File name:

Disk Image File.ico

Full analysis: https://app.any.run/tasks/cf01c4b2-c828-4e3f-a0d6-b3909bd681ab
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Malware Trends Tracker     >>>
Analysis date: April 03, 2021, 19:21:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
ransomware
wannacry
wannacryptor
Indicators:
MIME: image/x-icon
File info: MS Windows icon resource - 14 icons, 256x256, 16 colors with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
MD5:

581EE046C1B7AB20C9E8F832C03283A2

SHA1:

2ECB0E179A866F7C6849000843FC06B14F39662A

SHA256:

FBF9D5063336BC7CFB9CDE7473B7F849A8D41717940F2BD00BD2FAC7DCA714C6

SSDEEP:

1536:SDVgfV/Ka6Kbp75R0LDgMH0xGA4LeWHNWqzxiPHUmDv3K30:cgQRKh5RugyAUMHx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Bonzify.exe (PID: 912)
      • Bonzify.exe (PID: 3492)
      • INSTALLER.exe (PID: 4064)
      • WannaCrypt0r.exe (PID: 2908)
      • INSTALLER.exe (PID: 3748)
      • PCToaster.exe (PID: 3288)
      • @WanaDecryptor@.exe (PID: 3000)
      • @WanaDecryptor@.exe (PID: 3700)
      • PCToaster.exe (PID: 3816)
      • PCToaster.exe (PID: 952)
      • taskhsvc.exe (PID: 3068)
      • taskdl.exe (PID: 3340)
      • PCToaster.exe (PID: 2780)
      • @WanaDecryptor@.exe (PID: 912)
      • taskdl.exe (PID: 3716)

    • Drops executable file immediately after starts

      • INSTALLER.exe (PID: 4064)
      • INSTALLER.exe (PID: 3748)
      • WannaCrypt0r.exe (PID: 2908)

    • Registers / Runs the DLL via REGSVR32.EXE

      • INSTALLER.exe (PID: 4064)
      • INSTALLER.exe (PID: 3748)

    • Changes the autorun value in the registry

      • INSTALLER.exe (PID: 3748)

    • Steals credentials from Web Browsers

      • WannaCrypt0r.exe (PID: 2908)

    • Writes file to Word startup folder

      • WannaCrypt0r.exe (PID: 2908)

    • Actions looks like stealing of personal data

      • WannaCrypt0r.exe (PID: 2908)

    • Loads dropped or rewritten executable

      • regsvr32.exe (PID: 3244)
      • regsvr32.exe (PID: 3628)
      • regsvr32.exe (PID: 3844)
      • regsvr32.exe (PID: 2272)
      • Bonzify.exe (PID: 3492)
      • regsvr32.exe (PID: 2576)
      • regsvr32.exe (PID: 2680)
      • AgentSvr.exe (PID: 4000)
      • INSTALLER.exe (PID: 3748)
      • INSTALLER.exe (PID: 4064)
      • conhost.exe (PID: 2224)
      • taskhsvc.exe (PID: 3068)
      • SearchProtocolHost.exe (PID: 2128)
      • conhost.exe (PID: 3616)
      • @WanaDecryptor@.exe (PID: 912)
      • conhost.exe (PID: 3116)
      • conhost.exe (PID: 4088)
      • consent.exe (PID: 1024)
      • consent.exe (PID: 3908)
      • attrib.exe (PID: 1568)
      • diskpart.exe (PID: 3992)

    • Modifies files in Chrome extension folder

      • WannaCrypt0r.exe (PID: 2908)

    • WannaCry Ransomware was detected

      • WannaCrypt0r.exe (PID: 2908)
      • cmd.exe (PID: 3816)

    • Changes AppInit_DLLs value (autorun option)

      • Bonzify.exe (PID: 3492)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 2160)
      • chrome.exe (PID: 2532)
      • Bonzify.exe (PID: 3492)
      • INSTALLER.exe (PID: 4064)
      • INSTALLER.exe (PID: 3748)
      • WannaCrypt0r.exe (PID: 2908)
      • @WanaDecryptor@.exe (PID: 3000)

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2532)

    • Drops a file that was compiled in debug mode

      • chrome.exe (PID: 2532)
      • chrome.exe (PID: 2160)
      • Bonzify.exe (PID: 3492)
      • INSTALLER.exe (PID: 4064)
      • INSTALLER.exe (PID: 3748)
      • @WanaDecryptor@.exe (PID: 3000)

    • Starts Internet Explorer

      • rundll32.exe (PID: 1948)

    • Drops a file with too old compile date

      • Bonzify.exe (PID: 3492)
      • INSTALLER.exe (PID: 4064)
      • INSTALLER.exe (PID: 3748)
      • WannaCrypt0r.exe (PID: 2908)
      • @WanaDecryptor@.exe (PID: 3000)

    • Creates files in the Windows directory

      • Bonzify.exe (PID: 3492)
      • INSTALLER.exe (PID: 4064)
      • INSTALLER.exe (PID: 3748)

    • Starts CMD.EXE for commands execution

      • Bonzify.exe (PID: 3492)
      • WannaCrypt0r.exe (PID: 2908)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 1544)

    • Uses ICACLS.EXE to modify access control list

      • cmd.exe (PID: 1544)
      • WannaCrypt0r.exe (PID: 2908)

    • Removes files from Windows directory

      • INSTALLER.exe (PID: 4064)
      • INSTALLER.exe (PID: 3748)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 3148)
      • regsvr32.exe (PID: 2476)
      • regsvr32.exe (PID: 2272)
      • regsvr32.exe (PID: 3844)
      • regsvr32.exe (PID: 3244)
      • regsvr32.exe (PID: 3096)
      • regsvr32.exe (PID: 2576)
      • regsvr32.exe (PID: 2680)
      • regsvr32.exe (PID: 3628)

    • Drops a file with a compile date too recent

      • INSTALLER.exe (PID: 3748)

    • Creates a software uninstall entry

      • INSTALLER.exe (PID: 3748)

    • Executed via COM

      • AgentSvr.exe (PID: 4000)

    • Uses ATTRIB.EXE to modify file attributes

      • WannaCrypt0r.exe (PID: 2908)
      • javaw.exe (PID: 2136)

    • Creates files like Ransomware instruction

      • WannaCrypt0r.exe (PID: 2908)

    • Creates files in the user directory

      • WannaCrypt0r.exe (PID: 2908)
      • taskhsvc.exe (PID: 3068)

    • Creates files in the program directory

      • WannaCrypt0r.exe (PID: 2908)

    • Executes JAVA applets

      • PCToaster.exe (PID: 3816)

  • INFO

    • Manual execution by user

      • chrome.exe (PID: 2532)
      • WinRAR.exe (PID: 2676)
      • rundll32.exe (PID: 2960)
      • WinRAR.exe (PID: 3736)
      • WinRAR.exe (PID: 2548)
      • rundll32.exe (PID: 1948)
      • rundll32.exe (PID: 1640)
      • Bonzify.exe (PID: 3492)
      • WannaCrypt0r.exe (PID: 2908)
      • PCToaster.exe (PID: 3816)
      • PCToaster.exe (PID: 3288)
      • PCToaster.exe (PID: 2780)
      • Bonzify.exe (PID: 912)
      • PCToaster.exe (PID: 952)

    • Reads the hosts file

      • chrome.exe (PID: 2532)
      • chrome.exe (PID: 2160)

    • Application launched itself

      • chrome.exe (PID: 2532)
      • iexplore.exe (PID: 2820)

    • Changes internet zones settings

      • iexplore.exe (PID: 2820)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 1592)

    • Creates files in the user directory

      • iexplore.exe (PID: 1592)

    • Reads internet explorer settings

      • iexplore.exe (PID: 1592)

    • Dropped object may contain Bitcoin addresses

      • Bonzify.exe (PID: 3492)
      • WannaCrypt0r.exe (PID: 2908)
      • taskhsvc.exe (PID: 3068)

    • Dropped object may contain URL to Tor Browser

      • WannaCrypt0r.exe (PID: 2908)

    • Dropped object may contain TOR URL's

      • WannaCrypt0r.exe (PID: 2908)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.ico | Windows Icon (36.3)
.ico | Windows Icon (even big) (36.3)
.mpg/mpeg | MPEG Video (27.2)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
161
Monitored processes
102
Malicious processes
9
Suspicious processes
3

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start rundll32.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe no specs winrar.exe no specs winrar.exe no specs rundll32.exe no specs rundll32.exe no specs iexplore.exe no specs iexplore.exe rundll32.exe no specs bonzify.exe no specs bonzify.exe cmd.exe no specs taskkill.exe no specs takeown.exe no specs icacls.exe no specs installer.exe regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs agentsvr.exe no specs grpconv.exe no specs installer.exe regsvr32.exe no specs regsvr32.exe no specs grpconv.exe no specs agentsvr.exe #WANNACRY wannacrypt0r.exe attrib.exe no specs icacls.exe no specs taskdl.exe no specs cmd.exe no specs pctoaster.exe no specs @wanadecryptor@.exe #WANNACRY cmd.exe no specs @wanadecryptor@.exe no specs pctoaster.exe javaw.exe no specs taskhsvc.exe conhost.exe no specs searchprotocolhost.exe no specs pctoaster.exe no specs attrib.exe no specs pctoaster.exe no specs conhost.exe no specs consent.exe no specs consent.exe no specs diskpart.exe no specs conhost.exe no specs @wanadecryptor@.exe no specs taskdl.exe no specs cmd.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
688"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,15222848274186966134,7008346503686790717,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16395258898287575808 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
912"C:\Users\admin\Desktop\Bonzify.exe" C:\Users\admin\Desktop\Bonzify.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\bonzify.exe
c:\systemroot\system32\ntdll.dll
912@WanaDecryptor@.exeC:\Users\admin\Desktop\@WanaDecryptor@.exeWannaCrypt0r.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Load PerfMon Counters
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\users\admin\desktop\bonzify.exe
c:\users\admin\desktop\@wanadecryptor@.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
952"C:\Users\admin\Desktop\PCToaster.exe" C:\Users\admin\Desktop\PCToaster.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\pctoaster.exe
c:\systemroot\system32\ntdll.dll
968cmd /c 185131617477964.batC:\Windows\system32\cmd.exeWannaCrypt0r.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1012"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,15222848274186966134,7008346503686790717,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=10589114837675371587 --mojo-platform-channel-handle=3352 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1024consent.exe 868 294 00198360C:\Windows\system32\consent.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Consent UI for administrative applications
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\consent.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1220"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,15222848274186966134,7008346503686790717,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=5685756219510635615 --mojo-platform-channel-handle=3992 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1228"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,15222848274186966134,7008346503686790717,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=11576549866614769496 --mojo-platform-channel-handle=3988 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1380"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,15222848274186966134,7008346503686790717,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7296974299540522767 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
4 219
Read events
3 603
Write events
593
Delete events
23

Modification events

(PID) Process:(2392) rundll32.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
rundll32.exe
(PID) Process:(2392) rundll32.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows Photo Viewer\Viewer
Operation:writeName:MainWndPos
Value:
6000000034000000A00400008002000000000000
(PID) Process:(3712) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:2532-13261951321814000
Value:
259
(PID) Process:(2532) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2532) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2532) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(2532) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(2532) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2532) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(2532) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
Executable files
41
Suspicious files
585
Text files
446
Unknown types
23

Dropped files

PID
Process
Filename
Type
2532chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6068C05A-9E4.pma
MD5:
SHA256:
2532chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\0b612839-8fb6-4141-8247-bfbe2296be03.tmp
MD5:
SHA256:
2532chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000048.dbtmp
MD5:
SHA256:
2532chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RFd3d19.TMPtext
MD5:
SHA256:
2532chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RFd3dd4.TMPtext
MD5:
SHA256:
2532chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:
SHA256:
2532chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:
SHA256:
2532chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:
SHA256:
2532chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
MD5:
SHA256:
2532chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old~RFd3f9a.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
58
DNS requests
34
Threats
10

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1592
iexplore.exe
GET
301
2.16.186.27:80
http://shell.windows.com/fileassoc/fileassoc.asp?Ext=PetrWrap(Wiper)
unknown
whitelisted
1592
iexplore.exe
GET
302
104.111.242.51:80
http://go.microsoft.com/fwlink/?LinkId=57426&Ext=PetrWrap(Wiper)
NL
whitelisted
1592
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D
US
der
1.47 Kb
whitelisted
1592
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D
US
der
1.47 Kb
whitelisted
2160
chrome.exe
GET
302
142.250.186.78:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
520 b
whitelisted
2160
chrome.exe
GET
200
173.194.139.6:80
http://r1---sn-aigzrn7k.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mh=e_&mip=102.129.202.10&mm=28&mn=sn-aigzrn7k&ms=nvh&mt=1617477379&mv=m&mvi=1&pl=25&shardbypass=yes
US
crx
242 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2160
chrome.exe
142.250.185.170:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2160
chrome.exe
142.250.185.228:443
www.google.com
Google Inc.
US
whitelisted
2160
chrome.exe
142.250.185.206:443
ogs.google.com.ua
Google Inc.
US
whitelisted
2160
chrome.exe
142.250.186.131:443
www.google.co.uk
Google Inc.
US
whitelisted
2160
chrome.exe
142.250.74.206:443
clients2.google.com
Google Inc.
US
whitelisted
2160
chrome.exe
142.250.186.65:443
clients2.googleusercontent.com
Google Inc.
US
whitelisted
2160
chrome.exe
142.250.186.142:443
apis.google.com
Google Inc.
US
whitelisted
2160
chrome.exe
142.250.186.67:443
www.gstatic.com
Google Inc.
US
whitelisted
2160
chrome.exe
142.250.186.78:80
redirector.gvt1.com
Google Inc.
US
whitelisted
2160
chrome.exe
173.194.139.6:80
r1---sn-aigzrn7k.gvt1.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 172.217.16.131
whitelisted
accounts.google.com
  • 172.217.23.109
shared
www.google.com.ua
  • 142.250.185.67
whitelisted
fonts.googleapis.com
  • 142.250.185.170
whitelisted
www.gstatic.com
  • 142.250.186.67
whitelisted
fonts.gstatic.com
  • 172.217.16.131
whitelisted
apis.google.com
  • 142.250.186.142
whitelisted
ogs.google.com.ua
  • 142.250.185.206
whitelisted
www.google.com
  • 142.250.185.228
malicious
www.google.co.uk
  • 142.250.186.131
whitelisted

Threats

PID
Process
Class
Message
3068
taskhsvc.exe
Misc Attack
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 222
3068
taskhsvc.exe
Misc Attack
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 716
3068
taskhsvc.exe
Misc activity
ET POLICY TLS possible TOR SSL traffic
3068
taskhsvc.exe
Misc activity
ET POLICY TLS possible TOR SSL traffic
3068
taskhsvc.exe
Potential Corporate Privacy Violation
POLICY [PTsecurity] TOR SSL connection
3068
taskhsvc.exe
Misc Attack
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 568
3068
taskhsvc.exe
Misc Attack
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 652
3068
taskhsvc.exe
Misc Attack
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 755
3068
taskhsvc.exe
Misc activity
ET POLICY TLS possible TOR SSL traffic
3068
taskhsvc.exe
Misc activity
ET POLICY TLS possible TOR SSL traffic
Process
Message
AgentSvr.exe
ClaimOutput
AgentSvr.exe
UnclaimOutput
AgentSvr.exe
ClaimOutput
AgentSvr.exe
UnclaimOutput
AgentSvr.exe
ClaimOutput
AgentSvr.exe
UnclaimOutput
AgentSvr.exe
ClaimOutput
AgentSvr.exe
UnclaimOutput
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Disk Image File.ico