URL:

https://docs.google.com/document/d/17h45DyasfOhEXEZXcOStKk1OQx7nYyKhv0KUmxxIchk/edit?usp=sharing

Full analysis: https://app.any.run/tasks/fb756415-ec25-4ba3-9689-a9524ec87240
Verdict: Malicious activity
Analysis date: February 21, 2020, 17:20:23
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

B31E54E0023839E7F631D7223B641F51

SHA1:

39CE6B2D67D641BAFC4C675723BFC772E1A1BF4F

SHA256:

FD747B9E28BC0DD0F120DE56D17ACDCE7B6C11C58F73535FE7809526BE049345

SSDEEP:

3:N8SP3unKJRBUfh1DN469GNRBYQ9/dnRsC:2SmKJsffR46kN0QjnqC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • GoogleUpdateWebPlugin.exe (PID: 2076)
      • GoogleUpdateWebPlugin.exe (PID: 3840)
      • GoogleUpdate.exe (PID: 2404)
      • GoogleUpdateSetup.exe (PID: 3560)
      • GoogleUpdate.exe (PID: 3732)
      • GoogleUpdateWebPlugin.exe (PID: 2084)
      • GoogleUpdateWebPlugin.exe (PID: 272)
      • GoogleUpdateSetup.exe (PID: 2336)
      • GoogleUpdate.exe (PID: 3356)
      • GoogleUpdate.exe (PID: 3136)
      • GoogleUpdateOnDemand.exe (PID: 2888)
      • GoogleUpdateOnDemand.exe (PID: 3692)

    • Loads dropped or rewritten executable

      • GoogleUpdate.exe (PID: 2532)
      • GoogleUpdate.exe (PID: 2404)
      • GoogleUpdate.exe (PID: 3732)
      • iexplore.exe (PID: 3292)
      • GoogleUpdate.exe (PID: 3052)
      • GoogleUpdate.exe (PID: 2796)
      • GoogleUpdate.exe (PID: 3004)
      • GoogleUpdate.exe (PID: 3356)
      • GoogleUpdate.exe (PID: 2424)
      • GoogleUpdate.exe (PID: 2368)
      • GoogleUpdate.exe (PID: 3136)
      • GoogleUpdate.exe (PID: 404)
      • GoogleUpdate.exe (PID: 4020)
      • GoogleUpdate.exe (PID: 3440)
      • GoogleUpdate.exe (PID: 572)
      • GoogleUpdate.exe (PID: 1116)
      • GoogleUpdate.exe (PID: 3496)

    • Changes settings of System certificates

      • GoogleUpdate.exe (PID: 3004)

  • SUSPICIOUS

    • Executed via COM

      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3128)
      • GoogleUpdateOnDemand.exe (PID: 2888)
      • GoogleUpdateOnDemand.exe (PID: 3692)

    • Executable content was dropped or overwritten

      • GoogleUpdate.exe (PID: 2532)
      • GoogleUpdateSetup.exe (PID: 3560)
      • GoogleUpdate.exe (PID: 2424)
      • GoogleUpdateSetup.exe (PID: 2336)

    • Creates files in the program directory

      • GoogleUpdateSetup.exe (PID: 3560)
      • GoogleUpdateSetup.exe (PID: 2336)

    • Starts Internet Explorer

      • GoogleUpdate.exe (PID: 572)

    • Application launched itself

      • GoogleUpdate.exe (PID: 4020)
      • GoogleUpdate.exe (PID: 3004)

    • Adds / modifies Windows certificates

      • GoogleUpdate.exe (PID: 3004)

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2524)
      • iexplore.exe (PID: 2632)
      • iexplore.exe (PID: 3292)
      • iexplore.exe (PID: 2676)

    • Changes internet zones settings

      • iexplore.exe (PID: 2524)

    • Application launched itself

      • iexplore.exe (PID: 2524)

    • Creates files in the user directory

      • iexplore.exe (PID: 2632)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3128)
      • iexplore.exe (PID: 3292)
      • iexplore.exe (PID: 2524)
      • iexplore.exe (PID: 2676)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2632)
      • iexplore.exe (PID: 3292)
      • iexplore.exe (PID: 2676)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2524)
      • GoogleUpdate.exe (PID: 3004)
      • iexplore.exe (PID: 2632)
      • iexplore.exe (PID: 3292)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2524)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2524)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
71
Monitored processes
30
Malicious processes
15
Suspicious processes
3

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs iexplore.exe googleupdatewebplugin.exe no specs googleupdatewebplugin.exe no specs googleupdate.exe googleupdate.exe no specs googleupdatesetup.exe googleupdate.exe no specs googleupdate.exe no specs googleupdate.exe googleupdate.exe googleupdatewebplugin.exe no specs googleupdatewebplugin.exe no specs googleupdate.exe googleupdate.exe no specs googleupdatesetup.exe googleupdate.exe no specs googleupdate.exe no specs googleupdate.exe googleupdate.exe no specs googleupdateondemand.exe no specs googleupdate.exe no specs googleupdateondemand.exe no specs googleupdate.exe no specs iexplore.exe no specs iexplore.exe googleupdate.exe googleupdate.exe

Process information

PID
CMD
Path
Indicators
Parent process
272"C:\Program Files\Google\Update\1.3.34.11\GoogleUpdateWebPlugin.exe" "https:%2F%2Fwww.google.com%2F" "%2Finstall%20%22appguid=%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid=%7BA0BF5797-BB74-FFDB-A36C-1187ED0ABBA5%7D%26lang=en%26browser=2%26usagestats=1%26appname=Google%2520Chrome%26needsadmin=prefers%26ap=stable-arch_x86-statsdef_1%26brand=SXXQ%26installdataindex=defaultbrowser%22" /installsource oneclickC:\Program Files\Google\Update\1.3.34.11\GoogleUpdateWebPlugin.exeiexplore.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Update
Exit code:
0
Version:
1.3.34.11
Modules
Images
c:\program files\google\update\1.3.34.11\googleupdatewebplugin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
404"C:\Program Files\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNC4xMSIgc2hlbGxfdmVyc2lvbj0iMS4zLjMzLjIzIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezhCMDlDNEQwLThERkMtNDcwMi04MTdBLTVGQUQwODY2MUVEQ30iIHVzZXJpZD0iezMxMDg1NkJFLUZCQzctNDBEQS04NDY0LUMzMjJDODgyREJDMn0iIGluc3RhbGxzb3VyY2U9Im9uZWNsaWNrIiByZXF1ZXN0aWQ9Ins4NkFCNzJDMy1FMTQ4LTQ1MzEtOUU1Ri0wOERFNDdBQTVFQzB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjMiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezQzMEZENEQwLUI3MjktNEY2MS1BQTM0LTkxNTI2NDgxNzk5RH0iIHZlcnNpb249IjEuMy4zNC4xMSIgbmV4dHZlcnNpb249IjEuMy4zNC4xMSIgbGFuZz0iZW4iIGJyYW5kPSJTWFhRIiBjbGllbnQ9IiIgaWlkPSJ7QTBCRjU3OTctQkI3NC1GRkRCLUEzNkMtMTE4N0VEMEFCQkE1fSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIyMDMiLz48L2FwcD48L3JlcXVlc3Q-C:\Program Files\Google\Update\GoogleUpdate.exe
GoogleUpdate.exe
User:
admin
Company:
Google Inc.
Integrity Level:
HIGH
Description:
Google Installer
Exit code:
0
Version:
1.3.33.23
Modules
Images
c:\program files\google\update\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
572"C:\Program Files\Google\Update\GoogleUpdate.exe" /ondemand C:\Program Files\Google\Update\GoogleUpdate.exeGoogleUpdateOnDemand.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Installer
Exit code:
0
Version:
1.3.33.23
Modules
Images
c:\program files\google\update\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
1116"C:\Program Files\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNC4xMSIgc2hlbGxfdmVyc2lvbj0iMS4zLjMzLjIzIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezhCMDlDNEQwLThERkMtNDcwMi04MTdBLTVGQUQwODY2MUVEQ30iIHVzZXJpZD0iezMxMDg1NkJFLUZCQzctNDBEQS04NDY0LUMzMjJDODgyREJDMn0iIGluc3RhbGxzb3VyY2U9Im9uZWNsaWNrIiByZXF1ZXN0aWQ9IntCQUI2MjI1OS1FMzhGLTQzNDUtQkI4Ri1GNDQxMEU3OThFNzZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjMiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzQy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJTWFhRIiBjbGllbnQ9IiIgaWlkPSJ7QTBCRjU3OTctQkI3NC1GRkRCLUEzNkMtMTE4N0VEMEFCQkE1fSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEwIiBlcnJvcmNvZGU9Ii0yMTQ3MjE5NzA1IiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0PgC:\Program Files\Google\Update\GoogleUpdate.exe
GoogleUpdate.exe
User:
admin
Company:
Google Inc.
Integrity Level:
HIGH
Description:
Google Installer
Exit code:
0
Version:
1.3.33.23
Modules
Images
c:\program files\google\update\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
2076"C:\Program Files\Google\Update\1.3.34.11\GoogleUpdateWebPlugin.exe" "https:%2F%2Fwww.google.com%2F" "%2Finstall%20%22appguid=%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid=%7BA0BF5797-BB74-FFDB-A36C-1187ED0ABBA5%7D%26lang=sv%26browser=2%26usagestats=1%26appname=Google%2520Chrome%26needsadmin=prefers%26ap=stable-arch_x86-statsdef_1%26brand=SXXQ%26installdataindex=defaultbrowser%22" /installsource oneclickC:\Program Files\Google\Update\1.3.34.11\GoogleUpdateWebPlugin.exeiexplore.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Update
Exit code:
0
Version:
1.3.34.11
Modules
Images
c:\program files\google\update\1.3.34.11\googleupdatewebplugin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2084"C:\Program Files\Google\Update\1.3.34.11\GoogleUpdateWebPlugin.exe" "https:%2F%2Fwww.google.com%2F" "%2Finstall%20%22appguid=%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid=%7BA0BF5797-BB74-FFDB-A36C-1187ED0ABBA5%7D%26lang=en%26browser=2%26usagestats=1%26appname=Google%2520Chrome%26needsadmin=prefers%26ap=stable-arch_x86-statsdef_1%26brand=SXXQ%26installdataindex=defaultbrowser%22" /installsource oneclickC:\Program Files\Google\Update\1.3.34.11\GoogleUpdateWebPlugin.exeiexplore.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Update
Exit code:
0
Version:
1.3.34.11
Modules
Images
c:\program files\google\update\1.3.34.11\googleupdatewebplugin.exe
c:\systemroot\system32\ntdll.dll
2336"C:\Users\admin\AppData\Local\Temp\{15B39B2E-01BD-4C88-ADCA-EC2A441DF597}\GoogleUpdateSetup.exe" /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={A0BF5797-BB74-FFDB-A36C-1187ED0ABBA5}&lang=en&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=stable-arch_x86-statsdef_1&brand=SXXQ&installdataindex=defaultbrowser" /installsource oneclick /installelevated /nomitagC:\Users\admin\AppData\Local\Temp\{15B39B2E-01BD-4C88-ADCA-EC2A441DF597}\GoogleUpdateSetup.exe
GoogleUpdate.exe
User:
admin
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Update Setup
Exit code:
2147747591
Version:
1.3.34.11
Modules
Images
c:\users\admin\appdata\local\temp\{15b39b2e-01bd-4c88-adca-ec2a441df597}\googleupdatesetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2368"C:\Program Files\Google\Update\GoogleUpdate.exe" /healthcheckC:\Program Files\Google\Update\GoogleUpdate.exeGoogleUpdate.exe
User:
admin
Company:
Google Inc.
Integrity Level:
HIGH
Description:
Google Installer
Exit code:
0
Version:
1.3.33.23
Modules
Images
c:\program files\google\update\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
2404"C:\Users\admin\AppData\Local\Temp\{5F8AFECF-A716-4EFB-BB9C-D49122158771}\GoogleUpdate.exe" /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={A0BF5797-BB74-FFDB-A36C-1187ED0ABBA5}&lang=sv&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=stable-arch_x86-statsdef_1&brand=SXXQ&installdataindex=defaultbrowser" /installsource oneclickC:\Users\admin\AppData\Local\Temp\{5F8AFECF-A716-4EFB-BB9C-D49122158771}\GoogleUpdate.exeGoogleUpdate.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Installer
Exit code:
2147747856
Version:
1.3.34.11
Modules
Images
c:\users\admin\appdata\local\temp\{5f8afecf-a716-4efb-bb9c-d49122158771}\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
2424"C:\Program Files\Google\Update\GoogleUpdate.exe" /pi "https:%2F%2Fwww.google.com%2F" "%2Finstall%20%22appguid=%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid=%7BA0BF5797-BB74-FFDB-A36C-1187ED0ABBA5%7D%26lang=en%26browser=2%26usagestats=1%26appname=Google%2520Chrome%26needsadmin=prefers%26ap=stable-arch_x86-statsdef_1%26brand=SXXQ%26installdataindex=defaultbrowser%22" /installsource oneclickC:\Program Files\Google\Update\GoogleUpdate.exe
GoogleUpdateWebPlugin.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Installer
Exit code:
0
Version:
1.3.33.23
Modules
Images
c:\program files\google\update\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
Total events
16 326
Read events
3 992
Write events
9 975
Delete events
2 359

Modification events

(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
1324436730
(PID) Process:(2524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30795995
(PID) Process:(2524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2524) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
Executable files
284
Suspicious files
97
Text files
130
Unknown types
132

Dropped files

PID
Process
Filename
Type
2632iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab81AB.tmp
MD5:
SHA256:
2632iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar81AC.tmp
MD5:
SHA256:
2632iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\PGXAICWX.txt
MD5:
SHA256:
2524iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2632iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288Bder
MD5:
SHA256:
2632iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85Cder
MD5:
SHA256:
2632iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_EE6FD365CEA70AC1381BEED92EFF2B2Dder
MD5:
SHA256:
2632iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288Bbinary
MD5:
SHA256:
2632iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85Cbinary
MD5:
SHA256:
2632iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\edit[1].htmhtml
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
47
TCP/UDP connections
201
DNS requests
44
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2632
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
2632
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDu3mVgzTXArwIAAAAAWXG3
US
der
472 b
whitelisted
2632
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
2632
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDu3mVgzTXArwIAAAAAWXG3
US
der
472 b
whitelisted
2632
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDvdxhhS3x8DggAAAAALnGY
US
der
472 b
whitelisted
2632
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEGbFlJeGAf%2B1AgAAAABXm8I%3D
US
der
471 b
whitelisted
2632
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDvdxhhS3x8DggAAAAALnGY
US
der
472 b
whitelisted
2632
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEGbFlJeGAf%2B1AgAAAABXm8I%3D
US
der
471 b
whitelisted
2632
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCaKXJiibI7zAgAAAAALC6E
US
der
472 b
whitelisted
2632
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCZXC%2BXyoEf%2BQgAAAAALnGl
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2632
iexplore.exe
172.217.16.142:443
docs.google.com
Google Inc.
US
whitelisted
2632
iexplore.exe
172.217.23.99:80
ocsp.pki.goog
Google Inc.
US
whitelisted
2524
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2632
iexplore.exe
172.217.18.164:443
www.google.com
Google Inc.
US
whitelisted
2632
iexplore.exe
172.217.22.67:443
fonts.gstatic.com
Google Inc.
US
whitelisted
2632
iexplore.exe
172.217.23.131:443
ssl.gstatic.com
Google Inc.
US
whitelisted
2632
iexplore.exe
172.217.23.161:443
lh6.googleusercontent.com
Google Inc.
US
whitelisted
2632
iexplore.exe
172.217.22.35:443
www.gstatic.com
Google Inc.
US
whitelisted
2632
iexplore.exe
172.217.16.174:443
apis.google.com
Google Inc.
US
whitelisted
2632
iexplore.exe
172.217.23.110:443
play.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
docs.google.com
  • 172.217.16.142
shared
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.pki.goog
  • 172.217.23.99
whitelisted
www.google.com
  • 172.217.18.164
malicious
fonts.gstatic.com
  • 172.217.22.67
whitelisted
ssl.gstatic.com
  • 172.217.23.131
whitelisted
lh6.googleusercontent.com
  • 172.217.23.161
whitelisted
www.gstatic.com
  • 172.217.22.35
whitelisted
apis.google.com
  • 172.217.16.174
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE - Served Attached HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://docs.google.com/document/d/17h45DyasfOhEXEZXcOStKk1OQx7nYyKhv0KUmxxIchk/edit?usp=sharing