URL: | https://anonfiles.com/70Ucgcabp5/ProtonVPN_Cracked_vX_rar |
Full analysis: | https://app.any.run/tasks/d35065d2-271f-4e88-b61c-21ea7420d806 |
Verdict: | Malicious activity |
Analysis date: | September 30, 2020, 09:05:00 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | A0DD71B5C4C74440C58402925F654991 |
SHA1: | CC1092ACB645C67CCAC0053333CB0B6DD4CA0EE5 |
SHA256: | 277B33E3B1121EF61B139B1C1A5D251D1684AF7CA7F0675A4B495F7858C48CF9 |
SSDEEP: | 3:N8M2bzofzhQwUX:2M2b0KwO |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2408 | "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://anonfiles.com/70Ucgcabp5/ProtonVPN_Cracked_vX_rar" | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 3221225547 Version: 75.0.3770.100 | ||||
3328 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6f4aa9d0,0x6f4aa9e0,0x6f4aa9ec | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
960 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1856 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
916 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1036,14180777060144869701,17544777938815243426,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=7755361088232678721 --mojo-platform-channel-handle=1052 --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
2400 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1036,14180777060144869701,17544777938815243426,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=17083291645752353843 --mojo-platform-channel-handle=1536 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | chrome.exe | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
2104 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1036,14180777060144869701,17544777938815243426,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15370672278048759922 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
3168 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1036,14180777060144869701,17544777938815243426,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12534636300910111064 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
1896 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1036,14180777060144869701,17544777938815243426,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2934647022524411427 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2496 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
3392 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1036,14180777060144869701,17544777938815243426,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18051433133902983254 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
2820 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1036,14180777060144869701,17544777938815243426,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=17146658598442996598 --mojo-platform-channel-handle=3820 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2408 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F744A4D-968.pma | — | |
MD5:— | SHA256:— | |||
2408 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\5af4aef4-c16a-4140-8392-1a4b9a2f54d2.tmp | — | |
MD5:— | SHA256:— | |||
2408 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000046.dbtmp | — | |
MD5:— | SHA256:— | |||
2408 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF2279af.TMP | text | |
MD5:4AFC066387D33D5264F8E796393B223B | SHA256:BB3E0F925E883318FB09FC498CACEA57F0F71548C9D42FF07634DC30D87F2D86 | |||
2408 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF227980.TMP | text | |
MD5:D33038DC70A58F2AC0EA1823980691AE | SHA256:6EE5DB5588EB879D13CE5A0DB3CA1744079C1BE3F73959A3B900684C56061D97 | |||
2408 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old | text | |
MD5:4AFC066387D33D5264F8E796393B223B | SHA256:BB3E0F925E883318FB09FC498CACEA57F0F71548C9D42FF07634DC30D87F2D86 | |||
2408 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old | text | |
MD5:D33038DC70A58F2AC0EA1823980691AE | SHA256:6EE5DB5588EB879D13CE5A0DB3CA1744079C1BE3F73959A3B900684C56061D97 | |||
2408 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF22799f.TMP | text | |
MD5:D55489ED6031D8B188E37B0B59F5CED3 | SHA256:365B01D1B3333E366EEA50106551AAC8721156CB2572C173E2F501D8255093F4 | |||
2408 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old | text | |
MD5:3401B14F6B2624E5E44EB20FB8735443 | SHA256:E32F20AE6528B8952EE2FF112DACEE4E9005868B7DAF85D3533B6F0135403875 | |||
2408 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old | text | |
MD5:745FF98D6EB320D6A946D4C43E8D3317 | SHA256:558AE8B06570B9C63A72F515E6CD288BCA67368A23E349B625D8B1B7E42E9918 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2400 | chrome.exe | 172.217.22.99:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
2400 | chrome.exe | 13.225.84.188:443 | djv99sxoqpv11.cloudfront.net | — | US | suspicious |
2400 | chrome.exe | 151.101.2.217:443 | vjs.zencdn.net | Fastly | US | suspicious |
2400 | chrome.exe | 172.64.139.6:443 | anonfiles.com | Cloudflare Inc | US | suspicious |
2400 | chrome.exe | 172.217.16.205:443 | accounts.google.com | Google Inc. | US | whitelisted |
2400 | chrome.exe | 34.196.151.230:443 | baconaces.pro | Amazon.com, Inc. | US | malicious |
2400 | chrome.exe | 216.58.206.3:443 | ssl.gstatic.com | Google Inc. | US | whitelisted |
2400 | chrome.exe | 217.64.149.25:443 | cdn-113.anonfiles.com | — | IR | unknown |
2400 | chrome.exe | 216.58.210.14:443 | clients2.google.com | Google Inc. | US | whitelisted |
2400 | chrome.exe | 172.217.23.163:443 | www.gstatic.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
anonfiles.com |
| shared |
clientservices.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
vjs.zencdn.net |
| whitelisted |
djv99sxoqpv11.cloudfront.net |
| shared |
baconaces.pro |
| shared |
counterry.club |
| whitelisted |
leneshedhous.club |
| suspicious |
providentsopport.site |
| whitelisted |
cdn-113.anonfiles.com |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
2400 | chrome.exe | Generic Protocol Command Decode | SURICATA STREAM CLOSEWAIT FIN out of window |