URL:

http://cloudaxus.com/file/144f150

Full analysis: https://app.any.run/tasks/70ca5060-beda-452e-996b-d455328a373e
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: March 23, 2024, 15:46:43
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
DownloadAssistant
zgrat
Indicators:
MD5:

FF74554AEF3C8505C66980E419FD4B39

SHA1:

FD3F4D265095A3CC47247C12FB3BC2F5F0B10C22

SHA256:

FD7C1D8EED4541A3FD5EBA632F0758077631086FF321FA3DEF03AE1348000A58

SSDEEP:

3:N1KdJKQBEdWKzoU4QV:C6gKLV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • synapse-x_MDIZBHgAib.exe (PID: 2584)
      • synapse-x_MDIZBHgAib.exe (PID: 1308)
      • synapse-x_MDIZBHgAib.tmp (PID: 1216)
      • __.exe (PID: 2356)
      • setup.exe (PID: 2016)
      • setup.exe (PID: 864)
      • installer.exe (PID: 2788)
      • AdGuardVpnSvc.exe (PID: 2668)

    • Registers / Runs the DLL via REGSVR32.EXE

      • synapse-x_MDIZBHgAib.tmp (PID: 1216)

    • DOWNLOADASSISTANT has been detected (SURICATA)

      • phpdesignerpro.exe (PID: 2760)

    • Changes the autorun value in the registry

      • installer.exe (PID: 2788)
      • setup.exe (PID: 864)

    • [YARA] zgRAT detected by memory dumps

      • AdGuardVpn.exe (PID: 2892)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • synapse-x_MDIZBHgAib.exe (PID: 2584)
      • synapse-x_MDIZBHgAib.exe (PID: 1308)
      • synapse-x_MDIZBHgAib.tmp (PID: 1216)
      • __.exe (PID: 2356)
      • setup.exe (PID: 2016)
      • setup.exe (PID: 864)
      • installer.exe (PID: 2788)
      • AdGuardVpnSvc.exe (PID: 2668)

    • Reads the Windows owner or organization settings

      • synapse-x_MDIZBHgAib.tmp (PID: 1216)

    • Process drops legitimate windows executable

      • synapse-x_MDIZBHgAib.tmp (PID: 1216)
      • setup.exe (PID: 864)

    • The process drops C-runtime libraries

      • synapse-x_MDIZBHgAib.tmp (PID: 1216)

    • Reads the Internet Settings

      • __.exe (PID: 2356)
      • setup.exe (PID: 864)
      • AdGuardVpn.exe (PID: 2892)

    • Reads security settings of Internet Explorer

      • __.exe (PID: 2356)
      • setup.exe (PID: 864)
      • AdGuardVpnSvc.exe (PID: 2668)
      • AdGuardVpn.exe (PID: 2892)

    • Checks Windows Trust Settings

      • __.exe (PID: 2356)
      • AdGuardVpnSvc.exe (PID: 2668)

    • Reads settings of System Certificates

      • __.exe (PID: 2356)
      • setup.exe (PID: 864)

    • Adds/modifies Windows certificates

      • __.exe (PID: 2356)
      • AdGuardVpnSvc.exe (PID: 2668)

    • The process creates files with name similar to system file names

      • setup.exe (PID: 864)

    • Process requests binary or script from the Internet

      • setup.exe (PID: 864)

    • Searches for installed software

      • installer.exe (PID: 2788)
      • setup.exe (PID: 864)

    • Starts itself from another location

      • setup.exe (PID: 864)

    • Creates a software uninstall entry

      • installer.exe (PID: 2788)

    • Executes as Windows Service

      • AdGuardVpnSvc.exe (PID: 2668)

    • Starts SC.EXE for service management

      • setup.exe (PID: 864)
      • AdGuardVpnSvc.exe (PID: 2668)

    • Drops a system driver (possible attempt to evade defenses)

      • AdGuardVpnSvc.exe (PID: 2668)

    • Starts CMD.EXE for commands execution

      • AdGuardVpnSvc.exe (PID: 2668)

    • The process executes via Task Scheduler

      • AdGuardVpn.exe (PID: 2892)

    • Process uses IPCONFIG to clear DNS cache

      • cmd.exe (PID: 3768)

  • INFO

    • Manual execution by a user

      • synapse-x_MDIZBHgAib.exe (PID: 1308)
      • explorer.exe (PID: 3660)
      • __.exe (PID: 3728)
      • __.exe (PID: 2356)

    • The process uses the downloaded file

      • chrome.exe (PID: 3156)
      • WinRAR.exe (PID: 3356)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 2080)
      • WinRAR.exe (PID: 3356)

    • Drops the executable file immediately after the start

      • chrome.exe (PID: 2080)
      • WinRAR.exe (PID: 3356)

    • Checks supported languages

      • synapse-x_MDIZBHgAib.exe (PID: 1308)
      • synapse-x_MDIZBHgAib.tmp (PID: 1216)
      • synapse-x_MDIZBHgAib.tmp (PID: 3912)
      • synapse-x_MDIZBHgAib.exe (PID: 2584)
      • phpdesignerpro.exe (PID: 2760)
      • __.exe (PID: 2356)
      • setup.exe (PID: 2016)
      • setup.exe (PID: 864)
      • installer.exe (PID: 2788)
      • AdGuardVpnSvc.exe (PID: 2668)
      • AdGuardVpn.exe (PID: 2892)

    • Create files in a temporary directory

      • synapse-x_MDIZBHgAib.tmp (PID: 1216)
      • synapse-x_MDIZBHgAib.exe (PID: 1308)
      • synapse-x_MDIZBHgAib.exe (PID: 2584)
      • __.exe (PID: 2356)
      • setup.exe (PID: 864)
      • installer.exe (PID: 2788)

    • Application launched itself

      • chrome.exe (PID: 2124)

    • Reads the computer name

      • synapse-x_MDIZBHgAib.tmp (PID: 3912)
      • phpdesignerpro.exe (PID: 2760)
      • __.exe (PID: 2356)
      • synapse-x_MDIZBHgAib.tmp (PID: 1216)
      • setup.exe (PID: 864)
      • installer.exe (PID: 2788)
      • AdGuardVpnSvc.exe (PID: 2668)
      • AdGuardVpn.exe (PID: 2892)

    • Creates a software uninstall entry

      • synapse-x_MDIZBHgAib.tmp (PID: 1216)

    • Reads the machine GUID from the registry

      • phpdesignerpro.exe (PID: 2760)
      • __.exe (PID: 2356)
      • setup.exe (PID: 864)
      • installer.exe (PID: 2788)
      • AdGuardVpnSvc.exe (PID: 2668)
      • AdGuardVpn.exe (PID: 2892)

    • Checks proxy server information

      • __.exe (PID: 2356)

    • Creates files or folders in the user directory

      • synapse-x_MDIZBHgAib.tmp (PID: 1216)
      • __.exe (PID: 2356)
      • AdGuardVpn.exe (PID: 2892)

    • Reads the software policy settings

      • __.exe (PID: 2356)
      • setup.exe (PID: 864)
      • AdGuardVpnSvc.exe (PID: 2668)

    • Reads Environment values

      • setup.exe (PID: 864)
      • AdGuardVpnSvc.exe (PID: 2668)
      • AdGuardVpn.exe (PID: 2892)

    • Creates files in the program directory

      • setup.exe (PID: 864)
      • installer.exe (PID: 2788)
      • AdGuardVpnSvc.exe (PID: 2668)
      • AdGuardVpn.exe (PID: 2892)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
122
Monitored processes
51
Malicious processes
11
Suspicious processes
0

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs winrar.exe chrome.exe no specs explorer.exe no specs synapse-x_mdizbhgaib.exe synapse-x_mdizbhgaib.tmp no specs synapse-x_mdizbhgaib.exe synapse-x_mdizbhgaib.tmp regsvr32.exe no specs #DOWNLOADASSISTANT phpdesignerpro.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs __.exe no specs __.exe setup.exe setup.exe installer.exe adguardvpnsvc.exe sc.exe no specs cmd.exe no specs schtasks.exe no specs cmd.exe no specs ipconfig.exe no specs sc.exe no specs sc.exe no specs cmd.exe no specs schtasks.exe no specs #ZGRAT adguardvpn.exe cmd.exe no specs schtasks.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
784"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3612 --field-trial-handle=1180,i,12250987845429103511,18118916202663290162,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
864"C:\Windows\Temp\{7B25C83B-D1EB-4C91-9072-FC77F3BDA082}\.cr\setup.exe" -burn.clean.room="C:\Users\admin\AppData\Local\Temp\adguard\setup.exe" -burn.filehandle.attached=268 -burn.filehandle.self=276 "AID=31220"C:\Windows\Temp\{7B25C83B-D1EB-4C91-9072-FC77F3BDA082}\.cr\setup.exe
setup.exe
User:
admin
Company:
Adguard Software Limited
Integrity Level:
HIGH
Description:
AdGuardVPN
Exit code:
0
Version:
2.2.1271.0
Modules
Images
c:\windows\temp\{7b25c83b-d1eb-4c91-9072-fc77f3bda082}\.cr\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
952"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=3536 --field-trial-handle=1180,i,12250987845429103511,18118916202663290162,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
980"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3344 --field-trial-handle=1180,i,12250987845429103511,18118916202663290162,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1216"C:\Users\admin\AppData\Local\Temp\is-3B57A.tmp\synapse-x_MDIZBHgAib.tmp" /SL5="$601EC,4085412,56832,C:\Users\admin\Downloads\synapse-x_MDIZBHgAib\synapse-x_MDIZBHgAib.exe" /SPAWNWND=$50238 /NOTIFYWND=$9020C C:\Users\admin\AppData\Local\Temp\is-3B57A.tmp\synapse-x_MDIZBHgAib.tmp
synapse-x_MDIZBHgAib.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-3b57a.tmp\synapse-x_mdizbhgaib.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
1308"C:\Users\admin\Downloads\synapse-x_MDIZBHgAib\synapse-x_MDIZBHgAib.exe" C:\Users\admin\Downloads\synapse-x_MDIZBHgAib\synapse-x_MDIZBHgAib.exe
explorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
PHP Designer Pro Setup
Version:
Modules
Images
c:\users\admin\downloads\synapse-x_mdizbhgaib\synapse-x_mdizbhgaib.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
1348"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=1360 --field-trial-handle=1180,i,12250987845429103511,18118916202663290162,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1376"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=956 --field-trial-handle=1180,i,12250987845429103511,18118916202663290162,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1584"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2112 --field-trial-handle=1180,i,12250987845429103511,18118916202663290162,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1732schtasks /run /tn f757140c4d1742cfa0d878694bd75de3C:\Windows\System32\schtasks.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Manages scheduled tasks
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
Total events
38 534
Read events
38 184
Write events
314
Delete events
36

Modification events

(PID) Process:(2124) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2124) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2124) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(2124) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(2124) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2124) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(2124) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(2124) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(2124) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(2124) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid
Value:
Executable files
110
Suspicious files
136
Text files
109
Unknown types
106

Dropped files

PID
Process
Filename
Type
2124chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF183bdb.TMP
MD5:
SHA256:
2124chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
2124chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldtext
MD5:AD0DB8476493577A67FA94A162B646C4
SHA256:304FB5B4FD83D4A9FF1EF4CF20232A1783169C148297BFE37ED24A1D22A74F2B
2124chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Versiontext
MD5:9F941EA08DBDCA2EB3CFA1DBBBA6F5DC
SHA256:127F71DF0D2AD895D4F293E62284D85971AE047CA15F90B87BF6335898B0B655
2124chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old~RF1851a5.TMP
MD5:
SHA256:
2124chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old
MD5:
SHA256:
2124chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\988aa2fc-35da-452b-bcfd-f86e88d43f4a.tmpbinary
MD5:5058F1AF8388633F609CADB75A75DC9D
SHA256:
2124chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF183bfa.TMPtext
MD5:05CF4C3C5148DA6355D3561A9EAA5E8A
SHA256:8D720243F6876898E4F197C8867C4CEE69F1C7335C55B8A29C120B1028D93E41
2124chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOG.old~RF18533b.TMP
MD5:
SHA256:
2124chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
21
TCP/UDP connections
67
DNS requests
64
Threats
13

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
856
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
unknown
unknown
856
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
unknown
binary
10.3 Kb
unknown
856
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
unknown
binary
5.56 Kb
unknown
856
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
unknown
binary
7.94 Kb
unknown
856
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
unknown
binary
10.3 Kb
unknown
2760
phpdesignerpro.exe
POST
104.21.74.224:80
http://soneservice.shop/new/net_api
unknown
unknown
856
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYTBmQUFZUHRkSkgtb01uSGNvRHZ2Tm5HQQ/1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
unknown
binary
7.94 Kb
unknown
856
svchost.exe
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYTBmQUFZUHRkSkgtb01uSGNvRHZ2Tm5HQQ/1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
unknown
binary
3.07 Kb
unknown
856
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad6eob6nunr64xlqs3i7jpbbwlqa_20230923.567854667.14/obedbbhbpmojnkanicioggnmelmoomoc_20230923.567854667.14_all_ENUS500000_ace7f54yxy3vtmc2mjkr5yii7sta.crx3
unknown
binary
36.2 Kb
unknown
856
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad6eob6nunr64xlqs3i7jpbbwlqa_20230923.567854667.14/obedbbhbpmojnkanicioggnmelmoomoc_20230923.567854667.14_all_ENUS500000_ace7f54yxy3vtmc2mjkr5yii7sta.crx3
unknown
binary
3.07 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
unknown
2124
chrome.exe
239.255.255.250:1900
unknown
1348
chrome.exe
108.177.15.84:443
accounts.google.com
GOOGLE
US
unknown
1348
chrome.exe
104.21.29.204:443
cloudaxus.com
CLOUDFLARENET
unknown
1348
chrome.exe
172.217.16.196:443
www.google.com
GOOGLE
US
whitelisted
2124
chrome.exe
224.0.0.251:5353
unknown
4
System
192.168.100.255:138
whitelisted
1348
chrome.exe
104.16.89.20:443
cdn.jsdelivr.net
CLOUDFLARENET
shared
1348
chrome.exe
88.212.201.204:443
counter.yadro.ru
United Network LLC
RU
unknown
1348
chrome.exe
172.67.172.237:443
cloudfileshosgt.ru
CLOUDFLARENET
US
unknown

DNS requests

Domain
IP
Reputation
accounts.google.com
  • 108.177.15.84
shared
cloudaxus.com
  • 172.67.149.201
  • 104.21.29.204
unknown
www.google.com
  • 172.217.16.196
whitelisted
cdn.jsdelivr.net
  • 104.16.89.20
  • 104.16.85.20
  • 104.16.86.20
  • 104.16.87.20
  • 104.16.88.20
whitelisted
counter.yadro.ru
  • 88.212.201.204
  • 88.212.201.198
  • 88.212.202.52
whitelisted
cloudfileshosgt.ru
  • 172.67.172.237
  • 104.21.30.128
unknown
www.hcaptcha.com
  • 104.18.124.91
  • 104.18.125.91
whitelisted
newassets.hcaptcha.com
  • 104.18.124.91
  • 104.18.125.91
whitelisted
a.nel.cloudflare.com
  • 35.190.80.1
whitelisted
content-autofill.googleapis.com
  • 216.58.212.138
  • 142.250.185.74
  • 142.250.186.74
  • 142.250.184.202
  • 142.250.184.234
  • 142.250.186.106
  • 142.250.186.138
  • 172.217.23.106
  • 142.250.74.202
  • 216.58.206.42
  • 142.250.181.234
  • 142.250.186.42
  • 142.250.185.138
  • 172.217.16.138
  • 172.217.18.10
  • 172.217.16.202
whitelisted

Threats

PID
Process
Class
Message
1348
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] A free CDN for open source projects (jsdelivr .net)
1348
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] A free CDN for open source projects (jsdelivr .net)
1348
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
2760
phpdesignerpro.exe
Misc activity
ADWARE [ANY.RUN] DownloadAssistant
2240
rundll32.exe
Misc activity
ET INFO Observed Cloudflare DNS over HTTPS Domain (cloudflare-dns .com in TLS SNI)
2240
rundll32.exe
Misc activity
ET INFO Observed Google DNS over HTTPS Domain (dns .google in TLS SNI)
2240
rundll32.exe
Misc activity
ET INFO Observed DNS Over HTTPS Domain (dns .alidns .com in TLS SNI)
2240
rundll32.exe
Potentially Bad Traffic
ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)
2668
AdGuardVpnSvc.exe
Misc activity
ET INFO Observed DNS Over HTTPS Domain (dns .alidns .com in TLS SNI)
2668
AdGuardVpnSvc.exe
Misc activity
ET INFO Observed DNS Over HTTPS Domain (dns .alidns .com in TLS SNI)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://cloudaxus.com/file/144f150