analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://linkvertise.com/23610/omegaxexploit/1

Full analysis: https://app.any.run/tasks/63cbcb84-056c-4da3-8a9b-179a61798bdc
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Analysis date: January 15, 2022, 01:35:17
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

55CB0AFEBFD71EA588CBD888AEF90B2F

SHA1:

B9E59CD2ADD6926D7DB91C9CADF08827E0E1E08F

SHA256:

D05115DB9289CBD6CAF827AEA0530E3FC47A1C05067ECEC05E59D2486859179A

SSDEEP:

3:N8MLRBXAyTKE+r4Vrn:2MNi2Dk4Vrn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.exe (PID: 2524)
      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.exe (PID: 1284)
      • saBSI.exe (PID: 3948)
      • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2540)
      • avast_free_antivirus_setup_online.exe (PID: 3400)
      • instup.exe (PID: 2544)
      • instup.exe (PID: 3240)
      • sbr.exe (PID: 4340)
      • installer.exe (PID: 6064)
      • installer.exe (PID: 3884)
      • ServiceHost.exe (PID: 1564)
      • UIHost.exe (PID: 1260)
      • updater.exe (PID: 4512)
      • SetupInf.exe (PID: 2636)
      • SetupInf.exe (PID: 4164)
      • SetupInf.exe (PID: 3744)
      • SetupInf.exe (PID: 6108)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4204)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4104)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 3504)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4124)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 6016)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4820)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4500)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4844)
      • AvEmUpdate.exe (PID: 6096)
      • setup78263.exe (PID: 5940)
      • setup78263.exe (PID: 4720)
      • setup78263.exe (PID: 4104)
      • setup78263.exe (PID: 684)
      • AvEmUpdate.exe (PID: 5792)
      • AvEmUpdate.exe (PID: 4336)
      • setup78263.exe (PID: 2984)
      • GenericSetup.exe (PID: 3968)
      • GenericSetup.exe (PID: 5936)
      • GenericSetup.exe (PID: 3204)
      • GenericSetup.exe (PID: 2788)
      • GenericSetup.exe (PID: 5008)
      • AvEmUpdate.exe (PID: 5384)
      • overseer.exe (PID: 5432)
      • avBugReport.exe (PID: 4648)
      • avBugReport.exe (PID: 2788)
      • SetupInf.exe (PID: 5968)
      • SetupInf.exe (PID: 4948)
    • Drops executable file immediately after starts

      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.exe (PID: 2524)
      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.exe (PID: 1284)
      • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2540)
      • avast_free_antivirus_setup_online.exe (PID: 3400)
      • instup.exe (PID: 3240)
      • installer.exe (PID: 6064)
      • chrome.exe (PID: 4264)
      • setup78263.exe (PID: 4720)
      • setup78263.exe (PID: 684)
      • setup78263.exe (PID: 4104)
      • setup78263.exe (PID: 5940)
    • Changes settings of System certificates

      • saBSI.exe (PID: 3948)
      • installer.exe (PID: 3884)
      • ServiceHost.exe (PID: 1564)
      • GenericSetup.exe (PID: 3968)
      • SetupInf.exe (PID: 4948)
    • Loads dropped or rewritten executable

      • instup.exe (PID: 2544)
      • instup.exe (PID: 3240)
      • regsvr32.exe (PID: 5972)
      • regsvr32.exe (PID: 5252)
      • ServiceHost.exe (PID: 1564)
      • UIHost.exe (PID: 1260)
      • regsvr32.exe (PID: 6084)
      • svchost.exe (PID: 924)
      • chrome.exe (PID: 4156)
      • AvEmUpdate.exe (PID: 5792)
      • GenericSetup.exe (PID: 2788)
      • GenericSetup.exe (PID: 3968)
      • AvEmUpdate.exe (PID: 4336)
      • GenericSetup.exe (PID: 5936)
      • GenericSetup.exe (PID: 3204)
      • avBugReport.exe (PID: 4648)
      • avBugReport.exe (PID: 2788)
    • Changes the autorun value in the registry

      • instup.exe (PID: 3240)
    • Registers / Runs the DLL via REGSVR32.EXE

      • installer.exe (PID: 3884)
      • ServiceHost.exe (PID: 1564)
    • Steals credentials from Web Browsers

      • ServiceHost.exe (PID: 1564)
    • Actions looks like stealing of personal data

      • ServiceHost.exe (PID: 1564)
      • GenericSetup.exe (PID: 3968)
      • GenericSetup.exe (PID: 3204)
      • GenericSetup.exe (PID: 2788)
      • GenericSetup.exe (PID: 5936)
    • Loads the Task Scheduler COM API

      • AvEmUpdate.exe (PID: 6096)
      • AvEmUpdate.exe (PID: 5792)
      • overseer.exe (PID: 5432)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 1324)
      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.exe (PID: 2524)
      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.exe (PID: 1284)
      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
      • avast_free_antivirus_setup_online.exe (PID: 3400)
      • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2540)
      • instup.exe (PID: 2544)
      • saBSI.exe (PID: 3948)
      • instup.exe (PID: 3240)
      • installer.exe (PID: 6064)
      • installer.exe (PID: 3884)
      • chrome.exe (PID: 4264)
      • setup78263.exe (PID: 4720)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4500)
      • setup78263.exe (PID: 684)
      • setup78263.exe (PID: 4104)
      • setup78263.exe (PID: 5940)
      • AvEmUpdate.exe (PID: 5792)
    • Checks supported languages

      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2912)
      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.exe (PID: 2524)
      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.exe (PID: 1284)
      • saBSI.exe (PID: 3948)
      • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2540)
      • avast_free_antivirus_setup_online.exe (PID: 3400)
      • instup.exe (PID: 2544)
      • instup.exe (PID: 3240)
      • sbr.exe (PID: 4340)
      • installer.exe (PID: 6064)
      • installer.exe (PID: 3884)
      • ServiceHost.exe (PID: 1564)
      • UIHost.exe (PID: 1260)
      • updater.exe (PID: 4512)
      • cmd.exe (PID: 4872)
      • cmd.exe (PID: 1400)
      • SetupInf.exe (PID: 2636)
      • SetupInf.exe (PID: 3744)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4500)
      • SetupInf.exe (PID: 6108)
      • SetupInf.exe (PID: 4164)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 6016)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4820)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4844)
      • setup78263.exe (PID: 4720)
      • GenericSetup.exe (PID: 3968)
      • setup78263.exe (PID: 4104)
      • setup78263.exe (PID: 684)
      • GenericSetup.exe (PID: 3204)
      • GenericSetup.exe (PID: 2788)
      • setup78263.exe (PID: 5940)
      • AvEmUpdate.exe (PID: 6096)
      • AvEmUpdate.exe (PID: 5792)
      • GenericSetup.exe (PID: 5936)
      • AvEmUpdate.exe (PID: 4336)
      • GenericSetup.exe (PID: 5008)
      • setup78263.exe (PID: 2984)
      • AvEmUpdate.exe (PID: 5384)
      • overseer.exe (PID: 5432)
      • avBugReport.exe (PID: 2788)
      • avBugReport.exe (PID: 4648)
      • SetupInf.exe (PID: 4948)
      • SetupInf.exe (PID: 5968)
    • Reads the computer name

      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2912)
      • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2540)
      • saBSI.exe (PID: 3948)
      • avast_free_antivirus_setup_online.exe (PID: 3400)
      • instup.exe (PID: 2544)
      • instup.exe (PID: 3240)
      • installer.exe (PID: 3884)
      • ServiceHost.exe (PID: 1564)
      • UIHost.exe (PID: 1260)
      • updater.exe (PID: 4512)
      • SetupInf.exe (PID: 2636)
      • SetupInf.exe (PID: 3744)
      • SetupInf.exe (PID: 6108)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4500)
      • SetupInf.exe (PID: 4164)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 6016)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4820)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4844)
      • GenericSetup.exe (PID: 3968)
      • GenericSetup.exe (PID: 3204)
      • GenericSetup.exe (PID: 2788)
      • AvEmUpdate.exe (PID: 6096)
      • AvEmUpdate.exe (PID: 5792)
      • GenericSetup.exe (PID: 5936)
      • GenericSetup.exe (PID: 5008)
      • AvEmUpdate.exe (PID: 4336)
      • overseer.exe (PID: 5432)
      • AvEmUpdate.exe (PID: 5384)
      • avBugReport.exe (PID: 2788)
      • avBugReport.exe (PID: 4648)
      • SetupInf.exe (PID: 4948)
      • SetupInf.exe (PID: 5968)
    • Drops a file that was compiled in debug mode

      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
      • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2540)
      • avast_free_antivirus_setup_online.exe (PID: 3400)
      • instup.exe (PID: 2544)
      • saBSI.exe (PID: 3948)
      • installer.exe (PID: 6064)
      • instup.exe (PID: 3240)
      • installer.exe (PID: 3884)
      • chrome.exe (PID: 4264)
      • setup78263.exe (PID: 684)
      • setup78263.exe (PID: 4104)
      • setup78263.exe (PID: 4720)
      • setup78263.exe (PID: 5940)
      • AvEmUpdate.exe (PID: 5792)
    • Reads the Windows organization settings

      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
      • GenericSetup.exe (PID: 3968)
      • GenericSetup.exe (PID: 2788)
      • GenericSetup.exe (PID: 3204)
      • GenericSetup.exe (PID: 5936)
    • Drops a file with too old compile date

      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
      • instup.exe (PID: 3240)
      • setup78263.exe (PID: 4720)
      • setup78263.exe (PID: 4104)
      • setup78263.exe (PID: 684)
      • setup78263.exe (PID: 5940)
    • Reads Windows owner or organization settings

      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
      • GenericSetup.exe (PID: 3968)
      • GenericSetup.exe (PID: 3204)
      • GenericSetup.exe (PID: 2788)
      • GenericSetup.exe (PID: 5936)
    • Creates files in the Windows directory

      • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2540)
      • avast_free_antivirus_setup_online.exe (PID: 3400)
      • instup.exe (PID: 2544)
      • instup.exe (PID: 3240)
      • svchost.exe (PID: 924)
    • Adds / modifies Windows certificates

      • saBSI.exe (PID: 3948)
      • ServiceHost.exe (PID: 1564)
      • installer.exe (PID: 3884)
      • GenericSetup.exe (PID: 3968)
    • Reads CPU info

      • avast_free_antivirus_setup_online.exe (PID: 3400)
      • instup.exe (PID: 2544)
      • instup.exe (PID: 3240)
      • SetupInf.exe (PID: 4164)
      • SetupInf.exe (PID: 2636)
      • SetupInf.exe (PID: 3744)
      • SetupInf.exe (PID: 6108)
      • AvEmUpdate.exe (PID: 6096)
      • AvEmUpdate.exe (PID: 5792)
      • AvEmUpdate.exe (PID: 4336)
      • AvEmUpdate.exe (PID: 5384)
      • avBugReport.exe (PID: 4648)
      • avBugReport.exe (PID: 2788)
      • SetupInf.exe (PID: 4948)
      • SetupInf.exe (PID: 5968)
    • Creates files in the program directory

      • saBSI.exe (PID: 3948)
      • avast_free_antivirus_setup_online.exe (PID: 3400)
      • instup.exe (PID: 2544)
      • installer.exe (PID: 6064)
      • instup.exe (PID: 3240)
      • ServiceHost.exe (PID: 1564)
      • installer.exe (PID: 3884)
      • updater.exe (PID: 4512)
      • UIHost.exe (PID: 1260)
      • AvEmUpdate.exe (PID: 6096)
      • AvEmUpdate.exe (PID: 5792)
      • avBugReport.exe (PID: 2788)
    • Creates or modifies windows services

      • instup.exe (PID: 2544)
      • instup.exe (PID: 3240)
    • Reads Environment values

      • instup.exe (PID: 2544)
      • instup.exe (PID: 3240)
      • ServiceHost.exe (PID: 1564)
      • GenericSetup.exe (PID: 3968)
      • GenericSetup.exe (PID: 3204)
      • AvEmUpdate.exe (PID: 6096)
      • GenericSetup.exe (PID: 2788)
      • AvEmUpdate.exe (PID: 5792)
      • GenericSetup.exe (PID: 5936)
      • AvEmUpdate.exe (PID: 4336)
      • AvEmUpdate.exe (PID: 5384)
    • Removes files from Windows directory

      • instup.exe (PID: 2544)
      • instup.exe (PID: 3240)
    • Starts itself from another location

      • instup.exe (PID: 2544)
    • Creates a directory in Program Files

      • instup.exe (PID: 3240)
      • installer.exe (PID: 6064)
      • installer.exe (PID: 3884)
      • AvEmUpdate.exe (PID: 5792)
    • Drops a file with a compile date too recent

      • installer.exe (PID: 6064)
      • installer.exe (PID: 3884)
      • instup.exe (PID: 3240)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4500)
      • setup78263.exe (PID: 4720)
      • setup78263.exe (PID: 684)
      • setup78263.exe (PID: 4104)
      • setup78263.exe (PID: 5940)
    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 5972)
      • regsvr32.exe (PID: 5252)
      • regsvr32.exe (PID: 6084)
      • instup.exe (PID: 3240)
    • Starts SC.EXE for service management

      • installer.exe (PID: 3884)
    • Creates a software uninstall entry

      • installer.exe (PID: 3884)
      • ServiceHost.exe (PID: 1564)
      • instup.exe (PID: 3240)
    • Executed as Windows Service

      • ServiceHost.exe (PID: 1564)
    • Searches for installed software

      • updater.exe (PID: 4512)
      • GenericSetup.exe (PID: 3204)
      • GenericSetup.exe (PID: 2788)
      • GenericSetup.exe (PID: 5936)
      • overseer.exe (PID: 5432)
      • GenericSetup.exe (PID: 3968)
    • Starts CMD.EXE for commands execution

      • updater.exe (PID: 4512)
    • Changes default file association

      • instup.exe (PID: 3240)
    • Creates files in the driver directory

      • instup.exe (PID: 3240)
    • Application launched itself

      • AvEmUpdate.exe (PID: 5792)
    • Executed via COM

      • DrvInst.exe (PID: 6096)
  • INFO

    • Checks supported languages

      • chrome.exe (PID: 3380)
      • chrome.exe (PID: 1948)
      • chrome.exe (PID: 2400)
      • chrome.exe (PID: 1564)
      • chrome.exe (PID: 1324)
      • chrome.exe (PID: 3016)
      • chrome.exe (PID: 2220)
      • chrome.exe (PID: 3684)
      • chrome.exe (PID: 4024)
      • chrome.exe (PID: 3848)
      • chrome.exe (PID: 1556)
      • chrome.exe (PID: 2420)
      • chrome.exe (PID: 3404)
      • chrome.exe (PID: 3136)
      • chrome.exe (PID: 3100)
      • chrome.exe (PID: 2956)
      • chrome.exe (PID: 3120)
      • chrome.exe (PID: 3568)
      • chrome.exe (PID: 3628)
      • chrome.exe (PID: 3272)
      • chrome.exe (PID: 2460)
      • chrome.exe (PID: 3372)
      • chrome.exe (PID: 868)
      • chrome.exe (PID: 496)
      • chrome.exe (PID: 1548)
      • chrome.exe (PID: 3956)
      • chrome.exe (PID: 188)
      • chrome.exe (PID: 2564)
      • chrome.exe (PID: 3232)
      • chrome.exe (PID: 2744)
      • chrome.exe (PID: 3208)
      • svchost.exe (PID: 924)
      • chrome.exe (PID: 1500)
      • chrome.exe (PID: 3704)
      • chrome.exe (PID: 3736)
      • chrome.exe (PID: 2704)
      • chrome.exe (PID: 3904)
      • chrome.exe (PID: 3804)
      • chrome.exe (PID: 4068)
      • chrome.exe (PID: 2252)
      • chrome.exe (PID: 2128)
      • NOTEPAD.EXE (PID: 2044)
      • chrome.exe (PID: 2204)
      • chrome.exe (PID: 3640)
      • chrome.exe (PID: 1112)
      • chrome.exe (PID: 1852)
      • chrome.exe (PID: 3064)
      • chrome.exe (PID: 3164)
      • chrome.exe (PID: 1536)
      • chrome.exe (PID: 3900)
      • chrome.exe (PID: 5888)
      • chrome.exe (PID: 4600)
      • chrome.exe (PID: 5604)
      • chrome.exe (PID: 5216)
      • chrome.exe (PID: 4936)
      • chrome.exe (PID: 5008)
      • chrome.exe (PID: 4572)
      • chrome.exe (PID: 5584)
      • chrome.exe (PID: 5436)
      • chrome.exe (PID: 5712)
      • chrome.exe (PID: 4616)
      • chrome.exe (PID: 5004)
      • chrome.exe (PID: 2572)
      • sc.exe (PID: 4300)
      • regsvr32.exe (PID: 5972)
      • sc.exe (PID: 5980)
      • chrome.exe (PID: 5252)
      • sc.exe (PID: 4596)
      • chrome.exe (PID: 4444)
      • sc.exe (PID: 5624)
      • regsvr32.exe (PID: 5252)
      • regsvr32.exe (PID: 6084)
      • chrome.exe (PID: 4196)
      • chrome.exe (PID: 5464)
      • chrome.exe (PID: 4228)
      • chrome.exe (PID: 5704)
      • chrome.exe (PID: 5700)
      • chrome.exe (PID: 4452)
      • chrome.exe (PID: 5576)
      • chrome.exe (PID: 6056)
      • chrome.exe (PID: 1968)
      • chrome.exe (PID: 4264)
      • chrome.exe (PID: 4576)
      • chrome.exe (PID: 5016)
      • chrome.exe (PID: 4900)
      • chrome.exe (PID: 6036)
      • chrome.exe (PID: 5440)
      • chrome.exe (PID: 888)
      • chrome.exe (PID: 6140)
      • chrome.exe (PID: 2188)
      • chrome.exe (PID: 3572)
      • chrome.exe (PID: 4316)
      • consent.exe (PID: 1160)
      • chrome.exe (PID: 4156)
      • consent.exe (PID: 3276)
      • consent.exe (PID: 688)
      • chrome.exe (PID: 900)
    • Reads the computer name

      • chrome.exe (PID: 3016)
      • chrome.exe (PID: 1948)
      • chrome.exe (PID: 1324)
      • chrome.exe (PID: 2420)
      • chrome.exe (PID: 3404)
      • chrome.exe (PID: 3136)
      • chrome.exe (PID: 3100)
      • chrome.exe (PID: 3568)
      • chrome.exe (PID: 1548)
      • chrome.exe (PID: 1500)
      • chrome.exe (PID: 3904)
      • chrome.exe (PID: 4068)
      • sc.exe (PID: 5980)
      • sc.exe (PID: 4300)
      • sc.exe (PID: 4596)
      • sc.exe (PID: 5624)
      • regsvr32.exe (PID: 5252)
      • regsvr32.exe (PID: 6084)
      • chrome.exe (PID: 5704)
      • chrome.exe (PID: 4156)
      • consent.exe (PID: 3276)
      • consent.exe (PID: 1160)
      • consent.exe (PID: 688)
    • Reads the hosts file

      • chrome.exe (PID: 1324)
      • chrome.exe (PID: 3016)
      • instup.exe (PID: 2544)
      • instup.exe (PID: 3240)
      • overseer.exe (PID: 5432)
    • Application launched itself

      • chrome.exe (PID: 1324)
      • chrome.exe (PID: 1500)
    • Changes default file association

      • chrome.exe (PID: 1324)
    • Reads settings of System Certificates

      • chrome.exe (PID: 3016)
      • chrome.exe (PID: 1324)
      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
      • saBSI.exe (PID: 3948)
      • instup.exe (PID: 2544)
      • avast_free_antivirus_setup_online.exe (PID: 3400)
      • instup.exe (PID: 3240)
      • installer.exe (PID: 3884)
      • ServiceHost.exe (PID: 1564)
      • UIHost.exe (PID: 1260)
      • updater.exe (PID: 4512)
      • consent.exe (PID: 3276)
      • consent.exe (PID: 1160)
      • consent.exe (PID: 688)
      • GenericSetup.exe (PID: 3968)
      • GenericSetup.exe (PID: 3204)
      • GenericSetup.exe (PID: 2788)
      • AvEmUpdate.exe (PID: 5792)
      • GenericSetup.exe (PID: 5936)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4820)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4844)
      • AvEmUpdate.exe (PID: 4336)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 6016)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4500)
      • AvEmUpdate.exe (PID: 5384)
      • avBugReport.exe (PID: 2788)
      • avBugReport.exe (PID: 4648)
    • Reads the date of Windows installation

      • chrome.exe (PID: 3100)
    • Checks Windows Trust Settings

      • chrome.exe (PID: 1324)
      • saBSI.exe (PID: 3948)
      • installer.exe (PID: 3884)
      • ServiceHost.exe (PID: 1564)
      • UIHost.exe (PID: 1260)
      • updater.exe (PID: 4512)
      • consent.exe (PID: 3276)
      • consent.exe (PID: 1160)
      • consent.exe (PID: 688)
      • GenericSetup.exe (PID: 3968)
      • GenericSetup.exe (PID: 3204)
      • GenericSetup.exe (PID: 2788)
      • GenericSetup.exe (PID: 5936)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4844)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4820)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4500)
      • Download OmegaX Executor From RobloxHack_78263.exe (PID: 6016)
    • Application was dropped or rewritten from another process

      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2912)
      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
    • Loads dropped or rewritten executable

      • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
    • Dropped object may contain Bitcoin addresses

      • installer.exe (PID: 6064)
      • instup.exe (PID: 3240)
    • Creates files in the user directory

      • chrome.exe (PID: 1324)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
198
Monitored processes
146
Malicious processes
34
Suspicious processes
11

Behavior graph

Click at the process to see the details
drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs omega x exploit here - linkvertise downloader_u-mzvz1.exe omega x exploit here - linkvertise downloader_u-mzvz1.tmp no specs omega x exploit here - linkvertise downloader_u-mzvz1.exe omega x exploit here - linkvertise downloader_u-mzvz1.tmp sabsi.exe cookie_mmm_irs_ppi_005_888_a.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs avast_free_antivirus_setup_online.exe instup.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs notepad.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs instup.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs sbr.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs installer.exe installer.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs regsvr32.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs chrome.exe no specs chrome.exe no specs regsvr32.exe no specs sc.exe no specs servicehost.exe uihost.exe no specs regsvr32.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs updater.exe cmd.exe no specs cmd.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs setupinf.exe no specs chrome.exe no specs setupinf.exe no specs svchost.exe chrome.exe no specs chrome.exe no specs download omegax executor from robloxhack_78263.exe no specs setupinf.exe no specs setupinf.exe no specs download omegax executor from robloxhack_78263.exe download omegax executor from robloxhack_78263.exe no specs consent.exe no specs download omegax executor from robloxhack_78263.exe no specs consent.exe no specs download omegax executor from robloxhack_78263.exe no specs consent.exe no specs download omegax executor from robloxhack_78263.exe download omegax executor from robloxhack_78263.exe setup78263.exe download omegax executor from robloxhack_78263.exe setup78263.exe setup78263.exe genericsetup.exe genericsetup.exe genericsetup.exe setup78263.exe avemupdate.exe no specs chrome.exe no specs avemupdate.exe genericsetup.exe avemupdate.exe setup78263.exe no specs genericsetup.exe no specs avemupdate.exe overseer.exe avbugreport.exe avbugreport.exe setupinf.exe no specs setupinf.exe no specs drvinst.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1324"C:\Program Files\Google\Chrome\Application\chrome.exe" --disk-cache-dir=null --disk-cache-size=1 --media-cache-size=1 --disable-gpu-shader-disk-cache --disable-background-networking "https://linkvertise.com/23610/omegaxexploit/1"C:\Program Files\Google\Chrome\Application\chrome.exe
Explorer.EXE
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
3380"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x71a3d988,0x71a3d998,0x71a3d9a4C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1948"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,11373123984495570394,12710461487532574670,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgACAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1056 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\user32.dll
3016"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1040,11373123984495570394,12710461487532574670,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1248 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
2400"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,11373123984495570394,12710461487532574670,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
1564"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,11373123984495570394,12710461487532574670,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
4024"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,11373123984495570394,12710461487532574670,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
3404"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,11373123984495570394,12710461487532574670,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgACAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1048 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1556"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,11373123984495570394,12710461487532574670,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2256 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
3684"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,11373123984495570394,12710461487532574670,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\gdi32.dll
Total events
178 868
Read events
172 269
Write events
6 561
Delete events
38

Modification events

(PID) Process:(1324) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(1324) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(1324) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(1324) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(1324) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(1324) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(1324) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(1324) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(1324) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid
Value:
(PID) Process:(1324) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid_installdate
Value:
0
Executable files
568
Suspicious files
509
Text files
1 284
Unknown types
52

Dropped files

PID
Process
Filename
Type
1324chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61E224D8-52C.pma
MD5:
SHA256:
1324chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\f9ead5b7-5dc7-410b-b942-eb47c75fac1d.tmptext
MD5:D1A7F9EA4D0BB33C8AEA3FB64CA1D7F9
SHA256:94F0CEAD846C51BF98EA41106805611F6E987867A14C4A72C9029B214D2400F6
1324chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferencestext
MD5:D1A7F9EA4D0BB33C8AEA3FB64CA1D7F9
SHA256:94F0CEAD846C51BF98EA41106805611F6E987867A14C4A72C9029B214D2400F6
1324chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Versiontext
MD5:00046F773EFDD3C8F8F6D0F87A2B93DC
SHA256:593EDE11D17AF7F016828068BCA2E93CF240417563FB06DC8A579110AEF81731
1324chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldtext
MD5:7721CDA9F5B73CE8A135471EB53B4E0E
SHA256:DD730C576766A46FFC84E682123248ECE1FF1887EC0ACAB22A5CE93A450F4500
1324chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:8FF312A95D60ED89857FEB720D80D4E1
SHA256:946A57FAFDD28C3164D5AB8AB4971B21BD5EC5BFFF7554DBF832CB58CC37700B
1324chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF13e6aa.TMPtext
MD5:936EB7280DA791E6DD28EF3A9B46D39C
SHA256:CBAF2AFD831B32F6D1C12337EE5D2F090D6AE1F4DCB40B08BEF49BF52AD9721F
1324chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old~RF13e765.TMPtext
MD5:109A25C32EE1132ECD6D9F3ED9ADF01A
SHA256:DA6028DB9485C65E683643658326F02B1D0A1566DE14914EF28E5248EB94F0DD
1324chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.oldtext
MD5:5202CA4D6AF0C37DAEC0D528CC7F2986
SHA256:8F5B8FF94B14C36EA0CBE8FA0A4D165A632B45F834BBB7239E1A6CF6685F256C
1324chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF13e756.TMPtext
MD5:B628564B8042F6E2CC2F53710AAECDC0
SHA256:1D3B022BDEE9F48D79E3EC1E93F519036003642D3D72D10B05CFD47F43EFBF13
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
118
TCP/UDP connections
481
DNS requests
390
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
924
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3
US
whitelisted
2544
instup.exe
GET
200
72.247.182.203:80
http://c3978047.iavs9x.u.avast.com/iavs9x/servers.def.vpx
NL
binary
2.40 Kb
whitelisted
2540
cookie_mmm_irs_ppi_005_888_a.exe
GET
200
92.123.225.26:80
http://iavs9x.u.avast.com/iavs9x/avast_free_antivirus_setup_online.exe
unknown
executable
8.07 Mb
whitelisted
924
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3
US
binary
5.63 Kb
whitelisted
2540
cookie_mmm_irs_ppi_005_888_a.exe
POST
204
5.62.40.203:80
http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
DE
whitelisted
924
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3
US
binary
9.70 Kb
whitelisted
3016
chrome.exe
GET
200
2.16.186.81:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?9aae1a77d8f7bee6
unknown
compressed
59.9 Kb
whitelisted
2544
instup.exe
GET
200
72.247.182.203:80
http://y9830512.iavs9x.u.avast.com/iavs9x/offertool_ais-9c4.vpx
NL
binary
350 Kb
whitelisted
2540
cookie_mmm_irs_ppi_005_888_a.exe
POST
204
5.62.40.203:80
http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
DE
whitelisted
2544
instup.exe
GET
200
72.247.182.203:80
http://y9830512.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx
NL
binary
572 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3016
chrome.exe
142.250.186.138:443
fonts.googleapis.com
Google Inc.
US
whitelisted
3016
chrome.exe
142.250.184.227:443
ssl.gstatic.com
Google Inc.
US
whitelisted
3016
chrome.exe
142.250.185.174:443
clients2.google.com
Google Inc.
US
whitelisted
3016
chrome.exe
185.59.220.17:443
maxst.icons8.com
Datacamp Limited
DE
suspicious
3016
chrome.exe
142.250.185.77:443
accounts.google.com
Google Inc.
US
suspicious
3016
chrome.exe
104.18.11.207:443
stackpath.bootstrapcdn.com
Cloudflare Inc
US
suspicious
3016
chrome.exe
18.66.139.65:443
js.chargebee.com
Massachusetts Institute of Technology
US
suspicious
3016
chrome.exe
104.16.19.94:443
cdnjs.cloudflare.com
Cloudflare Inc
US
suspicious
3016
chrome.exe
162.159.137.85:443
linkvertise.com
Cloudflare Inc
malicious
3016
chrome.exe
162.159.138.85:443
linkvertise.com
Cloudflare Inc
malicious

DNS requests

Domain
IP
Reputation
clients2.google.com
  • 142.250.185.174
whitelisted
linkvertise.com
  • 162.159.138.85
  • 162.159.137.85
whitelisted
accounts.google.com
  • 142.250.185.77
shared
ssl.gstatic.com
  • 142.250.184.227
whitelisted
fonts.googleapis.com
  • 142.250.186.138
  • 142.250.185.202
whitelisted
stackpath.bootstrapcdn.com
  • 104.18.11.207
  • 104.18.10.207
whitelisted
cdnjs.cloudflare.com
  • 104.16.19.94
  • 104.16.18.94
whitelisted
maxst.icons8.com
  • 185.59.220.17
  • 195.181.174.7
  • 195.181.175.46
  • 195.181.175.54
  • 195.181.175.48
whitelisted
use.typekit.net
  • 2.16.186.59
  • 2.16.186.49
whitelisted
js.chargebee.com
  • 18.66.139.65
  • 18.66.139.34
  • 18.66.139.4
  • 18.66.139.63
shared

Threats

PID
Process
Class
Message
3016
chrome.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
2540
cookie_mmm_irs_ppi_005_888_a.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3016
chrome.exe
Attempted User Privilege Gain
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
Attempted User Privilege Gain
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
Attempted User Privilege Gain
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
Attempted User Privilege Gain
ET INFO Session Traversal Utilities for NAT (STUN Binding Response)
3016
chrome.exe
Attempted User Privilege Gain
ET INFO Session Traversal Utilities for NAT (STUN Binding Response)
Attempted User Privilege Gain
ET INFO Session Traversal Utilities for NAT (STUN Binding Response)
Potentially Bad Traffic
ET DNS Query for .to TLD
5792
AvEmUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
7 ETPRO signatures available at the full report
Process
Message
saBSI.exe
NotComDllGetInterface: DLL not found in install location, looking in current directory
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-P69I9.tmp\prod0_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-P69I9.tmp\prod0_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NotComDllGetInterface: DLL not found in install location, looking in current directory
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-P69I9.tmp\prod0_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-P69I9.tmp\prod0_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NotComDllGetInterface: DLL not found in install location, looking in current directory
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-P69I9.tmp\prod0_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-P69I9.tmp\prod0_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
installer.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory
installer.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
installer.exe
NotComDllGetInterface: C:\Program Files\McAfee\Temp2679576227\installer.exe loading C:\Program Files\McAfee\Temp2679576227\mfeaaca.dll, WinVerifyTrust failed with 80092003
installer.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory