URL:

http://548260.parkingcrew.net

Full analysis: https://app.any.run/tasks/f215f544-da87-44c4-9d57-3c780fd163e1
Verdict: Malicious activity
Analysis date: May 25, 2020, 00:03:43
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

63A40D82835A5470DA3647354EF34CD2

SHA1:

2D7C8A7D38A587390EA0FE6A74E05B25B2794635

SHA256:

1F1A19600346980EB21D9F8DF98B29FCE5B2608A6080B994180647A2D836C251

SSDEEP:

3:N1KlVZLVEXiXRn:CpSXiB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • chrome.exe (PID: 2828)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
5
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1780"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x69d1a9d0,0x69d1a9e0,0x69d1a9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
1792"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=996,12698439089718446621,15970825315931523521,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=9539249476723559259 --mojo-platform-channel-handle=1012 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2828"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://548260.parkingcrew.net"C:\Program Files\Google\Chrome\Application\chrome.exeexplorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3188"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3436 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3220"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=996,12698439089718446621,15970825315931523521,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=8571054283999928024 --mojo-platform-channel-handle=1640 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
22
DNS requests
14
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
74.125.173.169:80
http://r4---sn-1gieen7e.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjY5QUFXTEQwc2RPVXhRY3picjhxblh1dw/7619.603.0.2_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mh=Qx&mip=185.212.170.83&mm=28&mn=sn-1gieen7e&ms=nvh&mt=1590364995&mv=m&mvi=3&pl=24&shardbypass=yes
US
crx
816 Kb
whitelisted
GET
200
54.72.9.115:80
http://548260.parkingcrew.net/
IE
html
1.16 Kb
malicious
GET
200
54.72.9.115:80
http://548260.parkingcrew.net/favicon.ico
IE
compressed
1.16 Kb
malicious
GET
302
172.217.23.110:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjY5QUFXTEQwc2RPVXhRY3picjhxblh1dw/7619.603.0.2_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx
US
html
525 b
whitelisted
GET
302
172.217.23.110:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
520 b
whitelisted
GET
200
173.194.160.70:80
http://r1---sn-1gi7znes.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mh=QJ&mip=185.212.170.83&mm=28&mn=sn-1gi7znes&ms=nvh&mt=1590364558&mv=u&mvi=0&pl=24&shardbypass=yes
US
crx
293 Kb
whitelisted
GET
200
143.204.208.65:80
http://d1lxhc4jvstzrp.cloudfront.net/images/parkingcrew_net_background.jpg
US
image
50.7 Kb
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
54.72.9.115:80
548260.parkingcrew.net
Amazon.com, Inc.
IE
whitelisted
216.58.207.67:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
172.217.22.45:443
accounts.google.com
Google Inc.
US
whitelisted
172.217.21.206:443
clients2.google.com
Google Inc.
US
whitelisted
172.217.23.110:80
redirector.gvt1.com
Google Inc.
US
whitelisted
74.125.173.169:80
r4---sn-1gieen7e.gvt1.com
Google Inc.
US
whitelisted
172.217.21.195:443
ssl.gstatic.com
Google Inc.
US
whitelisted
172.217.16.164:443
www.google.com
Google Inc.
US
whitelisted
143.204.208.65:80
d1lxhc4jvstzrp.cloudfront.net
US
suspicious
185.53.177.22:443
www.parkingcrew.com
Team Internet AG
DE
unknown

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 216.58.207.67
whitelisted
548260.parkingcrew.net
  • 54.72.9.115
malicious
accounts.google.com
  • 172.217.22.45
shared
d1lxhc4jvstzrp.cloudfront.net
  • 143.204.208.65
  • 143.204.208.142
  • 143.204.208.88
  • 143.204.208.184
shared
www.parkingcrew.com
  • 185.53.177.22
suspicious
clients2.google.com
  • 172.217.21.206
whitelisted
redirector.gvt1.com
  • 172.217.23.110
whitelisted
r1---sn-1gi7znes.gvt1.com
  • 173.194.160.70
whitelisted
clients2.googleusercontent.com
  • 172.217.23.97
whitelisted
r4---sn-1gieen7e.gvt1.com
  • 74.125.173.169
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://548260.parkingcrew.net