URL:

https://anonfiles.com/Z3R4M1heoe/TOOLS_rar

Full analysis: https://app.any.run/tasks/80fc6054-854c-4017-a4b5-dff1872d70d1
Verdict: Malicious activity
Analysis date: March 17, 2020, 10:25:02
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
opendir
Indicators:
MD5:

8837838E89BF1C2B3BEAE4C3D580B59C

SHA1:

51D6C9C6D15A847E2E1D9D5B2512E58870F5CAD8

SHA256:

5766488410B2AAE5192A09E109DBB9EF6D16F4B14DE7CCB63646EB475D4C6CEE

SSDEEP:

3:N8M22UnxVO:2M22QO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • AmountCounter.exe (PID: 3364)
      • Combo Tools.exe (PID: 2664)
      • CEditor.exe (PID: 3212)
      • Combo converter.exe (PID: 2620)
      • Combolist Maker.exe (PID: 2056)
      • Extractor Combo.exe (PID: 2872)
      • FileRandomizer.exe (PID: 2816)
      • ComboMate.exe (PID: 2340)
      • ComboToEmailCombo.exe (PID: 2408)
      • Dupe Remover.exe (PID: 2356)
      • FileSplitter.exe (PID: 3472)
      • NEW_EDIT_COMBO.exe (PID: 916)
      • Word List Updater 2.7.exe (PID: 3740)
      • Universal Combo Software Beta V3.exe (PID: 3724)
      • unchecked.exe (PID: 3732)
      • TextEditor 1.0.exe (PID: 2524)
      • TextEditor 1.2.exe (PID: 1860)
      • TextSplitter.exe (PID: 2888)
      • NameScraper.exe (PID: 3636)
      • Combo Maker Tool.exe (PID: 4064)
      • TextCrawlerPro_setup.exe (PID: 3376)
      • TextCrawlerPro_setup.exe (PID: 2704)
      • TextCrawler.exe (PID: 3920)

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 3548)
      • TextEditor 1.2.exe (PID: 1860)
      • TextEditor 1.0.exe (PID: 2524)
      • TextCrawlerPro_setup.exe (PID: 2704)
      • TextCrawler.exe (PID: 3920)

    • Starts Visual C# compiler

      • TextCrawler.exe (PID: 3920)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2560)
      • TextCrawlerPro_setup.exe (PID: 2704)

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 3244)

    • Executed via COM

      • iexplore.exe (PID: 3772)
      • explorer.exe (PID: 2796)

    • Reads Internet Cache Settings

      • TextEditor 1.2.exe (PID: 1860)
      • TextEditor 1.0.exe (PID: 2524)

    • Reads internet explorer settings

      • TextEditor 1.0.exe (PID: 2524)
      • TextEditor 1.2.exe (PID: 1860)

    • Creates files in the user directory

      • TextEditor 1.0.exe (PID: 2524)
      • TextCrawlerPro_setup.exe (PID: 2704)
      • TextCrawler.exe (PID: 3920)

    • Creates files in the program directory

      • TextCrawlerPro_setup.exe (PID: 2704)
      • TextCrawler.exe (PID: 3920)

    • Modifies the open verb of a shell class

      • TextCrawlerPro_setup.exe (PID: 2704)

    • Creates a software uninstall entry

      • TextCrawlerPro_setup.exe (PID: 2704)

    • Creates COM task schedule object

      • TextCrawler.exe (PID: 3920)

  • INFO

    • Reads the hosts file

      • chrome.exe (PID: 3244)
      • chrome.exe (PID: 2868)

    • Manual execution by user

      • WinRAR.exe (PID: 2560)
      • AmountCounter.exe (PID: 3364)
      • Combo converter.exe (PID: 2620)
      • CEditor.exe (PID: 3212)
      • Combolist Maker.exe (PID: 2056)
      • Combo Tools.exe (PID: 2664)
      • ComboToEmailCombo.exe (PID: 2408)
      • Dupe Remover.exe (PID: 2356)
      • Extractor Combo.exe (PID: 2872)
      • FileSplitter.exe (PID: 3472)
      • ComboMate.exe (PID: 2340)
      • NEW_EDIT_COMBO.exe (PID: 916)
      • FileRandomizer.exe (PID: 2816)
      • unchecked.exe (PID: 3732)
      • Word List Updater 2.7.exe (PID: 3740)
      • Universal Combo Software Beta V3.exe (PID: 3724)
      • TextEditor 1.2.exe (PID: 1860)
      • TextEditor 1.0.exe (PID: 2524)
      • TextSplitter.exe (PID: 2888)
      • NameScraper.exe (PID: 3636)
      • TextCrawlerPro_setup.exe (PID: 3376)
      • Combo Maker Tool.exe (PID: 4064)
      • TextCrawlerPro_setup.exe (PID: 2704)

    • Reads Internet Cache Settings

      • chrome.exe (PID: 3244)
      • iexplore.exe (PID: 3772)
      • iexplore.exe (PID: 3624)
      • iexplore.exe (PID: 3112)

    • Dropped object may contain Bitcoin addresses

      • WinRAR.exe (PID: 2560)

    • Application launched itself

      • chrome.exe (PID: 3244)
      • iexplore.exe (PID: 3772)

    • Changes internet zones settings

      • iexplore.exe (PID: 3772)

    • Reads settings of System Certificates

      • chrome.exe (PID: 2868)
      • iexplore.exe (PID: 3624)
      • iexplore.exe (PID: 3112)
      • iexplore.exe (PID: 3772)
      • TextEditor 1.2.exe (PID: 1860)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3624)
      • iexplore.exe (PID: 3112)

    • Creates files in the user directory

      • iexplore.exe (PID: 3624)
      • iexplore.exe (PID: 3112)

    • Dropped object may contain TOR URL's

      • iexplore.exe (PID: 3624)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3772)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3772)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
109
Monitored processes
61
Malicious processes
21
Suspicious processes
1

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs amountcounter.exe no specs ceditor.exe no specs searchprotocolhost.exe no specs combo converter.exe no specs chrome.exe no specs combo tools.exe no specs combolist maker.exe no specs combomate.exe no specs combotoemailcombo.exe no specs dupe remover.exe no specs extractor combo.exe no specs filerandomizer.exe no specs filesplitter.exe no specs iexplore.exe iexplore.exe new_edit_combo.exe no specs unchecked.exe no specs iexplore.exe word list updater 2.7.exe no specs chrome.exe no specs universal combo software beta v3.exe no specs texteditor 1.0.exe texteditor 1.2.exe textsplitter.exe no specs namescraper.exe no specs combo maker tool.exe no specs textcrawlerpro_setup.exe no specs textcrawlerpro_setup.exe explorer.exe no specs explorer.exe no specs textcrawler.exe no specs csc.exe no specs cvtres.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
628"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1024,3348642055562109217,10350340324290237480,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6639913840446444002 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
916"C:\Users\admin\Desktop\WORD LIST MAKER SOFT\NEW_EDIT_COMBO.exe" C:\Users\admin\Desktop\WORD LIST MAKER SOFT\NEW_EDIT_COMBO.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
NEW_EDIT_COMBO
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\word list maker soft\new_edit_combo.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
968"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1024,3348642055562109217,10350340324290237480,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14199232192049816442 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1024"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1024,3348642055562109217,10350340324290237480,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=1651950615441643398 --mojo-platform-channel-handle=3452 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1064"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1024,3348642055562109217,10350340324290237480,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=13790154419478391092 --mojo-platform-channel-handle=3584 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1168"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1024,3348642055562109217,10350340324290237480,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14917160922964716532 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1468"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1024,3348642055562109217,10350340324290237480,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=3042746348115718120 --mojo-platform-channel-handle=4708 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1632"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1024,3348642055562109217,10350340324290237480,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=14528250547670568850 --mojo-platform-channel-handle=4252 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1676"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1024,3348642055562109217,10350340324290237480,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=7631543977484513590 --mojo-platform-channel-handle=4628 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1744"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6fa8a9d0,0x6fa8a9e0,0x6fa8a9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
9 040
Read events
3 565
Write events
3 748
Delete events
1 727

Modification events

(PID) Process:(3244) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3244) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3244) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(3244) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(3244) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3244) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(3244) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(3244) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3120-13213713943555664
Value:
0
(PID) Process:(3244) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3244-13228914318429125
Value:
259
(PID) Process:(3244) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
Executable files
33
Suspicious files
144
Text files
458
Unknown types
90

Dropped files

PID
Process
Filename
Type
3244chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5E70A58F-CAC.pma
MD5:
SHA256:
3244chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\6917f362-cef7-4b7f-9469-a723c95b3d51.tmp
MD5:
SHA256:
3244chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:
SHA256:
3244chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:
SHA256:
3244chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.oldtext
MD5:
SHA256:
3244chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RFa66c20.TMPtext
MD5:
SHA256:
3244chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.oldtext
MD5:
SHA256:
3244chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RFa66bb2.TMPtext
MD5:
SHA256:
3244chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
MD5:
SHA256:
3244chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old~RFa66e04.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
112
TCP/UDP connections
178
DNS requests
74
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2868
chrome.exe
GET
302
172.217.22.14:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
519 b
whitelisted
3624
iexplore.exe
GET
200
144.217.81.121:80
http://www.text-filter.com/languagfes-icon-78x78.gif
CA
image
55 b
unknown
3624
iexplore.exe
GET
200
144.217.81.121:80
http://www.text-filter.com/
CA
html
8.62 Kb
unknown
3624
iexplore.exe
GET
200
144.217.81.121:80
http://www.text-filter.com/downloadhthm.png
CA
image
31.3 Kb
unknown
3624
iexplore.exe
GET
200
144.217.81.121:80
http://www.text-filter.com/tool/style.css
CA
text
338 b
unknown
3624
iexplore.exe
GET
200
144.217.81.121:80
http://www.text-filter.com/sm_fb.png
CA
image
30.1 Kb
unknown
3624
iexplore.exe
GET
200
144.217.81.121:80
http://www.text-filter.com/ico_new1.gif
CA
image
53 b
unknown
2868
chrome.exe
GET
302
172.217.22.14:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx
US
html
524 b
whitelisted
3624
iexplore.exe
GET
200
144.217.81.121:80
http://www.text-filter.com/ico_new2.gif
CA
image
126 b
unknown
3624
iexplore.exe
GET
200
172.217.18.2:80
http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
US
text
37.8 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2868
chrome.exe
172.217.16.163:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
2868
chrome.exe
104.18.38.170:443
anonfiles.com
Cloudflare Inc
US
unknown
2868
chrome.exe
172.217.23.141:443
accounts.google.com
Google Inc.
US
whitelisted
2868
chrome.exe
151.101.2.217:443
vjs.zencdn.net
Fastly
US
suspicious
2868
chrome.exe
172.217.18.8:443
www.googletagmanager.com
Google Inc.
US
whitelisted
2868
chrome.exe
13.35.254.116:443
djv99sxoqpv11.cloudfront.net
US
malicious
2868
chrome.exe
104.18.44.125:443
baconaces.pro
Cloudflare Inc
US
shared
2868
chrome.exe
185.33.223.210:443
secure.adnxs.com
AppNexus, Inc
unknown
2868
chrome.exe
34.195.125.135:443
providentsopport.site
Amazon.com, Inc.
US
unknown
2868
chrome.exe
185.157.161.95:443
cdn-02.anonfiles.com
Obenetwork AB
SE
unknown

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 172.217.16.163
whitelisted
anonfiles.com
  • 104.18.38.170
  • 104.18.39.170
shared
accounts.google.com
  • 172.217.23.141
shared
vjs.zencdn.net
  • 151.101.2.217
  • 151.101.66.217
  • 151.101.130.217
  • 151.101.194.217
whitelisted
www.googletagmanager.com
  • 172.217.18.8
whitelisted
djv99sxoqpv11.cloudfront.net
  • 13.35.254.116
  • 13.35.254.29
  • 13.35.254.127
  • 13.35.254.12
shared
www.google-analytics.com
  • 172.217.22.110
whitelisted
baconaces.pro
  • 104.18.44.125
  • 104.18.45.125
shared
www.google.com
  • 216.58.210.4
malicious
villandoping.site
  • 107.23.212.183
  • 54.236.170.22
  • 52.86.101.201
suspicious

Threats

PID
Process
Class
Message
1052
svchost.exe
Not Suspicious Traffic
ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup)
1860
TextEditor 1.2.exe
Not Suspicious Traffic
ET INFO Observed SSL Cert for Free Hosting Domain (*.000webhostapp .com)
2524
TextEditor 1.0.exe
Not Suspicious Traffic
ET INFO Observed SSL Cert for Free Hosting Domain (*.000webhostapp .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://anonfiles.com/Z3R4M1heoe/TOOLS_rar