File name:

Setup_chrome.exe.7z

Full analysis: https://app.any.run/tasks/44fb0103-af13-4202-add0-2e7ee65664b1
Verdict: Malicious activity
Analysis date: August 14, 2024, 07:35:08
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

9969BAD435B9BC7AE5E24B12F0157985

SHA1:

1CEF80C3C10E64455A683844A32A1BB7AB0897E4

SHA256:

DC9A14245AFD7839CAE304FC0342E8B90C4EF394F67EEE1CC878DECF3DB1CFD4

SSDEEP:

98304:2OzNSL4jhC2gEDNVNxnUDSuchBkKKvAZfv6UCR1+KEGJkb23akWRE+QXfVNoaapw:Ya6y9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was injected by another process

      • svchost.exe (PID: 896)

    • Runs injected code in another process

      • symsrv.exe (PID: 6772)

  • SUSPICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 6300)
      • Setup_chrome.exe (PID: 3568)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 6300)
      • Setup_chrome.exe (PID: 3568)
      • ChatAI_Chrome.exe (PID: 3324)
      • ChatAI_Chrome.exe (PID: 6720)
      • ChatAI_Chrome.exe (PID: 6252)

    • Process drops legitimate windows executable

      • Setup_chrome.exe (PID: 3568)

    • Executable content was dropped or overwritten

      • Setup_chrome.exe (PID: 3568)

    • Creates a software uninstall entry

      • Setup_chrome.exe (PID: 3568)

    • The process drops C-runtime libraries

      • Setup_chrome.exe (PID: 3568)

    • Reads the date of Windows installation

      • Setup_chrome.exe (PID: 3568)

    • Application launched itself

      • ChatAI_Chrome.exe (PID: 2400)
      • ChatAI_Chrome.exe (PID: 6908)

    • Connects to unusual port

      • ChatAI_Chrome.exe (PID: 6528)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6300)

    • Creates files in the program directory

      • Setup_chrome.exe (PID: 3568)
      • ChatAI_Chrome.exe (PID: 6908)

    • Creates files or folders in the user directory

      • Setup_chrome.exe (PID: 3568)
      • ChatAI_Chrome.exe (PID: 6908)
      • ChatAI_Chrome.exe (PID: 6528)
      • ChatAI_Chrome.exe (PID: 3324)
      • ChatAI_Chrome.exe (PID: 6720)
      • ChatAI_Chrome.exe (PID: 6252)
      • ChatAI_Chrome.exe (PID: 6172)

    • Reads the computer name

      • Setup_chrome.exe (PID: 3568)
      • symsrv.exe (PID: 6772)
      • ChatAI_Chrome.exe (PID: 2400)
      • ChatAI_Chrome.exe (PID: 6528)
      • ChatAI_Chrome.exe (PID: 6548)
      • ChatAI_Chrome.exe (PID: 6908)
      • ChatAI_Chrome.exe (PID: 2252)
      • ChatAI_Chrome.exe (PID: 6192)
      • ChatAI_Chrome.exe (PID: 3324)
      • ChatAI_Chrome.exe (PID: 6720)
      • ChatAI_Chrome.exe (PID: 6252)
      • ChatAI_Chrome.exe (PID: 6248)
      • TextInputHost.exe (PID: 1812)
      • ChatAI_Chrome.exe (PID: 964)
      • ChatAI_Chrome.exe (PID: 6172)

    • Checks supported languages

      • Setup_chrome.exe (PID: 3568)
      • symsrv.exe (PID: 6772)
      • ChatAI_Chrome.exe (PID: 6908)
      • ChatAI_Chrome.exe (PID: 2400)
      • ChatAI_Chrome.exe (PID: 3992)
      • ChatAI_Chrome.exe (PID: 6524)
      • ChatAI_Chrome.exe (PID: 6548)
      • ChatAI_Chrome.exe (PID: 6528)
      • ChatAI_Chrome.exe (PID: 872)
      • ChatAI_Chrome.exe (PID: 6796)
      • ChatAI_Chrome.exe (PID: 1536)
      • ChatAI_Chrome.exe (PID: 3876)
      • ChatAI_Chrome.exe (PID: 4024)
      • ChatAI_Chrome.exe (PID: 6700)
      • ChatAI_Chrome.exe (PID: 6640)
      • ChatAI_Chrome.exe (PID: 6732)
      • ChatAI_Chrome.exe (PID: 5032)
      • ChatAI_Chrome.exe (PID: 1076)
      • ChatAI_Chrome.exe (PID: 2252)
      • ChatAI_Chrome.exe (PID: 3256)
      • ChatAI_Chrome.exe (PID: 240)
      • ChatAI_Chrome.exe (PID: 6720)
      • ChatAI_Chrome.exe (PID: 3324)
      • ChatAI_Chrome.exe (PID: 6192)
      • ChatAI_Chrome.exe (PID: 1216)
      • ChatAI_Chrome.exe (PID: 3176)
      • ChatAI_Chrome.exe (PID: 6252)
      • ChatAI_Chrome.exe (PID: 6756)
      • ChatAI_Chrome.exe (PID: 6928)
      • ChatAI_Chrome.exe (PID: 6248)
      • ChatAI_Chrome.exe (PID: 7004)
      • ChatAI_Chrome.exe (PID: 964)
      • ChatAI_Chrome.exe (PID: 1448)
      • ChatAI_Chrome.exe (PID: 7136)
      • TextInputHost.exe (PID: 1812)
      • ChatAI_Chrome.exe (PID: 6172)
      • ChatAI_Chrome.exe (PID: 240)

    • Process checks computer location settings

      • Setup_chrome.exe (PID: 3568)
      • ChatAI_Chrome.exe (PID: 6908)
      • ChatAI_Chrome.exe (PID: 3876)
      • ChatAI_Chrome.exe (PID: 6796)
      • ChatAI_Chrome.exe (PID: 1076)
      • ChatAI_Chrome.exe (PID: 5032)
      • ChatAI_Chrome.exe (PID: 1216)
      • ChatAI_Chrome.exe (PID: 7004)

    • Reads the machine GUID from the registry

      • ChatAI_Chrome.exe (PID: 6908)
      • ChatAI_Chrome.exe (PID: 6192)
      • ChatAI_Chrome.exe (PID: 6248)
      • ChatAI_Chrome.exe (PID: 964)
      • ChatAI_Chrome.exe (PID: 6172)

    • Checks proxy server information

      • ChatAI_Chrome.exe (PID: 6908)
      • ChatAI_Chrome.exe (PID: 3324)
      • ChatAI_Chrome.exe (PID: 6720)
      • ChatAI_Chrome.exe (PID: 6252)

    • Create files in a temporary directory

      • ChatAI_Chrome.exe (PID: 6908)

    • Reads Microsoft Office registry keys

      • ChatAI_Chrome.exe (PID: 6908)

    • The process uses the downloaded file

      • ChatAI_Chrome.exe (PID: 3324)
      • ChatAI_Chrome.exe (PID: 6252)
      • ChatAI_Chrome.exe (PID: 6720)

    • Reads the software policy settings

      • ChatAI_Chrome.exe (PID: 6192)
      • ChatAI_Chrome.exe (PID: 964)
      • ChatAI_Chrome.exe (PID: 6248)

    • Dropped object may contain TOR URL's

      • ChatAI_Chrome.exe (PID: 1448)
      • ChatAI_Chrome.exe (PID: 6908)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
175
Monitored processes
41
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe setup_chrome.exe no specs setup_chrome.exe symsrv.exe no specs conhost.exe no specs chatai_chrome.exe chatai_chrome.exe chatai_chrome.exe chatai_chrome.exe no specs chatai_chrome.exe chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs textinputhost.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs chatai_chrome.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
32\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exesymsrv.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
240"C:\Program Files (x86)\ChatAI Chrome\ChatAI_Chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3536 --field-trial-handle=1960,i,2062086807548261591,15405586939769196937,131072 --disable-features=SafeBrowsingExtensionTelemetry /prefetch:8C:\Program Files (x86)\ChatAI Chrome\ChatAI_Chrome.exeChatAI_Chrome.exe
User:
admin
Company:
ChatAI Chrome
Integrity Level:
LOW
Description:
ChatAI Chrome
Exit code:
0
Version:
1.0.5.0
Modules
Images
c:\program files (x86)\chatai chrome\chatai_chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\program files (x86)\chatai chrome\1.0.5.0\chrome_elf.dll
240"C:\Program Files (x86)\ChatAI Chrome\ChatAI_Chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1948 --field-trial-handle=1960,i,2062086807548261591,15405586939769196937,131072 --disable-features=SafeBrowsingExtensionTelemetry /prefetch:8C:\Program Files (x86)\ChatAI Chrome\ChatAI_Chrome.exeChatAI_Chrome.exe
User:
admin
Company:
ChatAI Chrome
Integrity Level:
LOW
Description:
ChatAI Chrome
Exit code:
0
Version:
1.0.5.0
Modules
Images
c:\program files (x86)\chatai chrome\chatai_chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\program files (x86)\chatai chrome\1.0.5.0\chrome_elf.dll
872"C:\Program Files (x86)\ChatAI Chrome\ChatAI_Chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3420 --field-trial-handle=1960,i,2062086807548261591,15405586939769196937,131072 --disable-features=SafeBrowsingExtensionTelemetry /prefetch:8C:\Program Files (x86)\ChatAI Chrome\ChatAI_Chrome.exeChatAI_Chrome.exe
User:
admin
Company:
ChatAI Chrome
Integrity Level:
LOW
Description:
ChatAI Chrome
Exit code:
0
Version:
1.0.5.0
Modules
Images
c:\program files (x86)\chatai chrome\chatai_chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\program files (x86)\chatai chrome\1.0.5.0\chrome_elf.dll
896C:\WINDOWS\system32\svchost.exe -k DcomLaunch -pC:\Windows\System32\svchost.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\umpnpmgr.dll
c:\windows\system32\msvcrt.dll
964"C:\Program Files (x86)\ChatAI Chrome\ChatAI_Chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1960,i,2062086807548261591,15405586939769196937,131072 --disable-features=SafeBrowsingExtensionTelemetry /prefetch:8C:\Program Files (x86)\ChatAI Chrome\ChatAI_Chrome.exeChatAI_Chrome.exe
User:
admin
Company:
ChatAI Chrome
Integrity Level:
HIGH
Description:
ChatAI Chrome
Exit code:
0
Version:
1.0.5.0
Modules
Images
c:\program files (x86)\chatai chrome\chatai_chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\program files (x86)\chatai chrome\1.0.5.0\chrome_elf.dll
1076"C:\Program Files (x86)\ChatAI Chrome\ChatAI_Chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4228 --field-trial-handle=1960,i,2062086807548261591,15405586939769196937,131072 --disable-features=SafeBrowsingExtensionTelemetry /prefetch:1C:\Program Files (x86)\ChatAI Chrome\ChatAI_Chrome.exeChatAI_Chrome.exe
User:
admin
Company:
ChatAI Chrome
Integrity Level:
LOW
Description:
ChatAI Chrome
Version:
1.0.5.0
Modules
Images
c:\program files (x86)\chatai chrome\chatai_chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\program files (x86)\chatai chrome\1.0.5.0\chrome_elf.dll
1216"C:\Program Files (x86)\ChatAI Chrome\ChatAI_Chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5172 --field-trial-handle=1960,i,2062086807548261591,15405586939769196937,131072 --disable-features=SafeBrowsingExtensionTelemetry /prefetch:1C:\Program Files (x86)\ChatAI Chrome\ChatAI_Chrome.exeChatAI_Chrome.exe
User:
admin
Company:
ChatAI Chrome
Integrity Level:
LOW
Description:
ChatAI Chrome
Version:
1.0.5.0
Modules
Images
c:\program files (x86)\chatai chrome\chatai_chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\program files (x86)\chatai chrome\1.0.5.0\chrome_elf.dll
1448"C:\Program Files (x86)\ChatAI Chrome\ChatAI_Chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=348 --field-trial-handle=1960,i,2062086807548261591,15405586939769196937,131072 --disable-features=SafeBrowsingExtensionTelemetry /prefetch:8C:\Program Files (x86)\ChatAI Chrome\ChatAI_Chrome.exeChatAI_Chrome.exe
User:
admin
Company:
ChatAI Chrome
Integrity Level:
LOW
Description:
ChatAI Chrome
Exit code:
0
Version:
1.0.5.0
Modules
Images
c:\program files (x86)\chatai chrome\chatai_chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\program files (x86)\chatai chrome\1.0.5.0\chrome_elf.dll
1536"C:\Program Files (x86)\ChatAI Chrome\ChatAI_Chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3792 --field-trial-handle=1960,i,2062086807548261591,15405586939769196937,131072 --disable-features=SafeBrowsingExtensionTelemetry /prefetch:8C:\Program Files (x86)\ChatAI Chrome\ChatAI_Chrome.exeChatAI_Chrome.exe
User:
admin
Company:
ChatAI Chrome
Integrity Level:
LOW
Description:
ChatAI Chrome
Exit code:
0
Version:
1.0.5.0
Modules
Images
c:\program files (x86)\chatai chrome\chatai_chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\program files (x86)\chatai chrome\1.0.5.0\chrome_elf.dll
Total events
33 015
Read events
32 367
Write events
589
Delete events
59

Modification events

(PID) Process:(6300) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(6300) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(6300) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(6300) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\Setup_chrome.exe.7z
(PID) Process:(6300) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6300) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6300) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6300) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(896) svchost.exeKey:\REGISTRY\A\{44b0c5c4-e125-4a96-be0a-f7f9e6cf6a8d}\WorkItems\{7916aa30-4185-4273-8517-3be4fcab519e}
Operation:delete keyName:(default)
Value:
(PID) Process:(896) svchost.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy\HAM\AUI\CortanaUI\V1\LU
Operation:writeName:PCT
Value:
9F1554930BD9DA01
Executable files
25
Suspicious files
264
Text files
146
Unknown types
58

Dropped files

PID
Process
Filename
Type
3568Setup_chrome.exeC:\Program Files (x86)\ChatAI Chrome\installv2.zip
MD5:
SHA256:
3568Setup_chrome.exeC:\Program Files (x86)\ChatAI Chrome\1.0.5.0\chrome.dll
MD5:
SHA256:
3568Setup_chrome.exeC:\Program Files (x86)\ChatAI Chrome\1.0.5.0\icudtl.dat
MD5:
SHA256:
6300WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb6300.23234\Setup_chrome.exeexecutable
MD5:AA616C9606C43C93A169551FDA434DDF
SHA256:17D581913060BFC5E9EA6F27C5797DBD0DC4BCDE08DC9CCD5FD75A5180825436
3568Setup_chrome.exeC:\Program Files (x86)\ChatAI Chrome\1.0.5.0\chrome_200_percent.pakpgc
MD5:C2679CCF4D200C0939D0E5A4A254BB51
SHA256:3BF4DF62FBE0E930F97F860203D5D838C1DDB665E0BBDE7A87BCFDD5B88B8268
3568Setup_chrome.exeC:\Program Files (x86)\ChatAI Chrome\debug.logtext
MD5:DF348A41D5F95EF74FB214F310E575E2
SHA256:C0265D936AAF199B14D75689ED9E227C52F398B7BA51B255211D21741C43688B
3568Setup_chrome.exeC:\Program Files (x86)\ChatAI Chrome\1.0.5.0\chrome_100_percent.pakbinary
MD5:90EE0E71B421A06DBD0DDDFBCEF14836
SHA256:CF86AD83FE5CC788432F1F3CDF1D16B3620CD861ED71A58C617AE5AD96DCFD0F
3568Setup_chrome.exeC:\Program Files (x86)\ChatAI Chrome\uninstall.datini
MD5:90F2AFB4AD4B3B7AB2E47E344FEBC8AA
SHA256:EFC2635CD0ECC1CC9149C157C6CA0224422E5DA03AAD236D6BAE0B0364B18B36
3568Setup_chrome.exeC:\Program Files (x86)\ChatAI Chrome\1.0.5.0\eventlog_provider.dllexecutable
MD5:4D4F92867AF3B37C8C4BD311F48BCD52
SHA256:3B2D46A0AF4E190EB61844B91DFAD78FB5F01707B5BDC08AF82471A44CC677E3
3568Setup_chrome.exeC:\Program Files (x86)\ChatAI Chrome\uninstall.exeexecutable
MD5:450D61C7CF3CDDDC6A78120ABFF15D59
SHA256:CC469859CA895DBF690AED3DD61203232D0DADF839D7C47EE2C3829E98468A9E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
30
TCP/UDP connections
159
DNS requests
138
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
3568
Setup_chrome.exe
GET
219.153.187.135:80
http://zip.chatchrome.cn/installv2.zip
unknown
unknown
3844
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6700
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
896
svchost.exe
GET
200
2.19.126.144:80
http://www.msftconnecttest.com/connecttest.txt
unknown
whitelisted
6528
ChatAI_Chrome.exe
OPTIONS
200
111.180.188.241:81
http://tongbu.chatchrome.cn:81/usersrc/mustbook/list
unknown
unknown
6528
ChatAI_Chrome.exe
OPTIONS
200
111.180.188.241:81
http://tongbu.chatchrome.cn:81/getInfo
unknown
unknown
6528
ChatAI_Chrome.exe
GET
200
111.180.188.241:81
http://tongbu.chatchrome.cn:81/usersrc/mustbook/list
unknown
unknown
752
svchost.exe
GET
206
142.250.185.78:80
http://dl.google.com/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
unknown
whitelisted
752
svchost.exe
HEAD
403
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adpqvkfvmnkfl4g52htw6e7e2yzq_66/khaoiebndkojlmppeemjhbpbandiljpe_66_win_acs6eqqbgqw4p5n5jb6zwupd5f2a.crx3
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3888
svchost.exe
239.255.255.250:1900
whitelisted
192.168.100.255:138
whitelisted
5028
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3140
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5028
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5336
SearchApp.exe
104.126.37.145:443
www.bing.com
Akamai International B.V.
DE
unknown
5336
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3260
svchost.exe
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
  • 40.127.240.158
whitelisted
google.com
  • 142.250.74.206
whitelisted
www.bing.com
  • 104.126.37.145
  • 104.126.37.146
  • 104.126.37.155
  • 104.126.37.144
  • 104.126.37.152
  • 104.126.37.153
  • 104.126.37.160
  • 104.126.37.154
  • 104.126.37.147
  • 2.23.209.162
  • 2.23.209.160
  • 2.23.209.157
  • 2.23.209.163
  • 2.23.209.161
  • 2.23.209.158
  • 2.23.209.166
  • 2.23.209.167
  • 2.23.209.168
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
login.live.com
  • 20.190.159.2
  • 20.190.159.0
  • 20.190.159.75
  • 40.126.31.71
  • 20.190.159.64
  • 20.190.159.23
  • 20.190.159.73
  • 40.126.31.73
whitelisted
th.bing.com
  • 104.126.37.137
  • 104.126.37.131
  • 104.126.37.130
  • 104.126.37.146
  • 104.126.37.145
  • 104.126.37.147
  • 104.126.37.128
  • 104.126.37.152
  • 104.126.37.144
whitelisted
fd.api.iris.microsoft.com
  • 20.31.169.57
whitelisted
zip.chatchrome.cn
  • 219.153.187.135
  • 111.123.250.91
  • 111.123.250.88
  • 111.123.250.121
  • 111.123.250.232
  • 36.248.54.85
  • 221.204.72.204
  • 111.123.250.55
  • 61.240.220.214
  • 116.196.148.74
  • 111.123.250.114
  • 118.212.138.171
  • 211.91.65.194
  • 111.123.250.68
  • 123.6.37.241
unknown
arc.msn.com
  • 20.223.36.55
whitelisted

Threats

PID
Process
Class
Message
896
svchost.exe
Misc activity
ET INFO Microsoft Connection Test
Process
Message
ChatAI_Chrome.exe
[0814/073706.261:ERROR:crash_report_database_win.cc(614)] CreateDirectory C:\Users\admin\AppData\Local\ChatAI_Chrome\User Data\Crashpad: The system cannot find the path specified. (0x3)
ChatAI_Chrome.exe
[0814/073706.276:ERROR:registration_protocol_win.cc(135)] TransactNamedPipe: The pipe has been ended. (0x6D)
ChatAI_Chrome.exe
[0814/073706.276:ERROR:crash_report_database_win.cc(614)] CreateDirectory C:\Users\admin\AppData\Local\ChatAI_Chrome\User Data\Crashpad: The system cannot find the path specified. (0x3)
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Setup_chrome.exe.7z