URL:

https://nulledbb.com/thread-%E2%AD%90-CHEAPEST-ACCOUNTS-UPGRADES-%E2%AD%90-SPOTIFY-%E2%AD%90-NETFLIX-%E2%AD%90-DISNEY-%E2%AD%90-CRUNCHY-%E2%AD%90-AND-MORE

Full analysis: https://app.any.run/tasks/54915934-d113-4ea0-8eda-8ddf2c665417
Verdict: Malicious activity
Analysis date: May 26, 2024, 04:07:38
OS: Ubuntu 22.04.2
MD5:

E2D460AFDA1E98CAD5413F6951C9E7C4

SHA1:

11B94DB5B89E8D099C2A329FAC3D72DDDB956D1C

SHA256:

5485B056E5DC4E1BB97CB93A28B00C8EA8FBD6CA98CA4BBD9F95DFE3FF78431B

SSDEEP:

3:N8rByGNUX5FdBwN1922IFXX5V0szxh5I0GeAo5CX2Bh5FJntBh5Hdn:2rBuJFdBwNuNXJVXzGeJZJF9Hd

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
300
Monitored processes
87
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start sh no specs sudo no specs chrome locale-check no specs readlink no specs dirname no specs mkdir no specs cat no specs cat no specs chrome no specs chrome_crashpad_handler no specs chrome_crashpad_handler no specs chrome_crashpad_handler no specs chrome no specs chrome no specs chrome no specs nacl_helper no specs nacl_helper no specs chrome no specs chrome no specs chrome no specs chrome chrome no specs chrome no specs chrome no specs xdg-settings no specs dbus-send no specs which no specs dash no specs basename no specs dash no specs grep no specs cut no specs dash no specs which no specs readlink no specs dash no specs xdg-mime no specs dbus-send no specs which no specs dash no specs dash no specs awk no specs cut no specs basename no specs dash no specs which no specs readlink no specs grep no specs cut no specs dash no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs readlink no specs dirname no specs mkdir no specs cat no specs cat no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs

Process information

PID
CMD
Path
Indicators
Parent process
6155/bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome https://nulledbb\.com/thread-%E2%AD%90-CHEAPEST-ACCOUNTS-UPGRADES-%E2%AD%90-SPOTIFY-%E2%AD%90-NETFLIX-%E2%AD%90-DISNEY-%E2%AD%90-CRUNCHY-%E2%AD%90-AND-MORE "/bin/shany-guest-agent
User:
root
Integrity Level:
UNKNOWN
6156sudo -iu user google-chrome https://nulledbb.com/thread-%E2%AD%90-CHEAPEST-ACCOUNTS-UPGRADES-%E2%AD%90-SPOTIFY-%E2%AD%90-NETFLIX-%E2%AD%90-DISNEY-%E2%AD%90-CRUNCHY-%E2%AD%90-AND-MORE/usr/bin/sudosh
User:
root
Integrity Level:
UNKNOWN
6157/usr/bin/google-chrome https://nulledbb.com/thread-%E2%AD%90-CHEAPEST-ACCOUNTS-UPGRADES-%E2%AD%90-SPOTIFY-%E2%AD%90-NETFLIX-%E2%AD%90-DISNEY-%E2%AD%90-CRUNCHY-%E2%AD%90-AND-MORE/opt/google/chrome/chrome
sudo
User:
user
Integrity Level:
UNKNOWN
6158/usr/bin/locale-check C.UTF-8/usr/bin/locale-checkchrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
6159readlink -f /usr/bin/google-chrome/usr/bin/readlinkchrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
6160dirname /opt/google/chrome/google-chrome/usr/bin/dirnamechrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
6161mkdir -p /home/user/.local/share/applications/usr/bin/mkdirchrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
6162cat/usr/bin/catchrome
User:
user
Integrity Level:
UNKNOWN
6163cat/usr/bin/catchrome
User:
user
Integrity Level:
UNKNOWN
6164/opt/google/chrome/chromechrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
6157chrome/proc/6157/fd/63
MD5:
SHA256:
6157chrome/dev/shm/.com.google.Chrome.TQO9ch
MD5:
SHA256:
6157chrome/dev/shm/.com.google.Chrome.CcDtp5
MD5:
SHA256:
6157chrome/dev/shm/.com.google.Chrome.T4Bsn5
MD5:
SHA256:
6157chrome/dev/shm/.com.google.Chrome.uGCRt2
MD5:
SHA256:
6157chrome/dev/shm/.com.google.Chrome.pGDsjv
MD5:
SHA256:
6157chrome/dev/shm/.com.google.Chrome.UBFD4O
MD5:
SHA256:
6157chrome/dev/shm/.com.google.Chrome.sGvu5M
MD5:
SHA256:
6157chrome/home/user/.config/google-chrome/Default/Sync Data/LevelDB/LOG
MD5:
SHA256:
6157chrome/dev/shm/.com.google.Chrome.H4LRvp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
80
DNS requests
107
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
185.125.190.98:80
http://connectivity-check.ubuntu.com/
unknown
unknown
6202
chrome
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acgqkiw4dqfoo3heap234k2p62ia_448/lmelglejhemejginpboagddgdfbepgmp_448_all_ZZ_adl6mojop45uzoqhgaoc7nhgxjpa.crx3
unknown
unknown
6202
chrome
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/diffgen-puffin/kiabhabjdbkjdpjbpigfodbdjmbglcoo/1.153e9301be7e862a33e2cab936a0a97e2f8bdf2dae1be516d6fe8a5f184ce028/1.4a6508925b2ffec931c1e3931ddeb15ca41d820a8264cd5a962b526e9932bcdf/1bbd0eca21eb9c81cf6ffb73afcdf08d70ee6d920b87e2e731f03dc4ac0a6cf8.puff
unknown
unknown
6202
chrome
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/diffgen-puffin/ggkkehgbnfjpeggfpleeakpidbkibbmn/1.905f83845e25579fd4c6ae4bdc81a2740a216023f856918045ced4508329c941/1.c45cd56a0a8da0883c8f9757b31891d6c628f38cb80724015ffdf33b419a73f3/0e81ca17ff2d8fc4645b4dd59216b1ad6413403ef03bae5dc24f1bbb977f7a5a.puff
unknown
unknown
6202
chrome
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/advpwg3mz7ss7gbgrn55w455vr5q_2024.5.21.0/gonpemdgkjcecdgbnaabipppbmgfggbe_2024.05.21.00_all_adzfkolydczx7icc3ewtdrj4gt4q.crx3
unknown
unknown
6202
chrome
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adj5udfzzv6idhkztgko74viceoq_8787/hfnkpimlhhgieaddgfemjhofmfblmnib_8787_all_acorni3pzrkphp5hpn3zrzbmlg6q.crx3
unknown
unknown
6202
chrome
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acwh77guuioqthx5xxftvqeftjza_3030/jflookgnkcckhobaglndicnbbgbonegd_3030_all_gxlhecuj7wt4iru2mmpk5afmoq.crx3
unknown
unknown
6202
chrome
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/aces3zlcsg4eywqdi75bx5674c3q_2024.5.24.1/jflhchccmppkfebkiaminageehmchikm_2024.05.24.01_all_acr4xnlrspvv2bobxh6s5soksewq.crx3
unknown
unknown
6202
chrome
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adh2zpnq2tdgijn36tu2do7cibta_2024.5.24.0/niikhdgajlphfehepabhhblakbdgeefj_2024.05.24.00_all_p7mdjr3l3cncgjgkikhu4bh7qy.crx3
unknown
unknown
6202
chrome
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/diffgen-puffin/khaoiebndkojlmppeemjhbpbandiljpe/1.1471c6c104c7e11f08fd446f83dcdb396b1fef335f4e3c744007c2272064f538/1.ffc78b3f99d65a2208200388e821bd089e9a486c624a671e045e4bcc378380b8/611d82cdcb0f432f1b6fc30fdf78a14b963b2959b93564efaa1cc91eb5df6813.puff
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
185.125.190.98:80
Canonical Group Limited
GB
unknown
470
avahi-daemon
224.0.0.251:5353
unknown
6157
chrome
239.255.255.250:1900
unknown
6202
chrome
64.233.166.84:443
accounts.google.com
GOOGLE
US
unknown
6202
chrome
142.250.186.67:443
clientservices.googleapis.com
GOOGLE
US
whitelisted
6202
chrome
104.26.2.39:443
nulledbb.com
CLOUDFLARENET
US
unknown
6202
chrome
142.250.185.234:443
fonts.googleapis.com
GOOGLE
US
whitelisted
6202
chrome
216.58.206.35:443
fonts.gstatic.com
GOOGLE
US
whitelisted
6202
chrome
169.150.247.37:443
cdn.nulledbb.com
GB
unknown
6202
chrome
104.16.79.73:443
static.cloudflareinsights.com
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 142.250.186.67
whitelisted
accounts.google.com
  • 64.233.166.84
shared
nulledbb.com
  • 104.26.2.39
  • 172.67.73.59
  • 104.26.3.39
whitelisted
fonts.googleapis.com
  • 142.250.185.234
whitelisted
cdn.nulledbb.com
  • 169.150.247.37
  • 169.150.247.39
unknown
fonts.gstatic.com
  • 216.58.206.35
whitelisted
nulledbb.b-cdn.net
unknown
cdn.ouo.io
  • 172.67.6.151
  • 104.22.23.162
  • 104.22.22.162
unknown
cdn.tsyndicate.com
  • 45.133.44.71
  • 45.133.44.70
unknown
static.cloudflareinsights.com
  • 104.16.79.73
  • 104.16.80.73
whitelisted

Threats

PID
Process
Class
Message
6202
chrome
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code.jquery .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://nulledbb.com/thread-%E2%AD%90-CHEAPEST-ACCOUNTS-UPGRADES-%E2%AD%90-SPOTIFY-%E2%AD%90-NETFLIX-%E2%AD%90-DISNEY-%E2%AD%90-CRUNCHY-%E2%AD%90-AND-MORE