File name:

Twitch Viewbot.rar

Full analysis: https://app.any.run/tasks/65462455-8193-47e6-a6d3-c95260760a92
Verdict: Malicious activity
Threats:

Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email.

Malware Trends Tracker     >>>
Analysis date: October 18, 2018, 15:44:54
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
feodo
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

BC3641B93688DAE755A845ED43329EA5

SHA1:

CAD9BBCD7C0B7EFFA1AE0D6885124A0FC6AF6F65

SHA256:

5119C95DB0849131EA7FB4C42B5E396446AA32A022DDBD0802A98484CE3A57E0

SSDEEP:

196608:JLDfLkE6pN6ybVdmDkf8TqUQIG+uMNZkyzf29FwvmRYnsy6Az+sTI19fDZB:JLXkuybVdmDk0TqUQIG+DZ/29FRRGsyU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • streambot2.exe (PID: 3168)

    • FEODO was detected

      • streambot2.exe (PID: 3168)

    • Connects to CnC server

      • streambot2.exe (PID: 3168)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2456)

    • Connects to unusual port

      • streambot2.exe (PID: 3168)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 3692)
      • chrome.exe (PID: 3900)

    • Reads settings of System Certificates

      • chrome.exe (PID: 3900)
      • chrome.exe (PID: 3692)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 766831
UncompressedSize: 2153984
OperatingSystem: Win32
ModifyDate: 2015:09:24 01:06:04
PackingMethod: Normal
ArchivedFileName: Twitch Viewbot\curl.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
69
Monitored processes
35
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe #FEODO streambot2.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs notepad.exe no specs wmplayer.exe no specs setup_wm.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Program Files\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:1C:\Program Files\Windows Media Player\setup_wm.exe
wmplayer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Windows Media Configuration Utility
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\setup_wm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
600"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6f5e00b0,0x6f5e00c0,0x6f5e00ccC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
772"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=920,14224412885013049308,10354335818870945700,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=F6E13C5089C090D1F4FC5BF0148C2AA6 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=F6E13C5089C090D1F4FC5BF0148C2AA6 --renderer-client-id=9 --mojo-platform-channel-handle=1836 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
776"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=844,6516189145296623924,8813400692130582767,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=658113288F7F3A993647FCB3E5DDEBC4 --mojo-platform-channel-handle=2204 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
920"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=920,14224412885013049308,10354335818870945700,131072 --enable-features=PasswordImport --service-pipe-token=310BA356AC2B34EBB099D53CAF7535AE --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=310BA356AC2B34EBB099D53CAF7535AE --renderer-client-id=3 --mojo-platform-channel-handle=2060 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1016"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=844,6516189145296623924,8813400692130582767,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=8C4F52D83595D8B2FD991B2F2441BB61 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8C4F52D83595D8B2FD991B2F2441BB61 --renderer-client-id=10 --mojo-platform-channel-handle=3684 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1396"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=844,6516189145296623924,8813400692130582767,131072 --enable-features=PasswordImport --service-pipe-token=020D66C6F1DB0138AE9E6EB01E804152 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=020D66C6F1DB0138AE9E6EB01E804152 --renderer-client-id=3 --mojo-platform-channel-handle=2004 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1540"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1184 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1812"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=920,14224412885013049308,10354335818870945700,131072 --enable-features=PasswordImport --service-pipe-token=1C167E5A17DA23FCCCDDD1C2C7D35185 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1C167E5A17DA23FCCCDDD1C2C7D35185 --renderer-client-id=6 --mojo-platform-channel-handle=2028 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2192"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=844,6516189145296623924,8813400692130582767,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=10647630E34CB9F541500BA8B7F39704 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10647630E34CB9F541500BA8B7F39704 --renderer-client-id=9 --mojo-platform-channel-handle=3616 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
1 873
Read events
1 648
Write events
217
Delete events
8

Modification events

(PID) Process:(2456) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2456) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2456) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2456) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Twitch Viewbot.rar
(PID) Process:(2456) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2456) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2456) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2456) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2456) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
(PID) Process:(2456) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\AppData\Local\Temp
Executable files
6
Suspicious files
239
Text files
259
Unknown types
15

Dropped files

PID
Process
Filename
Type
2456WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2456.20063\Twitch Viewbot\includes\dat01\ap12.datimage
MD5:D8D7A1347773A2F1BF652174075C6BC3
SHA256:4D19EEFAA357F7EAC71FA28EB55AAD26627716B6ABE6F0361C4948E69E7ECB62
2456WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2456.20063\Twitch Viewbot\includes\dat01\ap18.datimage
MD5:9073D4D6CB37AB39CAA44CFF241182EE
SHA256:19105802E9202F5070919D1326732BE8E8B0D0EF0B9E7DD11AA6BF7DD43042D3
2456WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2456.20063\Twitch Viewbot\includes\dat01\ap14.datimage
MD5:58724CE63DFB037C86EE19358FC20157
SHA256:D4D9BE6BFBAAF7B4215D149907182B8D92137628E0369986D07E8E27006817E8
2456WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2456.20063\Twitch Viewbot\includes\dat01\ap15.datimage
MD5:9739753453EC79E41C49500DDA06D0C9
SHA256:56407243DFEA14F0A42D5CD7E0D7CE3D3D828C83AB3C1A70FC3E09056E99D110
2456WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2456.20063\Twitch Viewbot\includes\dat01\ap11.datcompressed
MD5:EEB4B272A3C00AB96E0D854BDF67BB9A
SHA256:BC42AC736F96D0CD124FDA4933B83B64C7DA3E8DC4C764D87215D2F332B8B280
2456WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2456.20063\Twitch Viewbot\curl.exeexecutable
MD5:B22281F1DD04E1D09643E437AAEEE065
SHA256:83D1FDB808BD681100DD946A7CFB2D7AB39ED1553D71261DFEA30B727D786F00
2456WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2456.20063\Twitch Viewbot\includes\dat01\ap20.datimage
MD5:694B28725867A2C893A2535CA310ACB8
SHA256:475FE9452812C91BCD7208687DE014419FDC0C77FE29747FD18DDA3EADACAEA8
2456WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2456.20063\Twitch Viewbot\includes\dat01\ap1.dattext
MD5:38DE427224A5082A04FE82E2BD4EA9EC
SHA256:12F99F53144294750FE8713D580EDA286F4BD95CD9C840DB8AB957DEF8040028
2456WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2456.20063\Twitch Viewbot\includes\dat01\ap23.datimage
MD5:FA9AAF285BAD435122001B162B72F0B8
SHA256:A6637FBCDEB5EA08A7297E2B50CA5EAA9039E99AD1B84A780007B3B34022E016
2456WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2456.20063\Twitch Viewbot\includes\dat01\ap21.datimage
MD5:83E5EEF02E173AC3EFD8CA49609EC5E3
SHA256:87249BFB103A8FDE22FE5C6C77CB990E36AE31FBFF8A5FF8361F99199B0F79F4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
345
TCP/UDP connections
2 403
DNS requests
123
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3692
chrome.exe
GET
200
216.131.91.84:80
http://affiliate.strongvpn.com/pap/scripts/banner.php?tr_aid=5ab008c6a5dbd&a_bid=aeeb9780&w=1&refx2s6d=http%253A%252F%252Fwww.proxyserverlist24.top%252F
US
html
592 b
unknown
3692
chrome.exe
GET
200
216.58.214.34:80
http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
US
text
27.4 Kb
whitelisted
3692
chrome.exe
GET
200
23.37.43.27:80
http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEHiupDHBXOt1ew2KYQp0jmc%3D
NL
der
1.71 Kb
shared
3692
chrome.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D
US
der
471 b
whitelisted
3692
chrome.exe
GET
200
172.217.22.83:80
http://www.proxyserverlist24.top/
US
html
12.4 Kb
whitelisted
3692
chrome.exe
GET
200
172.217.22.83:80
http://www.proxyserverlist24.top/?action=getFeed&widgetId=Feed2&widgetType=Feed&responseType=js&xssi_token=AOuZoY7dp-ELmIkAxVaCql1ZPOSQd1GTNA%3A1539874356280
US
text
351 b
whitelisted
3692
chrome.exe
GET
200
216.58.214.34:80
http://pagead2.googlesyndication.com/pagead/js/r20181010/r20180604/show_ads_impl.js
US
text
72.6 Kb
whitelisted
3692
chrome.exe
GET
200
216.58.214.34:80
http://pagead2.googlesyndication.com/pagead/js/r20181015/r20180604/show_ads_impl.js
US
text
74.0 Kb
whitelisted
3692
chrome.exe
GET
200
216.58.214.34:80
http://pagead2.googlesyndication.com/pagead/show_ads.js
US
text
20.0 Kb
whitelisted
3692
chrome.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQu7Xbjq6rqggE7PFAsQRgy8Q8tzwQUkEeKG4TToN%2BkJNYZtBf1IaOym6gCEA7fr0YLsTZHJYxFeyuWNYA%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3692
chrome.exe
172.217.16.195:443
www.gstatic.com
Google Inc.
US
whitelisted
3692
chrome.exe
172.217.22.74:443
safebrowsing.googleapis.com
Google Inc.
US
whitelisted
3692
chrome.exe
172.217.21.195:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3692
chrome.exe
172.217.16.163:443
ssl.gstatic.com
Google Inc.
US
whitelisted
3692
chrome.exe
216.58.214.45:443
accounts.google.com
Google Inc.
US
whitelisted
3692
chrome.exe
172.217.21.196:443
www.google.com
Google Inc.
US
whitelisted
3692
chrome.exe
172.217.22.67:443
www.google.de
Google Inc.
US
whitelisted
3692
chrome.exe
216.58.214.46:443
apis.google.com
Google Inc.
US
whitelisted
3692
chrome.exe
172.217.16.202:443
fonts.googleapis.com
Google Inc.
US
whitelisted
3692
chrome.exe
172.217.22.83:80
www.proxyserverlist24.top
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 172.217.21.195
whitelisted
www.gstatic.com
  • 172.217.16.195
whitelisted
www.google.de
  • 172.217.22.67
whitelisted
safebrowsing.googleapis.com
  • 172.217.22.74
whitelisted
accounts.google.com
  • 216.58.214.45
shared
ssl.gstatic.com
  • 172.217.16.163
whitelisted
apis.google.com
  • 216.58.214.46
whitelisted
www.google.com
  • 172.217.21.196
malicious
www.google.be
  • 172.217.22.67
whitelisted
fonts.googleapis.com
  • 172.217.16.202
whitelisted

Threats

PID
Process
Class
Message
1056
svchost.exe
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
3692
chrome.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.top domain
3168
streambot2.exe
A Network Trojan was detected
ET CNC Feodo Tracker Reported CnC Server group 9
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Twitch Viewbot.rar