URL: | https://crackedpc.org/ammyy-admin-crack-free-download/ |
Full analysis: | https://app.any.run/tasks/38719fcd-39cf-415c-9fbd-732bd62af348 |
Verdict: | Malicious activity |
Threats: | A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. |
Analysis date: | September 25, 2021, 12:07:33 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | EC592A2E154D44F18C4135E7315ACBF4 |
SHA1: | 12F5F7E70FECD985CD50D0DDE5852F378FCA40E5 |
SHA256: | 5E0BB31C5994B0BB8EB4E4F38EA22EA5394691F2FA8E6E52650223ECDDF54BEC |
SSDEEP: | 3:N8KhkzfN7OoAzFmn:2K6T5OdM |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3408 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --disk-cache-dir=null --disk-cache-size=1 --media-cache-size=1 --disable-gpu-shader-disk-cache --disable-background-networking "https://crackedpc.org/ammyy-admin-crack-free-download/" | C:\Program Files\Google\Chrome\Application\chrome.exe | Explorer.EXE | ||||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 3221225547 Version: 86.0.4240.198 Modules
| |||||||||||||||
3852 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6e6fd988,0x6e6fd998,0x6e6fd9a4 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
| |||||||||||||||
1192 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=984,14324523522869615604,1189666205060242149,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgACAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1060 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
| |||||||||||||||
2068 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=984,14324523522869615604,1189666205060242149,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1228 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | chrome.exe | ||||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
| |||||||||||||||
1012 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=984,14324523522869615604,1189666205060242149,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1220 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
| |||||||||||||||
2768 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=984,14324523522869615604,1189666205060242149,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
| |||||||||||||||
3040 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=984,14324523522869615604,1189666205060242149,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
| |||||||||||||||
4068 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=984,14324523522869615604,1189666205060242149,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgACAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2668 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
| |||||||||||||||
3188 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=984,14324523522869615604,1189666205060242149,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
| |||||||||||||||
3624 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=984,14324523522869615604,1189666205060242149,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2876 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3408 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-614F1111-D50.pma | — | |
MD5:— | SHA256:— | |||
3408 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences | text | |
MD5:1202FCD0945706CAC68EBBB6CCDFC2D2 | SHA256:FABD834D27C7306E4325B98B1D35B7222DA0FE2016EC678CA1EC0D09AED27164 | |||
3408 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\0aa30825-c9c1-4d21-856d-163734d044b9.tmp | text | |
MD5:1202FCD0945706CAC68EBBB6CCDFC2D2 | SHA256:FABD834D27C7306E4325B98B1D35B7222DA0FE2016EC678CA1EC0D09AED27164 | |||
3852 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma | binary | |
MD5:03C4F648043A88675A920425D824E1B3 | SHA256:F91DBB7C64B4582F529C968C480D2DCE1C8727390482F31E4355A27BB3D9B450 | |||
3408 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version | text | |
MD5:00046F773EFDD3C8F8F6D0F87A2B93DC | SHA256:593EDE11D17AF7F016828068BCA2E93CF240417563FB06DC8A579110AEF81731 | |||
3408 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001 | binary | |
MD5:5AF87DFD673BA2115E2FCF5CFDB727AB | SHA256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 | |||
3408 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old | text | |
MD5:EF1D5606A483BB6C72C81A3F649BEB18 | SHA256:BA083E7585ADA9936944FE56BC0141A544F18A01C3424E5C9F02375B34FE3D45 | |||
3408 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old | text | |
MD5:5BD3C311F2136A7A88D3E197E55CF902 | SHA256:FA331915E1797E59979A3E4BCC2BD0D3DEAA039B94D4DB992BE251FD02A224B9 | |||
3408 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFfd3d1.TMP | text | |
MD5:8304B8F42465198890090F52D3F80A4C | SHA256:80C32AC2585E7E81200104B1630F19560A156C4ABF51B5888B0FBF07323FAB34 | |||
3408 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RFfd5b6.TMP | text | |
MD5:D0BA19096D6C8F8DE58312E8D938E893 | SHA256:AADE90A7B0984F3C719D528E4E6FAE3854E28B30363BDD4DF65037E69784A078 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2068 | chrome.exe | GET | 301 | 104.21.39.132:80 | http://krmcean.xyz/?s=7&q=SpyHunter+5+Crack+%5BEmail+&dedica=18&hmac=WyJjN2Y0M2Q3MzAwZGE1OGUzZmQ1MmQyZGY1M2M5NGVmNDFmZGUzYmUzIiwiZjhmZjQ0ZDc2N2NmNTNkMDI4ZWQyNmU4YjE5MDE4Zjg5ZDA3YjQwMyIsIjhlZWJmMDUwMTIxMmMwNDIyZjI2MDc5ZjY4MGQxNmIyZjEwNDYwMzIiLCJkYTIxNWYwMTRmYWM5YjgwYWViZDY3YjhiNDQ0NjhiMThkM2M1Mzk1IiwiNGM2MzhhYzU3NDgzMmY1OTA1ZjhjNjQ4ODM5YjIzNzYxNTI2MDE5ZSIsIjZhODgxODFiYWFiODEzYjIyNmFkOTUyMTRjNzVhYzhiNTRkZjEwN2UiLCIxODAzNTZlYzY4MDFiMWU2NWRlOTY2MWE1MzIwYjVhNGVjNmI3ZTc5IiwiOTQ2NzNhNzdjYjNhYWFmYzc5N2RhZmJlNzA4NTRlM2UxMjhjYzE4MSIsIjhkYzYwN2UzMWI5MWExY2NiMDcwNGNmYjk1MTg5NjNmYjMyOTZlN2YiLCIzZjlkNDYyMDAyYTJmMWM1MWQ1OWIwYWY1Y2E2Y2Y1ZGE2Y2Y3M2YwIiwiNDIxZmE2MzUwYWI1NDBhYzQ0ZGRhY2E0YzMzNDg1Y2NlYWM4YmYwMCJd | US | — | — | malicious |
1908 | Sat09127dfa8681ede0.tmp | HEAD | 200 | 162.0.214.42:80 | http://safialinks.com/Installer_Provider/UltraMediaBurner.exe | CA | — | — | whitelisted |
2068 | chrome.exe | GET | 301 | 172.67.187.223:80 | http://ljhjdh.xyz/?s=7&q=Ammyy+Admin+3.10+Crack+++Key+Full+Version&dedica=18&hmac=WyI1MDdmMzFiYzdmMzliNWIyMDkyMTAyYjVkNjNlZThkZDJiNzdhMTZkIiwiNTkzOTc4YWU4NmE1MWFlZDYzYmU5NjcwNzZlNmQ5NzY1MWQ4ZTA1MyIsIjlkZTMyOTMwMWQ0YThiODYwYTNlYzcwMmM5NjM0NTQxODUxY2ViNjQiLCIzMDBiZWE0ZjVlNjhjYTk3YzY1ZTk4MjdkYmE5YTQ0OGY5MjE0YzgzIiwiMzM3YjY5YjJiODY1NGI4MDAyMzVkNmM1MTMzZjgwZTlhZGU1NTdkYiIsIjRkMmNlMDgzMzNjNmYwMzA0ODAzNjUyZWRjY2RiMjQ3ODg0MmFlZTkiLCJlMjM5ZmM2MjJhMGM1YmQ2ZDZlZGNkNWU0NDI5ZGUxYmE1OWY0MmNlIiwiMTU5NWNlNjA1NDcwN2Q3MWQ5YjkyMjEyZDBkNWVlODYwMmYwNzk5MCIsIjQ0OTg4YjJkM2MxNGJhOTdjNDViYjliZWVhN2VjYTg2MWI4YjBkYzQiLCI4MjVlZDU3NWYwZWU3ODJjMzIwMDhkMjlhN2Y1NWYwZTE2OGI0NjUzIiwiZGI3NTQwOGI0YzNiMGYwYzczNWE0ZmEwM2Y0MTM1Y2JkY2QwYWQ2NSJd | US | — | — | malicious |
2704 | Sat0942d118661ebeaa8.exe | GET | 200 | 45.133.1.182:80 | http://45.133.1.182/proxies.txt | unknown | text | 2.45 Kb | suspicious |
2068 | chrome.exe | GET | 302 | 18.237.46.89:80 | http://18.237.46.89/?614f11180510c=c4e394d73d4c90664fde851cfc376696ebe73101Array&m=7&q=Ammyy%20Admin%203.10%20Crack%20%20%20Key%20Full%20Version&dedica=18& | US | html | 19.0 Kb | unknown |
2068 | chrome.exe | POST | 200 | 18.237.46.89:80 | http://18.237.46.89/?cloudx=bedf03089e0c21458177c34&dedica=18&verify-id=7&verify-hash=902ba3cda1883801594b6e1b452790cc53948fda&verify-msch=U3B5SHVudGVyIDUgQ3JhY2sgW0VtYWlsIA==&download=1&xtrans=MTUw | US | compressed | 3.53 Mb | unknown |
2068 | chrome.exe | GET | 302 | 18.237.46.89:80 | http://18.237.46.89/?614f112c991b2=afd9000f759b98c8ff000d8953fe153ff826b14bArray&m=7&q=SpyHunter%205%20Crack%20[Email%20&dedica=18& | US | html | 19.0 Kb | unknown |
2704 | Sat0942d118661ebeaa8.exe | GET | 200 | 37.0.8.119:80 | http://37.0.8.119/base/api/statistics.php | NL | binary | 96 b | malicious |
2068 | chrome.exe | POST | 200 | 18.237.46.89:80 | http://18.237.46.89/?go=a880512d1d5ae&dedica=18 | US | html | 694 b | unknown |
1908 | Sat09127dfa8681ede0.tmp | GET | 200 | 162.0.214.42:80 | http://safialinks.com/Installer_Provider/UltraMediaBurner.exe | CA | executable | 474 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2068 | chrome.exe | 172.217.23.106:443 | content-autofill.googleapis.com | Google Inc. | US | whitelisted |
2068 | chrome.exe | 192.0.76.3:443 | stats.wp.com | Automattic, Inc | US | suspicious |
2068 | chrome.exe | 216.58.212.142:443 | clients2.google.com | Google Inc. | US | whitelisted |
2068 | chrome.exe | 172.67.214.180:443 | crackedpc.org | — | US | suspicious |
2068 | chrome.exe | 157.240.236.1:443 | connect.facebook.net | — | US | unknown |
2068 | chrome.exe | 192.0.77.2:443 | i0.wp.com | Automattic, Inc | US | suspicious |
2068 | chrome.exe | 142.250.184.237:443 | accounts.google.com | Google Inc. | US | suspicious |
2068 | chrome.exe | 142.250.186.168:443 | www.googletagmanager.com | Google Inc. | US | suspicious |
2068 | chrome.exe | 142.250.186.78:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
2068 | chrome.exe | 172.67.180.127:443 | vbdhjtgve.xyz | — | US | unknown |
Domain | IP | Reputation |
---|---|---|
clients2.google.com |
| whitelisted |
crackedpc.org |
| whitelisted |
accounts.google.com |
| shared |
www.google.com |
| whitelisted |
stats.wp.com |
| whitelisted |
vbdhjtgve.xyz |
| malicious |
c0.wp.com |
| whitelisted |
content-autofill.googleapis.com |
| whitelisted |
connect.facebook.net |
| whitelisted |
i0.wp.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2068 | chrome.exe | A Network Trojan was detected | ET TROJAN Fake Software Download Redirect Leading to Malware M3 |
2068 | chrome.exe | A Network Trojan was detected | AV TROJAN Malware Dropper As a Service Download Request |
2068 | chrome.exe | Potentially Bad Traffic | AV INFO HTTP Request to a *.xyz domain |
2068 | chrome.exe | A Network Trojan was detected | ET TROJAN Fake Software Download Redirect Leading to Malware M3 |
2068 | chrome.exe | A Network Trojan was detected | AV TROJAN Malware Dropper As a Service Download Request |
2068 | chrome.exe | Potentially Bad Traffic | AV INFO HTTP Request to a *.xyz domain |
3952 | setup_install.exe | A Network Trojan was detected | AV TROJAN GCleaner Downloader CnC Activity |
3952 | setup_install.exe | Potentially Bad Traffic | AV INFO HTTP Request to a *.xyz domain |
2704 | Sat0942d118661ebeaa8.exe | Generic Protocol Command Decode | SURICATA Applayer Mismatch protocol both directions |
1908 | Sat09127dfa8681ede0.tmp | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
Process | Message |
---|---|
lighteningplayer-cache-gen.exe | main libvlc debug: VLC media player - 3.0.7 Vetinari
|
lighteningplayer-cache-gen.exe | main libvlc debug: Copyright � 1996-2018 the VideoLAN team
|
lighteningplayer-cache-gen.exe | main libvlc debug: revision 3.0.2-225-gc9e3360dd4
|
lighteningplayer-cache-gen.exe | main libvlc debug: configured with ../extras/package/win32/../../../configure '--enable-update-check' '--enable-lua' '--enable-faad' '--enable-flac' '--enable-theora' '--enable-twolame' '--enable-avcodec' '--enable-merge-ffmpeg' '--enable-dca' '--enable-mpc' '--enable-libass' '--enable-x264' '--enable-schroedinger' '--enable-realrtsp' '--enable-live555' '--enable-dvdread' '--enable-shout' '--enable-goom' '--enable-caca' '--enable-qt' '--enable-skins2' '--enable-sse' '--enable-mmx' '--enable-libcddb' '--enable-zvbi' '--disable-telx' '--enable-nls' '--host=i686-w64-mingw32' '--build=x86_64-pc-linux-gnu' 'build_alias=x86_64-pc-linux-gnu' 'host_alias=i686-w64-mingw32'
|
lighteningplayer-cache-gen.exe | main libvlc debug: using multimedia timers as clock source
|
lighteningplayer-cache-gen.exe | main libvlc debug: min period: 1 ms, max period: 1000000 ms
|
lighteningplayer-cache-gen.exe | main libvlc debug: searching plug-in modules
|
lighteningplayer-cache-gen.exe | main libvlc debug: ignoring plugins cache file
|
lighteningplayer-cache-gen.exe | main libvlc debug: recursively browsing `C:\Program Files\lighteningplayer\plugins'
|
lighteningplayer-cache-gen.exe | main libvlc debug: saving plugins cache C:\Program Files\lighteningplayer\plugins\plugins.dat
|