URL:

https://melonds.kuribo64.net/downloads.php

Full analysis: https://app.any.run/tasks/1a10ea9f-9cac-4489-9946-8820d37cf91f
Verdict: Malicious activity
Analysis date: April 26, 2023, 19:36:23
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MD5:

722119306B2288D7E660D7087A70FA60

SHA1:

260879CB2297A9D55378B722ED9051E054BACEAF

SHA256:

F03B17B34AB469F629A2C6B16138CADE735148D228CB836B580A32664BD4678B

SSDEEP:

3:N8U1WAqdLoKBKXLV:2U1WA7K8h

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executes as Windows Service

      • elevation_service.exe (PID: 3420)
      • elevation_service.exe (PID: 5852)

    • Reads settings of System Certificates

      • ChromeRecovery.exe (PID: 6052)

    • Executable content was dropped or overwritten

      • elevation_service.exe (PID: 5852)

    • Application launched itself

      • melonDS.exe (PID: 1340)
      • melonDS.exe (PID: 2248)
      • melonDS.exe (PID: 2592)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 5808)
      • chrmstp.exe (PID: 1912)
      • chrmstp.exe (PID: 6628)

    • Checks supported languages

      • elevation_service.exe (PID: 3420)
      • melonDS.exe (PID: 2248)
      • elevation_service.exe (PID: 5852)
      • ChromeRecovery.exe (PID: 6052)
      • melonDS.exe (PID: 1340)
      • melonDS.exe (PID: 2592)
      • melonDS.exe (PID: 3344)

    • Reads the computer name

      • elevation_service.exe (PID: 3420)
      • melonDS.exe (PID: 2248)
      • ChromeRecovery.exe (PID: 6052)
      • melonDS.exe (PID: 1340)
      • elevation_service.exe (PID: 5852)
      • melonDS.exe (PID: 2592)
      • melonDS.exe (PID: 3344)

    • The process checks LSA protection

      • elevation_service.exe (PID: 3420)
      • melonDS.exe (PID: 2248)
      • slui.exe (PID: 6432)
      • elevation_service.exe (PID: 5852)
      • ChromeRecovery.exe (PID: 6052)
      • melonDS.exe (PID: 2592)
      • melonDS.exe (PID: 1340)
      • melonDS.exe (PID: 3344)

    • The process uses the downloaded file

      • chrome.exe (PID: 4884)
      • chrome.exe (PID: 1108)
      • chrome.exe (PID: 2916)
      • chrome.exe (PID: 5576)
      • WinRAR.exe (PID: 4200)
      • chrome.exe (PID: 4432)
      • chrome.exe (PID: 884)

    • Manual execution by a user

      • WinRAR.exe (PID: 4200)
      • melonDS.exe (PID: 2248)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 4000)
      • WinRAR.exe (PID: 4200)

    • Create files in a temporary directory

      • chrome.exe (PID: 5808)

    • Creates files in the program directory

      • elevation_service.exe (PID: 5852)

    • Checks proxy server information

      • slui.exe (PID: 6432)

    • Reads the software policy settings

      • slui.exe (PID: 6432)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
172
Monitored processes
42
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs elevation_service.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe chrome.exe no specs chrome.exe no specs melonds.exe no specs slui.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs elevation_service.exe chromerecovery.exe no specs melonds.exe no specs melonds.exe no specs melonds.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
884"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=1912,i,413309715464633948,3511911459348500909,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
112.0.5615.50
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\google\chrome\application\112.0.5615.50\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1076"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3948 --field-trial-handle=1912,i,413309715464633948,3511911459348500909,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
112.0.5615.50
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\google\chrome\application\112.0.5615.50\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1108"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 --field-trial-handle=1912,i,413309715464633948,3511911459348500909,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
112.0.5615.50
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\google\chrome\application\112.0.5615.50\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1264"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4876 --field-trial-handle=1912,i,413309715464633948,3511911459348500909,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
112.0.5615.50
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\google\chrome\application\112.0.5615.50\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1340C:\Users\admin\Documents\melon\melonDS.exe C:\Users\admin\Documents\melon\melonDS.exemelonDS.exe
User:
admin
Company:
Melon Factory of Kuribo64
Integrity Level:
MEDIUM
Description:
melonDS emulator
Exit code:
0
Version:
0.9.5
Modules
Images
c:\windows\system32\ntdll.dll
c:\users\admin\documents\melon\melonds.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
1652"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1912,i,413309715464633948,3511911459348500909,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
112.0.5615.50
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\program files\google\chrome\application\112.0.5615.50\chrome_elf.dll
c:\windows\system32\sechost.dll
1744"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1912,i,413309715464633948,3511911459348500909,131072 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
112.0.5615.50
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\112.0.5615.50\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1912"C:\Program Files\Google\Chrome\Application\112.0.5615.50\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0C:\Program Files\Google\Chrome\Application\112.0.5615.50\Installer\chrmstp.exechrmstp.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome Installer
Exit code:
73
Version:
112.0.5615.50
Modules
Images
c:\program files\google\chrome\application\112.0.5615.50\installer\chrmstp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
1984"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1912,i,413309715464633948,3511911459348500909,131072 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
112.0.5615.50
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\112.0.5615.50\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2248"C:\Users\admin\Documents\melon\melonDS.exe" C:\Users\admin\Documents\melon\melonDS.exeexplorer.exe
User:
admin
Company:
Melon Factory of Kuribo64
Integrity Level:
MEDIUM
Description:
melonDS emulator
Exit code:
0
Version:
0.9.5
Modules
Images
c:\users\admin\documents\melon\melonds.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rpcrt4.dll
Total events
33 388
Read events
33 230
Write events
148
Delete events
10

Modification events

(PID) Process:(5808) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(5808) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:GlobalAssocChangedCounter
Value:
39
(PID) Process:(5808) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(1912) chrmstp.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
Operation:writeName:FavoritesResolve
Value:
B20200004C0000000114020000000000C00000000000004683008000200000002A04B02FAAB7D801B3D1B42FAAB7D80155FC7D2FAAB7D8014209000000000000010000000000000000000000000000001E013A001F80C827341F105C1042AA032EE45287D668260001002600EFBE12000000E9E9C368AF27D3012EDF76ACA9B7D801F568B22FAAB7D8011400560031000000000018555D5911005461736B42617200400009000400EFBE274B1B4018555D592E000000058A0200000005000000000000000000000000000000D6C802005400610073006B00420061007200000016008C0032004209000018555D5920004D4943524F537E312E4C4E4B0000560009000400EFBE18555D5918555D592E0000006FC50000000004000000000000000000000000000000ABD034004D006900630072006F0073006F0066007400200045006400670065002E006C006E006B0000001C001A0000001D00EFBE02004D005300450064006700650000001C0000009D0000001C000000010000001C0000002D000000000000009C0000001100000003000000FA99B7261000000000433A5C55736572735C61646D696E5C417070446174615C526F616D696E675C4D6963726F736F66745C496E7465726E6574204578706C6F7265725C517569636B204C61756E63685C557365722050696E6E65645C5461736B4261725C4D6963726F736F667420456467652E6C6E6B000060000000030000A058000000000000006465736B746F702D6A676C6C6A6C640064D4FD8DD0913E488A778CA768B799805F4440C69C23ED11B4AB18F7786F96EE64D4FD8DD0913E488A778CA768B799805F4440C69C23ED11B4AB18F7786F96EE45000000090000A03900000031535053B1166D44AD8D7048A748402EA43D788C1D000000680000000048000000725E5C2FA985EB1190A89A9B76358421000000000000000000000000210300004C0000000114020000000000C00000000000004683008000200000007D43EB6CAF27D3017D43EB6CAF27D301DD21942857DFD1019701000000000000010000000000000000000000000000008E013A001F80C827341F105C1042AA032EE45287D668260001002600EFBE12000000E9E9C368AF27D301FEE1E86CAF27D301FEE1E86CAF27D30114005600310000000000274B1B4011005461736B42617200400009000400EFBE274B1B40274B1B402E000000A88E0100000001000000000000000000000000000000833BF4005400610073006B0042006100720000001600FC00320097010000F048555D200046494C4545587E312E4C4E4B00007C0009000400EFBE274B1B40274B1B402E000000A98E01000000010000000000000000005200000000002383CF00460069006C00650020004500780070006C006F007200650072002E006C006E006B00000040007300680065006C006C00330032002E0064006C006C002C002D003200320030003600370000001C00220000001E00EFBE02005500730065007200500069006E006E006500640000001C00420000001D00EFBE02004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E004500780070006C006F0072006500720000001C0000009C0000001C000000010000001C0000002D000000000000009B0000001100000003000000FA99B7261000000000433A5C55736572735C61646D696E5C417070446174615C526F616D696E675C4D6963726F736F66745C496E7465726E6574204578706C6F7265725C517569636B204C61756E63685C557365722050696E6E65645C5461736B4261725C46696C65204578706C6F7265722E6C6E6B000060000000030000A058000000000000006465736B746F702D6A676C6C6A6C640064D4FD8DD0913E488A778CA768B79980ABF5E88CA293E711B4245254004AAD1164D4FD8DD0913E488A778CA768B79980ABF5E88CA293E711B4245254004AAD1145000000090000A03900000031535053B1166D44AD8D7048A748402EA43D788C1D000000680000000048000000B52F24F3000000000000501F00000000000000000000000000000000D10200004C0000000114020000000000C0000000000000468300800020000000EFB59A0A457AD701EFB59A0A457AD70139686D0A457AD701ED030000000000000100000000000000000000000000000044013A001F80C827341F105C1042AA032EE45287D668260001002600EFBE12000000E9E9C368AF27D301929B4CECC1D0D301929B4CECC1D0D30114005600310000000000F052496A11005461736B42617200400009000400EFBE274B1B40F052496A2E00000058CC0300000003000000000000000000000000000000119300005400610073006B0042006100720000001600B2003200ED030000F052496A200046697265666F782E6C6E6B00480009000400EFBEF052496AF052496A2E000000ABAB0000000004000000000000000000000000000000C7E02D00460069007200650066006F0078002E006C006E006B0000001A00220000001E00EFBE02005500730065007200500069006E006E006500640000001A002E0000001D00EFBE0200330030003800300034003600420030004100460034004100330039004300420000001A000000960000001C000000010000001C0000002D00000000000000950000001100000003000000FA99B7261000000000433A5C55736572735C61646D696E5C417070446174615C526F616D696E675C4D6963726F736F66745C496E7465726E6574204578706C6F7265725C517569636B204C61756E63685C557365722050696E6E65645C5461736B4261725C46697265666F782E6C6E6B000060000000030000A058000000000000006465736B746F702D6A676C6C6A6C640064D4FD8DD0913E488A778CA768B799804A4DEABB37E6EB11B47718F7786F96EE64D4FD8DD0913E488A778CA768B799804A4DEABB37E6EB11B47718F7786F96EE45000000090000A03900000031535053B1166D44AD8D7048A748402EA43D788C1D000000680000000048000000725E5C2FA985EB1190A89A9B76358421000000000000000000000000370300004C0000000114020000000000C00000000000004683008000200000006D22EB10467AD7016D22EB10467AD7015C60C710467AD701760700000000000001000000000000000000000000000000A2013A001F80C827341F105C1042AA032EE45287D668260001002600EFBE12000000E9E9C368AF27D301929B4CECC1D0D301929B4CECC1D0D30114005600310000000000F052346B11005461736B42617200400009000400EFBE274B1B40F052346B2E00000058CC030000000300000000000000000000000000000093FF23015400610073006B00420061007200000016001001320076070000F052336B20004F50455241317E312E4C4E4B0000580009000400EFBEF052346BF052346B2E000000B3B40000000003000000000000000000000000000000A49416004F007000650072006100310032002E0031003500200031003700340038002E006C006E006B0000001C00220000001E00EFBE02005500730065007200500069006E006E006500640000001C007A0000001D00EFBE02007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C004F0070006500720061005C006F0070006500720061002E0065007800650000001C0000009E0000001C000000010000001C0000002D000000000000009D0000001100000003000000FA99B7261000000000433A5C55736572735C61646D696E5C417070446174615C526F616D696E675C4D6963726F736F66745C496E7465726E6574204578706C6F7265725C517569636B204C61756E63685C557365722050696E6E65645C5461736B4261725C4F7065726131322E313520313734382E6C6E6B000060000000030000A058000000000000006465736B746F702D6A676C6C6A6C640064D4FD8DD0913E488A778CA768B79980C3FD470D39E6EB11B47818F7786F96EE64D4FD8DD0913E488A778CA768B79980C3FD470D39E6EB11B47818F7786F96EE45000000090000A03900000031535053B1166D44AD8D7048A748402EA43D788C1D000000680000000048000000725E5C2FA985EB1190A89A9B76358421000000000000000000000000
(PID) Process:(1912) chrmstp.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
Operation:writeName:Favorites
Value:
001E0100003A001F80C827341F105C1042AA032EE45287D668260001002600EFBE12000000E9E9C368AF27D3012EDF76ACA9B7D801F568B22FAAB7D8011400560031000000000018555D5911005461736B42617200400009000400EFBE274B1B4018555D592E000000058A0200000005000000000000000000000000000000D6C802005400610073006B00420061007200000016008C0032004209000018555D5920004D4943524F537E312E4C4E4B0000560009000400EFBE18555D5918555D592E0000006FC50000000004000000000000000000000000000000ABD034004D006900630072006F0073006F0066007400200045006400670065002E006C006E006B0000001C001A0000001D00EFBE02004D005300450064006700650000001C00000000920100003A001F80C827341F105C1042AA032EE45287D668260001002600EFBE12000000E9E9C368AF27D301FEE1E86CAF27D301FEE1E86CAF27D30114005600310000000000274B1B4011005461736B42617200400009000400EFBE274B1B40274B1B402E000000A88E0100000001000000000000000000000000000000833BF4005400610073006B00420061007200000016000001320097010000F048555D200046494C4545587E312E4C4E4B00007C0009000400EFBE274B1B40274B1B402E000000A98E01000000010000000000000000005200000000002383CF00460069006C00650020004500780070006C006F007200650072002E006C006E006B00000040007300680065006C006C00330032002E0064006C006C002C002D003200320030003600370000001C00420000001D00EFBE02004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E004500780070006C006F0072006500720000001C00260000001E00EFBE0200530079007300740065006D00500069006E006E006500640000001C00000000440100003A001F80C827341F105C1042AA032EE45287D668260001002600EFBE12000000E9E9C368AF27D301929B4CECC1D0D301929B4CECC1D0D30114005600310000000000F052496A11005461736B42617200400009000400EFBE274B1B40F052496A2E00000058CC0300000003000000000000000000000000000000119300005400610073006B0042006100720000001600B2003200ED030000F052496A200046697265666F782E6C6E6B00480009000400EFBEF052496AF052496A2E000000ABAB0000000004000000000000000000000000000000C7E02D00460069007200650066006F0078002E006C006E006B0000001A00220000001E00EFBE02005500730065007200500069006E006E006500640000001A002E0000001D00EFBE0200330030003800300034003600420030004100460034004100330039004300420000001A00000000A20100003A001F80C827341F105C1042AA032EE45287D668260001002600EFBE12000000E9E9C368AF27D301929B4CECC1D0D301929B4CECC1D0D30114005600310000000000F052346B11005461736B42617200400009000400EFBE274B1B40F052346B2E00000058CC030000000300000000000000000000000000000093FF23015400610073006B00420061007200000016001001320076070000F052336B20004F50455241317E312E4C4E4B0000580009000400EFBEF052346BF052346B2E000000B3B40000000003000000000000000000000000000000A49416004F007000650072006100310032002E0031003500200031003700340038002E006C006E006B0000001C00220000001E00EFBE02005500730065007200500069006E006E006500640000001C007A0000001D00EFBE02007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C004F0070006500720061005C006F0070006500720061002E0065007800650000001C000000FF
(PID) Process:(1912) chrmstp.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
Operation:writeName:FavoritesChanges
Value:
12
(PID) Process:(1912) chrmstp.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
Operation:writeName:FavoritesVersion
Value:
3
(PID) Process:(1912) chrmstp.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:GlobalAssocChangedCounter
Value:
40
(PID) Process:(4432) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(4432) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
8
Suspicious files
167
Text files
238
Unknown types
5

Dropped files

PID
Process
Filename
Type
5808chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
MD5:
SHA256:
5808chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\First Run
MD5:
SHA256:
5808chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferencesbinary
MD5:000C910C2FDF3B954C523A0FFA3C1794
SHA256:79677DC35F3BA050D4AD3DCEE016378DB04C9212611BF2DCA5F8396CFE45A570
5808chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datbinary
MD5:FC81892AC822DCBB09441D3B58B47125
SHA256:FB077C966296D02D50CCBF7F761D2A3311A206A784A7496F331C2B0D6AD205C8
5808chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000001.dbtmptext
MD5:46295CAC801E5D4857D09837238A6394
SHA256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
5808chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Variationsbinary
MD5:961E3604F228B0D10541EBF921500C86
SHA256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
5808chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000001binary
MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
SHA256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
5808chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\33263d58-d2ec-400a-b24b-80ca65528605.tmptext
MD5:0736F546C62DDE5581D445ECE3B7443E
SHA256:8A140428AC74BAA4799BED38DF5562EF775294C5488EC63D35BFF435B012EC0F
5808chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\0d4611fa-58a2-41dd-937c-1cfd837e76c7.tmpbinary
MD5:5058F1AF8388633F609CADB75A75DC9D
SHA256:
5808chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.icoimage
MD5:EF36A84AD2BC23F79D171C604B56DE29
SHA256:E9EECF02F444877E789D64C2290D6922BD42E2F2FE9C91A1381959ACD3292831
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
22
TCP/UDP connections
67
DNS requests
36
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4420
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rzgupy2nqocui26rvxpe5scoa_389/lmelglejhemejginpboagddgdfbepgmp_389_all_ZZ_ivmhoilgskkpiasz3mpfm2baze.crx3
US
whitelisted
4736
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
binary
1.47 Kb
whitelisted
4420
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rzgupy2nqocui26rvxpe5scoa_389/lmelglejhemejginpboagddgdfbepgmp_389_all_ZZ_ivmhoilgskkpiasz3mpfm2baze.crx3
US
binary
1.09 Kb
whitelisted
3044
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
der
418 b
whitelisted
5756
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
whitelisted
4420
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rzgupy2nqocui26rvxpe5scoa_389/lmelglejhemejginpboagddgdfbepgmp_389_all_ZZ_ivmhoilgskkpiasz3mpfm2baze.crx3
US
binary
1.26 Kb
whitelisted
4420
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3
US
binary
18.9 Kb
whitelisted
3044
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
der
409 b
whitelisted
4420
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
US
binary
683 Kb
whitelisted
4420
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3
US
binary
86.4 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5952
MoUsoCoreWorker.exe
2.18.233.62:80
AKAMAI-AS
DE
whitelisted
4736
SearchApp.exe
2.16.186.203:443
Akamai International B.V.
DE
whitelisted
5756
svchost.exe
20.190.159.71:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4736
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4736
SearchApp.exe
2.16.187.50:443
www.bing.com
Akamai International B.V.
DE
whitelisted
5288
chrome.exe
142.250.186.110:443
sb-ssl.google.com
GOOGLE
US
whitelisted
5756
svchost.exe
20.190.159.4:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5756
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3044
SIHClient.exe
20.3.187.198:443
fe3cr.delivery.mp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
suspicious
3044
SIHClient.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
melonds.kuribo64.net
  • 174.138.8.161
unknown
accounts.google.com
  • 216.58.212.141
shared
officeclient.microsoft.com
  • 52.109.32.24
whitelisted
www.google.com
  • 216.58.212.132
  • 172.217.23.100
malicious
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.bing.com
  • 2.16.187.50
  • 2.16.187.48
  • 2.16.187.51
  • 2.16.187.67
  • 2.16.187.42
  • 2.16.187.58
  • 2.16.187.59
  • 2.16.187.64
  • 2.16.187.66
whitelisted
r.bing.com
  • 2.16.187.50
  • 2.16.187.58
  • 2.16.187.59
  • 2.16.187.17
  • 2.16.187.48
  • 2.16.187.51
  • 2.16.187.26
  • 2.16.187.42
  • 2.16.187.16
whitelisted
optimizationguide-pa.googleapis.com
  • 216.58.212.138
  • 142.250.185.74
  • 142.250.185.138
  • 142.250.185.234
  • 216.58.212.170
  • 172.217.23.106
  • 172.217.18.106
  • 142.250.184.234
  • 142.250.186.74
  • 142.250.185.202
  • 142.250.185.106
  • 142.250.185.170
  • 172.217.16.202
  • 142.250.186.170
  • 142.250.74.202
  • 142.250.184.202
whitelisted
sb-ssl.google.com
  • 142.250.186.110
whitelisted
slscr.update.microsoft.com
  • 13.85.23.86
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://melonds.kuribo64.net/downloads.php