File name:

Artifacts-2025-05-28_07-07-56Z.zip

Full analysis: https://app.any.run/tasks/13ba7c97-d543-4186-8c62-fcfb3656d479
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 28, 2025, 07:23:18
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-exec
loader
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=AES Encrypted
MD5:

2A4A6F52F4A086212F736144765EB62F

SHA1:

74A22EE9784E980E8657AA9F696AC60733ABA8DE

SHA256:

E628C7B9BB9D511A95C83414580059A13576ADAFA3E86EA12F179C8C6D009D2E

SSDEEP:

49152:ALHob00C25uNAzanVrJ7rNfVMMWwwQDkcrbn4m7Js3Y9q8xCDr6b/rP8xlND8Mh3:ALII0T5MAEhJ7rNPHwQ5bL76I9zxCibu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • setup.exe (PID: 6676)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdateSetup.exe (PID: 1072)
      • 137.0.7151.56_chrome_installer.exe (PID: 6656)
      • setup.exe (PID: 6676)

    • Reads security settings of Internet Explorer

      • GoogleUpdate.exe (PID: 6840)
      • GoogleUpdate.exe (PID: 2904)
      • GoogleUpdate.exe (PID: 3272)

    • Potential Corporate Privacy Violation

      • svchost.exe (PID: 6004)

    • Process requests binary or script from the Internet

      • svchost.exe (PID: 6004)

    • Application launched itself

      • setup.exe (PID: 6676)
      • setup.exe (PID: 2516)
      • GoogleUpdate.exe (PID: 3272)

    • There is functionality for taking screenshot (YARA)

      • GoogleUpdate.exe (PID: 6840)

    • Searches for installed software

      • setup.exe (PID: 6676)

    • Creates a software uninstall entry

      • setup.exe (PID: 6676)
      • chrome.exe (PID: 3036)

  • INFO

    • Manual execution by a user

      • ChromeSetup.exe (PID: 4284)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 5124)
      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdateSetup.exe (PID: 1072)
      • 137.0.7151.56_chrome_installer.exe (PID: 6656)
      • setup.exe (PID: 6676)

    • Checks supported languages

      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdate.exe (PID: 6840)
      • GoogleUpdate.exe (PID: 2904)
      • GoogleUpdate.exe (PID: 2140)
      • GoogleUpdate.exe (PID: 4408)
      • GoogleUpdateSetup.exe (PID: 1072)
      • 137.0.7151.56_chrome_installer.exe (PID: 6656)
      • setup.exe (PID: 6676)
      • setup.exe (PID: 3332)
      • setup.exe (PID: 2516)
      • setup.exe (PID: 1056)
      • GoogleUpdate.exe (PID: 7128)
      • GoogleUpdateOnDemand.exe (PID: 4016)
      • GoogleUpdate.exe (PID: 4376)
      • elevation_service.exe (PID: 4736)
      • GoogleUpdate.exe (PID: 3272)

    • Create files in a temporary directory

      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdate.exe (PID: 3272)
      • svchost.exe (PID: 6004)

    • The sample compiled with czech language support

      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdateSetup.exe (PID: 1072)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 5124)

    • The sample compiled with bulgarian language support

      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdateSetup.exe (PID: 1072)

    • The sample compiled with german language support

      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdateSetup.exe (PID: 1072)

    • The sample compiled with Indonesian language support

      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdateSetup.exe (PID: 1072)

    • The sample compiled with arabic language support

      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdateSetup.exe (PID: 1072)

    • The sample compiled with Italian language support

      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdateSetup.exe (PID: 1072)

    • The sample compiled with japanese language support

      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdateSetup.exe (PID: 1072)

    • The sample compiled with french language support

      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdateSetup.exe (PID: 1072)

    • The sample compiled with korean language support

      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdateSetup.exe (PID: 1072)

    • The sample compiled with portuguese language support

      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdateSetup.exe (PID: 1072)

    • The sample compiled with slovak language support

      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdateSetup.exe (PID: 1072)

    • The sample compiled with swedish language support

      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdateSetup.exe (PID: 1072)

    • The sample compiled with russian language support

      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdateSetup.exe (PID: 1072)

    • The sample compiled with chinese language support

      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdateSetup.exe (PID: 1072)

    • The sample compiled with polish language support

      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdateSetup.exe (PID: 1072)

    • Reads the computer name

      • GoogleUpdate.exe (PID: 6840)
      • GoogleUpdate.exe (PID: 2904)
      • GoogleUpdate.exe (PID: 2140)
      • GoogleUpdate.exe (PID: 4408)
      • GoogleUpdate.exe (PID: 3272)
      • 137.0.7151.56_chrome_installer.exe (PID: 6656)
      • setup.exe (PID: 6676)
      • setup.exe (PID: 2516)
      • GoogleUpdate.exe (PID: 4376)
      • GoogleUpdate.exe (PID: 7128)
      • elevation_service.exe (PID: 4736)

    • The sample compiled with turkish language support

      • ChromeSetup.exe (PID: 4284)
      • GoogleUpdateSetup.exe (PID: 1072)

    • Process checks computer location settings

      • GoogleUpdate.exe (PID: 6840)
      • GoogleUpdate.exe (PID: 2904)

    • Creates files in the program directory

      • GoogleUpdateSetup.exe (PID: 1072)
      • GoogleUpdate.exe (PID: 2140)
      • GoogleUpdate.exe (PID: 3272)
      • GoogleUpdate.exe (PID: 2904)
      • GoogleUpdate.exe (PID: 4408)
      • 137.0.7151.56_chrome_installer.exe (PID: 6656)
      • setup.exe (PID: 6676)
      • setup.exe (PID: 2516)
      • GoogleUpdate.exe (PID: 4376)

    • Checks proxy server information

      • GoogleUpdate.exe (PID: 4408)
      • GoogleUpdate.exe (PID: 4376)
      • GoogleUpdate.exe (PID: 3272)

    • Reads the software policy settings

      • GoogleUpdate.exe (PID: 4408)
      • GoogleUpdate.exe (PID: 4376)
      • GoogleUpdate.exe (PID: 3272)

    • Reads the machine GUID from the registry

      • GoogleUpdate.exe (PID: 3272)

    • Creates files or folders in the user directory

      • GoogleUpdate.exe (PID: 3272)

    • Launch of the file from Registry key

      • setup.exe (PID: 6676)

    • Executes as Windows Service

      • elevation_service.exe (PID: 4736)

    • Application launched itself

      • chrome.exe (PID: 3036)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0009
ZipCompression: Unknown (99)
ZipModifyDate: 2025:05:28 07:07:56
ZipCRC: 0x03ff3fc2
ZipCompressedSize: 1320232
ZipUncompressedSize: 1414600
ZipFileName: ChromeSetup.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
209
Monitored processes
70
Malicious processes
3
Suspicious processes
3

Behavior graph

Click at the process to see the details
start winrar.exe chromesetup.exe googleupdate.exe no specs googleupdatesetup.exe googleupdate.exe no specs googleupdate.exe no specs googleupdate.exe googleupdate.exe svchost.exe 137.0.7151.56_chrome_installer.exe setup.exe setup.exe no specs setup.exe no specs setup.exe no specs googleupdate.exe googleupdateondemand.exe no specs googleupdate.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe elevation_service.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs slui.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
900"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --disable-quic --force-high-res-timeticks=disabled --field-trial-handle=2012,i,3330710019588255205,17834560374873153072,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
137.0.7151.56
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1056"C:\Program Files (x86)\Google\Update\Install\{1A9C893C-B71A-4E95-B7CC-59F2FC584E5F}\CR_C9D24.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\WINDOWS\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=137.0.7151.56 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x7ff683597ae0,0x7ff683597aec,0x7ff683597af8C:\Program Files (x86)\Google\Update\Install\{1A9C893C-B71A-4E95-B7CC-59F2FC584E5F}\CR_C9D24.tmp\setup.exesetup.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome Installer
Exit code:
0
Version:
137.0.7151.56
Modules
Images
c:\program files (x86)\google\update\install\{1a9c893c-b71a-4e95-b7cc-59f2fc584e5f}\cr_c9d24.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\acgenral.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1072"C:\Users\admin\AppData\Local\Temp\GUM24BB.tmp\GoogleUpdateSetup.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={36B844C9-49F3-F852-EB4E-D659324ABE2B}&lang=ru&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installelevated /nomitagC:\Users\admin\AppData\Local\Temp\GUM24BB.tmp\GoogleUpdateSetup.exe
GoogleUpdate.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Update Setup
Exit code:
0
Version:
1.3.36.132
Modules
Images
c:\users\admin\appdata\local\temp\gum24bb.tmp\googleupdatesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
1128"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --force-high-res-timeticks=disabled --field-trial-handle=2012,i,3330710019588255205,17834560374873153072,262144 --variations-seed-version --mojo-platform-channel-handle=7004 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
137.0.7151.56
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\137.0.7151.56\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1168"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --force-high-res-timeticks=disabled --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=2012,i,3330710019588255205,17834560374873153072,262144 --variations-seed-version --mojo-platform-channel-handle=4036 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
137.0.7151.56
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\137.0.7151.56\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1268"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --force-high-res-timeticks=disabled --field-trial-handle=2012,i,3330710019588255205,17834560374873153072,262144 --variations-seed-version --mojo-platform-channel-handle=6712 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
137.0.7151.56
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1512"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --force-high-res-timeticks=disabled --field-trial-handle=2012,i,3330710019588255205,17834560374873153072,262144 --variations-seed-version --mojo-platform-channel-handle=5064 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
137.0.7151.56
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\137.0.7151.56\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1764"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --force-high-res-timeticks=disabled --field-trial-handle=2012,i,3330710019588255205,17834560374873153072,262144 --variations-seed-version --mojo-platform-channel-handle=6796 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
137.0.7151.56
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2140"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /healthcheckC:\Program Files (x86)\Google\Update\GoogleUpdate.exeGoogleUpdate.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Installer
Exit code:
0
Version:
1.3.36.51
Modules
Images
c:\program files (x86)\google\update\googleupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2152"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --force-high-res-timeticks=disabled --field-trial-handle=2012,i,3330710019588255205,17834560374873153072,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
137.0.7151.56
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\137.0.7151.56\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
20 639
Read events
19 760
Write events
837
Delete events
42

Modification events

(PID) Process:(5124) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(6840) GoogleUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Update
Operation:delete valueName:uid
Value:
(PID) Process:(6840) GoogleUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Update
Operation:delete valueName:old-uid
Value:
(PID) Process:(2904) GoogleUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:delete valueName:usagestats
Value:
(PID) Process:(2140) GoogleUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\uid
Operation:writeName:GPd4b5bu
Value:
(PID) Process:(2140) GoogleUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\UsageStats\Daily\Counts
Operation:writeName:opt_in_uid_generated
Value:
0100000000000000
(PID) Process:(2140) GoogleUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\UsageStats\Daily\Integers
Operation:writeName:omaha_version
Value:
7401240003000100
(PID) Process:(2140) GoogleUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\UsageStats\Daily\Booleans
Operation:writeName:is_system_install
Value:
01000000
(PID) Process:(2140) GoogleUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\UsageStats\Daily\Counts
Operation:writeName:goopdate_main
Value:
0100000000000000
(PID) Process:(2140) GoogleUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\UsageStats\Daily\Counts
Operation:writeName:goopdate_constructor
Value:
0100000000000000
Executable files
144
Suspicious files
289
Text files
73
Unknown types
232

Dropped files

PID
Process
Filename
Type
4284ChromeSetup.exeC:\Users\admin\AppData\Local\Temp\GUM24BB.tmp\goopdateres_am.dllexecutable
MD5:3D047B2327FDC1490D35DE702CABFD87
SHA256:DD0E5047FE6036F3FBEA9D04C7563AFDB31BD88E42F19879D75299C685C08DD5
5124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb5124.32745\ChromeSetup.exeexecutable
MD5:58718C4EEEFB32DE66DC3974CFCE3B4C
SHA256:6DC613C026E8748AA2989FEA210BE217FED94B07BEA778B0CB88E84047F64FE8
4284ChromeSetup.exeC:\Users\admin\AppData\Local\Temp\GUM24BB.tmp\goopdateres_bg.dllexecutable
MD5:DB8908B6627859104BFCA1E777743B25
SHA256:BB6569AD79623EED5F042982C2FE2808D8A9CD2B85B98D9BD0A0CF8999C31EBA
4284ChromeSetup.exeC:\Users\admin\AppData\Local\Temp\GUM24BB.tmp\goopdate.dllexecutable
MD5:C0AFC2FD557628F98AC9B7834CE7D966
SHA256:B31ED15EEB3E535D1318A566000ADC069B793FD0F19BA9AE18342F7656121596
4284ChromeSetup.exeC:\Users\admin\AppData\Local\Temp\GUM24BB.tmp\GoogleUpdateComRegisterShell64.exeexecutable
MD5:54FDEF34EC0349A9C8EE543CAFA25109
SHA256:974EC719D34AC9AF4D37681A8A6DFEB24F3DD136B2681BE09DBC86AFB6D9F616
4284ChromeSetup.exeC:\Users\admin\AppData\Local\Temp\GUM24BB.tmp\goopdateres_ar.dllexecutable
MD5:7129735AA717DAE6A2DAB0574E31CEFF
SHA256:F4A1A5B7749BAFD84927AE0A281DB0EEE2E2A1CE9CD77CA08165F8BC587CC3B3
4284ChromeSetup.exeC:\Users\admin\AppData\Local\Temp\GUM24BB.tmp\psuser.dllexecutable
MD5:D3217F2666EDDA95DA637FADBD21C4F8
SHA256:82F6A7D67430736FC91F85E4CA3757D50CA3E212275C5DBA7CBE59B92571FA84
4284ChromeSetup.exeC:\Users\admin\AppData\Local\Temp\GUM24BB.tmp\GoogleCrashHandler64.exeexecutable
MD5:71E73162F75EF1C1094F8E8AC5E9BED3
SHA256:2AE4D76B2037BF4EA615E92C7064272C93FC6A5CD649A95502234F6F32B9B151
4284ChromeSetup.exeC:\Users\admin\AppData\Local\Temp\GUM24BB.tmp\psmachine.dllexecutable
MD5:4AE48B9B9E2ED8F7079D07DBB13813E1
SHA256:35665180CA7ACD542C1C5ED09F07C59005E77B3E5181C916B17079075B32B1AF
4284ChromeSetup.exeC:\Users\admin\AppData\Local\Temp\GUM24BB.tmp\goopdateres_bn.dllexecutable
MD5:949AAE7ECDE2E0D1EC1E78E925DD86AD
SHA256:ADC617B5E3E647355E47006D5B9A130341323C1345FADD25EE880BBA89EB95D3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
31
TCP/UDP connections
74
DNS requests
78
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.216.77.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6544
svchost.exe
GET
200
23.63.118.230:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1116
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1116
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
3272
GoogleUpdate.exe
GET
200
216.58.212.163:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
3272
GoogleUpdate.exe
GET
200
216.58.212.163:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
3272
GoogleUpdate.exe
GET
200
216.58.206.35:80
http://o.pki.goog/we2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTuMJxAT2trYla0jia%2F5EUSmLrk3QQUdb7Ed66J9kQ3fc%2BxaB8dGuvcNFkCEGXWjqQNO7dNEog5tJx4f5A%3D
unknown
whitelisted
6004
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome/adlrlnvy7s5suwrh4x5fzaye66qq_137.0.7151.56/137.0.7151.56_chrome_installer.exe
unknown
whitelisted
6004
svchost.exe
GET
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome/adlrlnvy7s5suwrh4x5fzaye66qq_137.0.7151.56/137.0.7151.56_chrome_installer.exe
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5496
MoUsoCoreWorker.exe
23.216.77.42:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2112
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
40.126.32.74:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
23.63.118.230:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
5796
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.78
whitelisted
crl.microsoft.com
  • 23.216.77.42
  • 23.216.77.25
whitelisted
www.microsoft.com
  • 2.23.181.156
  • 2.23.246.101
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
login.live.com
  • 40.126.32.74
  • 20.190.160.65
  • 40.126.32.133
  • 20.190.160.132
  • 20.190.160.5
  • 40.126.32.138
  • 20.190.160.20
  • 20.190.160.128
whitelisted
ocsp.digicert.com
  • 23.63.118.230
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted
update.googleapis.com
  • 172.217.16.195
whitelisted

Threats

PID
Process
Class
Message
6004
svchost.exe
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
6004
svchost.exe
Misc activity
ET INFO EXE - Served Attached HTTP
6004
svchost.exe
Misc activity
ET INFO Packed Executable Download
6248
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6248
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Artifacts-2025-05-28_07-07-56Z.zip