URL: | http://click1.m.readwritelabs.com/olfnsllwfmtdnsvcdkrgmdqcspdzkzkjmcjmngzlfqzf_kpspvmlfrjlvsthpsrhf.html |
Full analysis: | https://app.any.run/tasks/04a31756-b88e-49a6-8910-07c5462c58fc |
Verdict: | Malicious activity |
Analysis date: | June 12, 2019, 07:08:04 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 9F14CD01DCA7C02AEFB13B91CFD9DC5E |
SHA1: | 1CFB3D7BD1D6C990D8E55D620BC5398209E22795 |
SHA256: | 462153C6BBCA12989B0315B9379AE265B30992D1A97519F44218C2DD83CFABA4 |
SSDEEP: | 3:N1KdJMqcAoF+E22RJDiyDs9UJusFYIEi58507JvQn:CkArE24JpjuGYIU0NIn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2828 | "C:\Program Files\Google\Chrome\Application\chrome.exe" http://click1.m.readwritelabs.com/olfnsllwfmtdnsvcdkrgmdqcspdzkzkjmcjmngzlfqzf_kpspvmlfrjlvsthpsrhf.html | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 73.0.3683.75 | ||||
3728 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=73.0.3683.75 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6cd70f18,0x6cd70f28,0x6cd70f34 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 73.0.3683.75 | ||||
3268 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2840 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 73.0.3683.75 | ||||
1568 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=940,17188909726604746557,11164848659531028005,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=13757712096839986545 --mojo-platform-channel-handle=968 --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 73.0.3683.75 | ||||
3240 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,17188909726604746557,11164848659531028005,131072 --enable-features=PasswordImport --service-pipe-token=7473890596309905518 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7473890596309905518 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=472 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 73.0.3683.75 | ||||
1100 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,17188909726604746557,11164848659531028005,131072 --enable-features=PasswordImport --service-pipe-token=15310828693030850774 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15310828693030850774 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 73.0.3683.75 | ||||
4064 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,17188909726604746557,11164848659531028005,131072 --enable-features=PasswordImport --service-pipe-token=15681485701852209054 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15681485701852209054 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 73.0.3683.75 | ||||
3340 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,17188909726604746557,11164848659531028005,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=14520865225892186016 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14520865225892186016 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 73.0.3683.75 | ||||
3260 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,17188909726604746557,11164848659531028005,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=5675502206803649817 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5675502206803649817 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 73.0.3683.75 | ||||
3864 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=940,17188909726604746557,11164848659531028005,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=1624819355227803990 --mojo-platform-channel-handle=2896 --ignored=" --type=renderer " /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 73.0.3683.75 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2828 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index | — | |
MD5:— | SHA256:— | |||
2828 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0 | — | |
MD5:— | SHA256:— | |||
2828 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1 | — | |
MD5:— | SHA256:— | |||
2828 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2 | — | |
MD5:— | SHA256:— | |||
2828 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3 | — | |
MD5:— | SHA256:— | |||
2828 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000018.dbtmp | — | |
MD5:— | SHA256:— | |||
2828 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\18d5d222-7a1d-4cdd-84f2-c4c2b6e7baab.tmp | — | |
MD5:— | SHA256:— | |||
2828 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index | — | |
MD5:— | SHA256:— | |||
2828 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0 | — | |
MD5:— | SHA256:— | |||
2828 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1 | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2828 | chrome.exe | GET | 302 | 96.46.128.252:80 | http://click1.m.readwritelabs.com/olfnsllwfmtdnsvcdkrgmdqcspdzkzkjmcjmngzlfqzf_kpspvmlfrjlvsthpsrhf.html | US | — | — | suspicious |
2828 | chrome.exe | GET | 302 | 104.27.187.248:80 | http://vip.gercavei.club/tracker?offer_id=3441&aff_id=1423&u=0:50,1140:50&gl=off | US | — | — | suspicious |
2828 | chrome.exe | GET | 303 | 66.147.244.220:80 | http://realgcnews.com/index.php/en/real-gallatin-county-news/featured-news?logmeout=logout&return=aHR0cDovL2hmaGRmLm9yZy5zd3Rlc3QucnUvaWNqbms= | US | html | 380 b | unknown |
2828 | chrome.exe | GET | 200 | 104.27.186.248:80 | http://gb.bitcoinfreedom-app.vip.gercavei.club/css/style_pop_up.css | US | text | 1001 b | suspicious |
2828 | chrome.exe | GET | 301 | 77.222.62.180:80 | http://hfhdf.org.swtest.ru/icjnk | RU | html | 349 b | malicious |
2828 | chrome.exe | GET | 302 | 75.55.78.143:80 | http://shape.att.com/start-registration?utm_source=Readwrite&utm_medium=Email&utm_campaign=2019Shape&utm_content=ReadwriteEmail1 | US | html | 325 b | unknown |
2828 | chrome.exe | GET | 302 | 216.58.206.14:80 | http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx | US | html | 506 b | whitelisted |
2828 | chrome.exe | GET | 200 | 104.27.186.248:80 | http://gb.bitcoinfreedom-app.vip.gercavei.club/css/bootstrap.min.css | US | text | 19.2 Kb | suspicious |
2828 | chrome.exe | GET | 200 | 104.27.186.248:80 | http://gb.bitcoinfreedom-app.vip.gercavei.club/css/css1.css | US | text | 5.42 Kb | suspicious |
2828 | chrome.exe | GET | 404 | 193.187.173.178:80 | http://193.187.173.178/favicon.ico | unknown | html | 548 b | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2828 | chrome.exe | 172.217.18.99:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
2828 | chrome.exe | 172.217.23.170:443 | safebrowsing.googleapis.com | Google Inc. | US | whitelisted |
2828 | chrome.exe | 185.60.216.19:443 | connect.facebook.net | Facebook, Inc. | IE | whitelisted |
2828 | chrome.exe | 96.46.128.252:80 | click1.m.readwritelabs.com | Cyber Generation Inc | US | suspicious |
2828 | chrome.exe | 75.55.78.143:443 | shape.att.com | AT&T WorldNet | US | unknown |
2828 | chrome.exe | 75.55.78.143:80 | shape.att.com | AT&T WorldNet | US | unknown |
2828 | chrome.exe | 216.58.208.40:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
2828 | chrome.exe | 216.58.208.46:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
2828 | chrome.exe | 172.217.21.205:443 | accounts.google.com | Google Inc. | US | whitelisted |
2828 | chrome.exe | 192.229.233.25:443 | platform.twitter.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
clientservices.googleapis.com |
| whitelisted |
click1.m.readwritelabs.com |
| suspicious |
accounts.google.com |
| shared |
shape.att.com |
| unknown |
safebrowsing.googleapis.com |
| whitelisted |
connect.facebook.net |
| whitelisted |
www.google-analytics.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
platform.twitter.com |
| whitelisted |
stats.g.doubleclick.net |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query to a *.pw domain - Likely Hostile |
— | — | Potentially Bad Traffic | ET DNS Query to a *.pw domain - Likely Hostile |