URL:

https://docs.vtex.com.br/pdf/qjIkS-download-Blue-Team-Field-Manual-BTFM-RTFM-154101636X-By-Alan-J-White.pdf

Full analysis: https://app.any.run/tasks/0b923137-6e6e-43a4-9e88-7254fddfbaf4
Verdict: No threats detected
Analysis date: January 10, 2019, 20:26:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

81952BE26ECF1BDB6CF2306241533B26

SHA1:

74B12E8F925911DF608616C509EBD5107F1B83D1

SHA256:

47BFA69E63C435309F8C80E63506038E8847FBC42FBFFF329C136F9CF0C75D6A

SSDEEP:

3:N8SQdt1KqBJLkJQLj/EsxjP+QRVTUqcIhLIQIVBDn:2SKKFQvEsxzvPUq5d7IX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • chrome.exe (PID: 3000)

    • Connects to unusual port

      • chrome.exe (PID: 3000)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
14
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2416"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=880,5487067942639420157,11828165495858623895,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=6CF561F6EEC7C2EC8536FDCE23E6CD42 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6CF561F6EEC7C2EC8536FDCE23E6CD42 --renderer-client-id=9 --mojo-platform-channel-handle=3780 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2504"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=880,5487067942639420157,11828165495858623895,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=A13785763F252B86D64B4832175A3305 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=A13785763F252B86D64B4832175A3305 --renderer-client-id=10 --mojo-platform-channel-handle=3796 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2576"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=880,5487067942639420157,11828165495858623895,131072 --enable-features=PasswordImport --service-pipe-token=3B7461A966AFAF10C12EB132B02C3B3A --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3B7461A966AFAF10C12EB132B02C3B3A --renderer-client-id=4 --mojo-platform-channel-handle=1916 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2720"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=880,5487067942639420157,11828165495858623895,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=4E163C69D469E2C8C18C57FF1F05FCF4 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4E163C69D469E2C8C18C57FF1F05FCF4 --renderer-client-id=5 --mojo-platform-channel-handle=3316 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2856"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=ppapi --field-trial-handle=880,5487067942639420157,11828165495858623895,131072 --enable-features=PasswordImport --ppapi-flash-args --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=0 --ppapi-subpixel-rendering-setting=0 --service-request-channel-token=2AFB5816FE93F78DE11E03133D72A72C --mojo-platform-channel-handle=3668 --ignored=" --type=renderer " /prefetch:3C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2952"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3004 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
3000"C:\Program Files\Google\Chrome\Application\chrome.exe" https://docs.vtex.com.br/pdf/qjIkS-download-Blue-Team-Field-Manual-BTFM-RTFM-154101636X-By-Alan-J-White.pdfC:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
3176"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=880,5487067942639420157,11828165495858623895,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=5DC2FE46756A84C9F3A6309D98F5648C --mojo-platform-channel-handle=3592 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
3260"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=880,5487067942639420157,11828165495858623895,131072 --enable-features=PasswordImport --service-pipe-token=0EF65028865BFFBDDCB6D4115137D7B8 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=0EF65028865BFFBDDCB6D4115137D7B8 --renderer-client-id=3 --mojo-platform-channel-handle=2152 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
3448"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=880,5487067942639420157,11828165495858623895,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=13194B8B3EAF087C614C3CF9B81847A9 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13194B8B3EAF087C614C3CF9B81847A9 --renderer-client-id=12 --mojo-platform-channel-handle=2340 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
514
Read events
465
Write events
46
Delete events
3

Modification events

(PID) Process:(2952) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:3000-13191625616810625
Value:
259
(PID) Process:(3000) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3000) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3000) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3000) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(3000) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(3000) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3516-13180984670829101
Value:
0
(PID) Process:(3000) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(3000) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3000-13191625616810625
Value:
259
(PID) Process:(3000) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid
Value:
Executable files
0
Suspicious files
27
Text files
69
Unknown types
2

Dropped files

PID
Process
Filename
Type
3000chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\aab4a202-87b0-413f-a4e6-22869ff219f8.tmp
MD5:
SHA256:
3000chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
MD5:
SHA256:
3000chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
MD5:
SHA256:
3000chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\415039f0-9148-4707-b2c5-8c2b3a6ffcda.tmp
MD5:
SHA256:
3000chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.oldtext
MD5:
SHA256:
3000chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:
SHA256:
3000chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF20e860.TMPtext
MD5:
SHA256:
3000chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Versiontext
MD5:
SHA256:
3000chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:
SHA256:
3000chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF20e87f.TMPtext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
26
TCP/UDP connections
53
DNS requests
30
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3000
chrome.exe
GET
200
52.222.146.192:80
http://images.amazon.com/images/P/154101636X.jpg
US
image
10.8 Kb
whitelisted
3000
chrome.exe
GET
200
46.105.201.240:80
http://s10.histats.com/js15_as.js
FR
html
4.42 Kb
whitelisted
3000
chrome.exe
GET
200
93.123.73.193:80
http://booktosuccess.me/assets/images/award.png
BG
image
376 Kb
whitelisted
3000
chrome.exe
GET
521
104.20.2.47:80
http://c.statcounter.com/t.php?sc_project=11781556&java=1&security=364e24be&u1=BD16CE4852204F7CCCBB66A5E385E762&sc_random=0.8255867230477938&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=720&camefrom=&u=http%3A//booktosuccess.me/%3Fdownload%3D154101636X&t=Download%20Blue%20Team%20Field%20Manual%20(BTFM)%20(RTFM)%20-%20Book%20To%20Success&rcat=d&rdom=d&rdomg=new&bb=1&sc_snum=1&sess=4ea83c&p=0&invisible=1
US
html
4.40 Kb
whitelisted
3000
chrome.exe
GET
302
79.125.121.154:80
http://look.djfiln.com/offer?prod=2&ref=5062794&q=%5BEbook%5D+Blue+Team+Field+Manual+%28BTFM%29+%28RTFM%29.pdf
IE
html
858 b
suspicious
3000
chrome.exe
GET
200
93.123.73.193:80
http://booktosuccess.me/go.php?title=Blue+Team+Field+Manual+%28BTFM%29+%28RTFM%29
BG
html
205 b
whitelisted
3000
chrome.exe
GET
200
93.123.73.193:80
http://booktosuccess.me/?download=154101636X
BG
html
2.93 Kb
whitelisted
3000
chrome.exe
GET
200
93.123.73.193:80
http://booktosuccess.me/assets/images/icon.ico
BG
image
97.3 Kb
whitelisted
3000
chrome.exe
GET
200
93.123.73.193:80
http://booktosuccess.me/assets/css/bootstrap.css
BG
text
20.5 Kb
whitelisted
3000
chrome.exe
GET
200
93.123.73.193:80
http://booktosuccess.me/assets/images/background.gif
BG
image
513 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3000
chrome.exe
185.199.111.153:443
docs.vtex.com.br
GitHub, Inc.
NL
shared
3000
chrome.exe
216.58.205.227:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3000
chrome.exe
216.58.208.35:443
www.gstatic.com
Google Inc.
US
whitelisted
3000
chrome.exe
93.123.73.193:80
booktosuccess.me
Histate Global Corp.
BG
malicious
3000
chrome.exe
172.217.18.170:443
ajax.googleapis.com
Google Inc.
US
whitelisted
3000
chrome.exe
104.24.131.10:443
www.friendlyduck.com
Cloudflare Inc
US
shared
3000
chrome.exe
104.20.3.47:443
www.statcounter.com
Cloudflare Inc
US
shared
3000
chrome.exe
216.58.206.13:443
accounts.google.com
Google Inc.
US
whitelisted
3000
chrome.exe
52.222.146.192:80
images.amazon.com
Amazon.com, Inc.
US
whitelisted
3000
chrome.exe
93.184.221.240:80
www.download.windowsupdate.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 216.58.205.227
whitelisted
docs.vtex.com.br
  • 185.199.111.153
  • 185.199.108.153
  • 185.199.110.153
  • 185.199.109.153
malicious
www.gstatic.com
  • 216.58.208.35
whitelisted
accounts.google.com
  • 216.58.206.13
shared
booktosuccess.me
  • 93.123.73.193
whitelisted
ajax.googleapis.com
  • 172.217.18.170
  • 172.217.23.138
  • 216.58.206.10
  • 216.58.207.42
  • 216.58.207.74
  • 216.58.208.42
  • 172.217.16.138
  • 172.217.22.74
  • 172.217.16.202
  • 172.217.18.106
  • 172.217.21.234
  • 172.217.22.10
  • 216.58.205.234
  • 172.217.18.10
whitelisted
www.friendlyduck.com
  • 104.24.131.10
  • 104.24.130.10
whitelisted
images.amazon.com
  • 52.222.146.192
  • 52.222.146.12
  • 52.222.146.140
  • 52.222.146.229
whitelisted
www.statcounter.com
  • 104.20.3.47
  • 104.20.2.47
whitelisted
www.download.windowsupdate.com
  • 93.184.221.240
whitelisted

Threats

PID
Process
Class
Message
3000
chrome.exe
Attempted User Privilege Gain
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://docs.vtex.com.br/pdf/qjIkS-download-Blue-Team-Field-Manual-BTFM-RTFM-154101636X-By-Alan-J-White.pdf