PID: 6868)
      • comet.exe (PID: 6064)
      • comet.exe (PID: 7280)
      • comet.exe (PID: 5284)
      • comet.exe (PID: 2328)
      • SystemSettings.exe (PID: 8420)
      • comet.exe (PID: 9156)
      • comet.exe (PID: 8668)
      • comet.exe (PID: 9472)
      • comet.exe (PID: 9604)
      • comet.exe (PID: 9660)
      • comet.exe (PID: 9700)
      • comet.exe (PID: 9880)
      • comet.exe (PID: 9908)
      • SystemSettings.exe (PID: 720)
      • setup.exe (PID: 9600)
      • comet.exe (PID: 9192)
      • comet.exe (PID: 9632)
      • comet.exe (PID: 9648)
      • setup.exe (PID: 9636)
      • comet.exe (PID: 8084)

    • The sample compiled with english language support

      • comet_installer_latest.exe (PID: 2164)
      • mini_installer.exe (PID: 3136)
      • setup.exe (PID: 2672)
      • setup.exe (PID: 9600)

    • Checks proxy server information

      • comet_installer.exe (PID: 5196)
      • comet.exe (PID: 8076)
      • slui.exe (PID: 8796)
      • comet.exe (PID: 8084)

    • Reads Environment values

      • comet_installer.exe (PID: 5196)

    • Reads the computer name

      • comet_installer.exe (PID: 5196)
      • setup.exe (PID: 2672)
      • mini_installer.exe (PID: 3136)
      • setup.exe (PID: 6972)
      • comet.exe (PID: 8076)
      • comet.exe (PID: 7464)
      • comet.exe (PID: 4608)
      • comet.exe (PID: 8424)
      • comet.exe (PID: 8704)
      • comet.exe (PID: 8336)
      • comet.exe (PID: 8332)
      • SystemSettings.exe (PID: 8420)
      • SystemSettings.exe (PID: 720)
      • setup.exe (PID: 9600)
      • comet.exe (PID: 9632)
      • comet.exe (PID: 9648)
      • comet.exe (PID: 8084)

    • Creates files or folders in the user directory

      • setup.exe (PID: 7548)
      • setup.exe (PID: 2672)
      • setup.exe (PID: 6972)
      • comet_installer.exe (PID: 5196)
      • comet.exe (PID: 8076)
      • comet.exe (PID: 4608)
      • comet.exe (PID: 9192)
      • comet.exe (PID: 8084)

    • Reads product name

      • comet_installer.exe (PID: 5196)

    • Creates a software uninstall entry

      • setup.exe (PID: 2672)

    • Process checks computer location settings

      • comet.exe (PID: 8076)
      • comet.exe (PID: 7404)
      • comet.exe (PID: 2000)
      • comet.exe (PID: 8196)
      • comet.exe (PID: 9116)
      • comet.exe (PID: 8508)
      • comet.exe (PID: 9124)
      • comet.exe (PID: 8640)
      • comet.exe (PID: 2328)
      • comet.exe (PID: 5284)
      • comet.exe (PID: 7280)
      • comet.exe (PID: 9156)
      • comet.exe (PID: 9472)
      • comet.exe (PID: 9604)
      • comet.exe (PID: 9880)
      • comet.exe (PID: 9908)

    • Reads the machine GUID from the registry

      • comet.exe (PID: 8076)
      • SystemSettings.exe (PID: 8420)
      • SystemSettings.exe (PID: 720)
      • comet.exe (PID: 8084)

    • Reads CPU info

      • comet.exe (PID: 8076)

    • Launching a file from the Startup directory

      • comet.exe (PID: 8076)

    • Reads Microsoft Office registry keys

      • SystemSettings.exe (PID: 8420)

    • Reads the software policy settings

      • SystemSettings.exe (PID: 8420)
      • SystemSettings.exe (PID: 720)
      • slui.exe (PID: 8796)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:03:08 23:05:20+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 27136
InitializedDataSize: 184832
UninitializedDataSize: 2048
EntryPoint: 0x358d
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
261
Monitored processes
63
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start comet_installer_latest.exe comet_installer.exe crashpad_handler.exe no specs mini_installer.exe setup.exe setup.exe no specs setup.exe no specs setup.exe no specs cmd.exe no specs conhost.exe no specs comet.exe comet.exe no specs comet.exe no specs comet.exe comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs slui.exe comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs systemsettings.exe comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs UIAutomationCrossBitnessHook32 Class no specs systemsettings.exe setup.exe setup.exe no specs comet.exe no specs comet.exe no specs comet.exe no specs comet.exe rundll32.exe no specs updater.exe no specs updater.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
720"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanelC:\Windows\ImmersiveControlPanel\SystemSettings.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Settings
Exit code:
1
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\immersivecontrolpanel\systemsettings.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
1320"C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=134.0.6985.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x125c460,0x125c46c,0x125c478C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exeupdater.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Updater
Exit code:
0
Version:
134.0.6985.0
Modules
Images
c:\program files (x86)\google\googleupdater\134.0.6985.0\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
1524C:\Users\admin\AppData\Local\Perplexity\Comet\Application\comet.exe --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Perplexity\Comet\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Perplexity\Comet\User Data\Crashpad" --url=https://o4504136533147648.ingest.us.sentry.io/api/4508489400123392/minidump/?sentry_key=6862c0f9ce7db97a4682a9a4f269e0bd --annotation=plat=Win64 --annotation=prod=Comet --annotation=ver=140.1.7339.21342 --initial-client-data=0x13c,0x140,0x144,0x118,0x148,0x7ffba3a12ec8,0x7ffba3a12ed4,0x7ffba3a12ee0C:\Users\admin\AppData\Local\Perplexity\Comet\Application\comet.execomet.exe
User:
admin
Company:
PERPLEXITY AI, INC.
Integrity Level:
MEDIUM
Description:
Comet
Exit code:
0
Version:
140.1.7339.21342
Modules
Images
c:\users\admin\appdata\local\perplexity\comet\application\comet.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\perplexity\comet\application\140.1.7339.21342\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
1764"C:\Users\admin\AppData\Local\Perplexity\Comet\Application\comet.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --force-high-res-timeticks=disabled --metrics-shmem-handle=1776,i,4624601164714179112,1995098108224286570,524288 --field-trial-handle=1828,i,1555015383577084444,4231491666240975201,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:8C:\Users\admin\AppData\Local\Perplexity\Comet\Application\comet.execomet.exe
User:
admin
Company:
PERPLEXITY AI, INC.
Integrity Level:
MEDIUM
Description:
Comet
Exit code:
0
Version:
140.1.7339.21342
Modules
Images
c:\users\admin\appdata\local\perplexity\comet\application\comet.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\perplexity\comet\application\140.1.7339.21342\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
2000"C:\Users\admin\AppData\Local\Perplexity\Comet\Application\comet.exe" --type=renderer --perplexity-backend-url=https://www.perplexity.ai/ --force-high-res-timeticks=disabled --start-stack-profiler --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=5 --metrics-shmem-handle=3336,i,5164769459400592433,3179476361352641223,2097152 --field-trial-handle=1828,i,1555015383577084444,4231491666240975201,262144 --variations-seed-version --mojo-platform-channel-handle=3412 /prefetch:1C:\Users\admin\AppData\Local\Perplexity\Comet\Application\comet.execomet.exe
User:
admin
Company:
PERPLEXITY AI, INC.
Integrity Level:
LOW
Description:
Comet
Exit code:
0
Version:
140.1.7339.21342
Modules
Images
c:\users\admin\appdata\local\perplexity\comet\application\comet.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\perplexity\comet\application\140.1.7339.21342\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2164"C:\Users\admin\AppData\Local\Temp\comet_installer_latest.exe" C:\Users\admin\AppData\Local\Temp\comet_installer_latest.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\comet_installer_latest.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2328"C:\Users\admin\AppData\Local\Perplexity\Comet\Application\comet.exe" --type=renderer --perplexity-backend-url=https://www.perplexity.ai/ --use-system-proprietary-codecs --force-high-res-timeticks=disabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=30 --metrics-shmem-handle=6712,i,13834114220926181064,1070645199837771192,2097152 --field-trial-handle=1828,i,1555015383577084444,4231491666240975201,262144 --variations-seed-version --mojo-platform-channel-handle=3944 /prefetch:1C:\Users\admin\AppData\Local\Perplexity\Comet\Application\comet.execomet.exe
User:
admin
Company:
PERPLEXITY AI, INC.
Integrity Level:
LOW
Description:
Comet
Exit code:
0
Version:
140.1.7339.21342
Modules
Images
c:\users\admin\appdata\local\perplexity\comet\application\comet.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\perplexity\comet\application\140.1.7339.21342\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2672"C:\Users\admin\AppData\Local\Temp\CometInstaller_d63345ff\CR_CCAC5.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Temp\CometInstaller_d63345ff\CR_CCAC5.tmp\CHROME.PACKED.7Z" --do-not-launch-chromeC:\Users\admin\AppData\Local\Temp\CometInstaller_d63345ff\CR_CCAC5.tmp\setup.exe
mini_installer.exe
User:
admin
Company:
PERPLEXITY AI, INC.
Integrity Level:
MEDIUM
Description:
Comet Installer
Exit code:
0
Version:
140.1.7339.21342
Modules
Images
c:\users\admin\appdata\local\temp\cometinstaller_d63345ff\cr_ccac5.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2812C:\Users\admin\AppData\Local\Temp\CometInstaller\crashpad_handler.exe --no-rate-limit --database=C:\Users\admin\AppData\Local\Temp\CometInstaller\.sentry-native --metrics-dir=C:\Users\admin\AppData\Local\Temp\CometInstaller\.sentry-native --url=https://o4504136533147648.ingest.us.sentry.io:443/api/4509691398324225/minidump/?sentry_client=sentry.native.flutter/0.9.0&sentry_key=861faca2cfd783cbbc742acc00e1601e --attachment=C:\Users\admin\AppData\Local\Temp\CometInstaller\.sentry-native\f7f05213-9660-47ee-9024-c1b1b749d499.run\__sentry-event --attachment=C:\Users\admin\AppData\Local\Temp\CometInstaller\.sentry-native\f7f05213-9660-47ee-9024-c1b1b749d499.run\__sentry-breadcrumb1 --attachment=C:\Users\admin\AppData\Local\Temp\CometInstaller\.sentry-native\f7f05213-9660-47ee-9024-c1b1b749d499.run\__sentry-breadcrumb2 --initial-client-data=0x57c,0x580,0x584,0x568,0x588,0x7ffba63e90c0,0x7ffba63e90d8,0x7ffba63e90f0C:\Users\admin\AppData\Local\Temp\CometInstaller\crashpad_handler.execomet_installer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Crashpad Handler
Exit code:
0
Version:
0.9.0
Modules
Images
c:\users\admin\appdata\local\temp\cometinstaller\crashpad_handler.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ucrtbase.dll
2944\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
29 558
Read events
29 236
Write events
202
Delete events
120

Modification events

(PID) Process:(5196) comet_installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules
Operation:writeName:C:\Users\admin\AppData\Local\Temp\CometInstaller\crashpad_wer.dll
Value:
1
(PID) Process:(2672) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Comet
Operation:writeName:InstallerProgress
Value:
19
(PID) Process:(2672) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Comet
Operation:writeName:InstallerProgress
Value:
25
(PID) Process:(2672) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Comet
Operation:writeName:InstallerProgress
Value:
39
(PID) Process:(2672) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Comet
Operation:writeName:UninstallString
Value:
C:\Users\admin\AppData\Local\Perplexity\Comet\Application\140.1.7339.21342\Installer\setup.exe
(PID) Process:(2672) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Comet
Operation:writeName:UninstallArguments
Value:
--uninstall
(PID) Process:(2672) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perplexity Comet
Operation:writeName:DisplayName
Value:
Comet
(PID) Process:(2672) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perplexity Comet
Operation:writeName:UninstallString
Value:
"C:\Users\admin\AppData\Local\Perplexity\Comet\Application\140.1.7339.21342\Installer\setup.exe" --uninstall
(PID) Process:(2672) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perplexity Comet
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\Perplexity\Comet\Application
(PID) Process:(2672) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perplexity Comet
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Local\Perplexity\Comet\Application\comet.exe,0
Executable files
28
Suspicious files
2 169
Text files
274
Unknown types
0

Dropped files

PID
Process
Filename
Type
2164comet_installer_latest.exeC:\Users\admin\AppData\Local\Temp\CometInstaller\data\app.so
MD5:
SHA256:
2164comet_installer_latest.exeC:\Users\admin\AppData\Local\Temp\CometInstaller\flutter_windows.dllexecutable
MD5:A9854E922373D8C3EE32AE6EEC34D3C5
SHA256:E7EA249CCFCACF2E480B77F07EDC5A054F3CEE191EB3AE814C31866F89D14C77
2164comet_installer_latest.exeC:\Users\admin\AppData\Local\Temp\CometInstaller\crashpad_wer.dllexecutable
MD5:5C9890A02A1B2F03E97F8DF24C1831CA
SHA256:7E262EB9F84034547EA2A184C189BAC7FFE8FDE7A0F7599A9930D1B0F747AF1E
2164comet_installer_latest.exeC:\Users\admin\AppData\Local\Temp\CometInstaller\comet_installer.exeexecutable
MD5:970FFCA07C63E2CEDA3730DA39C53FB4
SHA256:B1834EA2004DF31973962943D3E0EA6EB7E07AE522A032386CC9E9C40B5324E3
2164comet_installer_latest.exeC:\Users\admin\AppData\Local\Temp\CometInstaller\screen_retriever_plugin.dllexecutable
MD5:5D113153DD30BF7DBF04990562626833
SHA256:3391657F60730DD684669558FA18977D1E26658F856235A3778AA09892ABFFB9
2164comet_installer_latest.exeC:\Users\admin\AppData\Local\Temp\CometInstaller\vcruntime140.dllexecutable
MD5:703A2B415437CBB4B03A4C1D1740AB51
SHA256:69AE8DA07C71D09728260897375C7F0DDD317499969F32A4A2971967AA1DC9DE
2164comet_installer_latest.exeC:\Users\admin\AppData\Local\Temp\CometInstaller\crashpad_handler.exeexecutable
MD5:86F199F44A92A01A3D876FC1A29368E8
SHA256:C8C2C44B085DDBA797EA79DE92095D478611DC09607E527EA136CA547CCFC127
2164comet_installer_latest.exeC:\Users\admin\AppData\Local\Temp\CometInstaller\dartjni.dllexecutable
MD5:37F69D27095B3AA1B687C56E55EF7B1E
SHA256:32562CAFDBE5994E66EB66B5265DE6A424F5527D01C3C43836441F9F01534CC7
2164comet_installer_latest.exeC:\Users\admin\AppData\Local\Temp\CometInstaller\sentry.dllexecutable
MD5:159929BF65CA3C88F49579EC259A2F8C
SHA256:9D80E8214FB19054F621F906049CA9B38CDC68880BF279C45FE32084182D8290
2164comet_installer_latest.exeC:\Users\admin\AppData\Local\Temp\CometInstaller\url_launcher_windows_plugin.dllexecutable
MD5:3091F73FA3F37DF50A16E17B167BDC1E
SHA256:0812EFEB0546F298E0DCC3ECE7977E817B244955AD780AECD3FE14FB4BCE61F5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
23
TCP/UDP connections
132
DNS requests
121
Threats
91

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2620
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2364
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
3084
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7000
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
8848
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3
unknown
whitelisted
8848
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3
unknown
whitelisted
8848
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3
unknown
whitelisted
8848
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3
unknown
whitelisted
8848
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3
unknown
whitelisted
8848
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6016
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3404
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5224
SearchApp.exe
95.100.158.105:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
5196
comet_installer.exe
104.18.26.48:443
www.perplexity.ai
CLOUDFLARENET
whitelisted
5196
comet_installer.exe
104.18.27.48:443
www.perplexity.ai
CLOUDFLARENET
whitelisted
2620
svchost.exe
20.190.159.2:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2620
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
3464
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
www.bing.com
  • 95.100.158.105
  • 95.100.158.113
  • 95.100.158.112
  • 23.11.206.115
  • 95.100.158.107
  • 23.11.206.112
  • 95.100.158.115
  • 95.100.158.121
  • 95.100.158.114
  • 92.123.104.46
  • 92.123.104.58
  • 92.123.104.51
  • 92.123.104.42
  • 92.123.104.49
  • 92.123.104.41
  • 92.123.104.53
  • 92.123.104.52
  • 92.123.104.47
  • 92.123.104.63
  • 92.123.104.62
  • 92.123.104.61
  • 92.123.104.60
whitelisted
google.com
  • 142.250.185.78
whitelisted
www.perplexity.ai
  • 104.18.26.48
  • 104.18.27.48
  • 2606:4700::6812:1a30
  • 2606:4700::6812:1b30
unknown
login.live.com
  • 20.190.159.2
  • 20.190.159.129
  • 20.190.159.4
  • 20.190.159.75
  • 40.126.31.67
  • 40.126.31.1
  • 40.126.31.130
  • 40.126.31.131
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 162.159.142.9
  • 172.66.2.5
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted
arc.msn.com
  • 20.199.58.43
whitelisted
slscr.update.microsoft.com
  • 74.179.77.204
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
4608
comet.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4608
comet.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4608
comet.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4608
comet.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4608
comet.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4608
comet.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4608
comet.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4608
comet.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4608
comet.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/rest/browser/binaries/windows-installers/18329/comet_installer_latest.exe