URL: | http://dinazubihurnevich-allianceseniorcare.forwardtomyfriend.com/t-pkiuhslt-CA559C3D-odjjhjy-l-jd |
Full analysis: | https://app.any.run/tasks/6f4ab36f-3840-4d78-a5c7-45c54438b12b |
Verdict: | Malicious activity |
Analysis date: | May 20, 2019, 12:45:10 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 36C5BA27B3C939CEB2FEB78CA4AA4474 |
SHA1: | 983CF7D9BE7A68F1EB2680E1A003272E6832CFA0 |
SHA256: | 5D274C1E3803B5723C581D2BBD2EF61A7D6313652845AF825FB9648CCEE45800 |
SSDEEP: | 3:N1KaMLEdQatIEsETXGEeWXByDN94kREJLQc3IKrkJB:Ca1QatIElTWE7XG4PLQ2I6kP |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2256 | "C:\Program Files\Google\Chrome\Application\chrome.exe" http://dinazubihurnevich-allianceseniorcare.forwardtomyfriend.com/t-pkiuhslt-CA559C3D-odjjhjy-l-jd | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 73.0.3683.75 | ||||
3252 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=73.0.3683.75 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6e870f18,0x6e870f28,0x6e870f34 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 73.0.3683.75 | ||||
2556 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2628 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 73.0.3683.75 | ||||
272 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=960,15379422907693368005,9165559896744267503,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=66203899630775436 --mojo-platform-channel-handle=976 --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 73.0.3683.75 | ||||
3972 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,15379422907693368005,9165559896744267503,131072 --enable-features=PasswordImport --service-pipe-token=15907371985053690175 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15907371985053690175 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 73.0.3683.75 | ||||
868 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,15379422907693368005,9165559896744267503,131072 --enable-features=PasswordImport --service-pipe-token=6540198023234917099 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6540198023234917099 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 73.0.3683.75 | ||||
3388 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,15379422907693368005,9165559896744267503,131072 --enable-features=PasswordImport --service-pipe-token=10391253757976413120 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10391253757976413120 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 73.0.3683.75 | ||||
3616 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,15379422907693368005,9165559896744267503,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=14383883576064126791 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14383883576064126791 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 73.0.3683.75 | ||||
3432 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,15379422907693368005,9165559896744267503,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=14089183729220585687 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14089183729220585687 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 73.0.3683.75 | ||||
2308 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=960,15379422907693368005,9165559896744267503,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=16875977912401092912 --mojo-platform-channel-handle=4428 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 73.0.3683.75 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2256 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index | — | |
MD5:— | SHA256:— | |||
2256 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0 | — | |
MD5:— | SHA256:— | |||
2256 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1 | — | |
MD5:— | SHA256:— | |||
2256 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2 | — | |
MD5:— | SHA256:— | |||
2256 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3 | — | |
MD5:— | SHA256:— | |||
2256 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\f83d95c4-d131-4416-aa73-a5e425c33f4d.tmp | — | |
MD5:— | SHA256:— | |||
2256 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000018.dbtmp | — | |
MD5:— | SHA256:— | |||
2256 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index | — | |
MD5:— | SHA256:— | |||
2256 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0 | — | |
MD5:— | SHA256:— | |||
2256 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1 | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2256 | chrome.exe | GET | 200 | 54.192.216.239:80 | http://dinazubihurnevich-allianceseniorcare.forwardtomyfriend.com/t-pkiuhslt-CA559C3D-odjjhjy-l-jd | US | html | 1.38 Kb | suspicious |
2256 | chrome.exe | GET | 200 | 173.194.183.170:80 | http://r5---sn-aigl6ney.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=109.169.22.99&mm=28&mn=sn-aigl6ney&ms=nvh&mt=1558356324&mv=m&pl=22&shardbypass=yes | US | crx | 842 Kb | whitelisted |
2256 | chrome.exe | GET | 200 | 54.192.216.85:80 | http://i2.createsend1.com/ti/t/B5/2C4/06C/055702/images/newsletterheader.145416.jpg | US | image | 53.3 Kb | whitelisted |
2256 | chrome.exe | GET | 200 | 54.192.216.85:80 | http://css.createsend1.com/css/social.min.css?h=2EF897D7201904141205 | US | text | 759 b | whitelisted |
2256 | chrome.exe | GET | 302 | 172.217.16.142:80 | http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx | US | html | 504 b | whitelisted |
2256 | chrome.exe | GET | 200 | 54.192.216.85:80 | http://css.createsend1.com/css/forward-to-friend.min.css?h=ECF687A0201904141205 | US | text | 2.16 Kb | whitelisted |
2256 | chrome.exe | GET | 200 | 54.192.216.169:80 | http://js.createsend1.com/js/compiled/app/global/polyfill/polyfill.min.js?h=3B4C328A201904141205 | US | text | 6.88 Kb | whitelisted |
2256 | chrome.exe | GET | 200 | 54.192.216.239:80 | http://dinazubihurnevich-allianceseniorcare.forwardtomyfriend.com/favicon.ico | US | html | 306 b | suspicious |
2256 | chrome.exe | GET | 200 | 54.192.216.169:80 | http://js.createsend1.com/js/compiled/app/global/forwardtofriend/app.min.js?h=0D5F94C5201904141205 | US | text | 22.7 Kb | whitelisted |
2256 | chrome.exe | GET | 200 | 103.28.41.12:80 | http://createsend.com/t/t-5FD0A59F6556010D2540EF23F30FEDED | AU | html | 5.10 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2256 | chrome.exe | 172.217.22.67:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
2256 | chrome.exe | 216.58.207.68:443 | www.google.com | Google Inc. | US | whitelisted |
2256 | chrome.exe | 54.192.216.239:80 | dinazubihurnevich-allianceseniorcare.forwardtomyfriend.com | Amazon.com, Inc. | US | unknown |
— | — | 103.28.41.12:80 | createsend.com | CAMPAIGN MONITOR PTY LTD | AU | unknown |
— | — | 172.217.21.237:443 | accounts.google.com | Google Inc. | US | whitelisted |
2256 | chrome.exe | 54.192.216.169:80 | js.createsend1.com | Amazon.com, Inc. | US | unknown |
2256 | chrome.exe | 54.192.216.2:80 | css.createsend.com | Amazon.com, Inc. | US | unknown |
2256 | chrome.exe | 216.58.210.3:443 | www.gstatic.com | Google Inc. | US | whitelisted |
— | — | 54.192.216.85:80 | js.createsend1.com | Amazon.com, Inc. | US | unknown |
2256 | chrome.exe | 54.192.216.85:80 | js.createsend1.com | Amazon.com, Inc. | US | unknown |
Domain | IP | Reputation |
---|---|---|
accounts.google.com |
| shared |
clientservices.googleapis.com |
| whitelisted |
dinazubihurnevich-allianceseniorcare.forwardtomyfriend.com |
| suspicious |
js.createsend1.com |
| whitelisted |
css.createsend.com |
| whitelisted |
css.createsend1.com |
| whitelisted |
www.google.com |
| whitelisted |
createsend.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
clients1.google.com |
| whitelisted |