File name: | Darks_Anti_Cheat_Forcer.bat |
Full analysis: | https://app.any.run/tasks/0edc580c-6a63-4166-a485-8bb3e8c85a6b |
Verdict: | Malicious activity |
Analysis date: | September 30, 2020, 01:53:45 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text, with CRLF line terminators |
MD5: | 2DF48BFA5F454CC697A1E624B038C4F3 |
SHA1: | 1E9384ACF4893FFFBCC79E38B695F40F6D656399 |
SHA256: | 8D766D27B96257EDCB5C1300C7D965C91C52CB6F8D27894A1C913F07E27506F3 |
SSDEEP: | 12:89sIdgXgQWEE7ZUMvxMUMUWUMU4xUMU4Q9ztGcbIAUCiByAuNB3DnVeMSBx4G9tG:8TgwQwp9zrzNUaIFvByRbz6rvVEorvBM |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2896 | cmd /c ""C:\Users\admin\AppData\Local\Temp\Darks_Anti_Cheat_Forcer.bat" " | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 255 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2860 | taskkill /f /im FortniteLauncher.exe | C:\Windows\system32\taskkill.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Terminates Processes Exit code: 128 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3324 | taskkill /f /im FortniteClient-Win64-Shipping | C:\Windows\system32\taskkill.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Terminates Processes Exit code: 128 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
184 | taskkill /f /im FortniteClient-Win64-Shipping_BE | C:\Windows\system32\taskkill.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Terminates Processes Exit code: 128 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3496 | taskkill /f /im FortniteClient-Win64-Shipping_EAC | C:\Windows\system32\taskkill.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Terminates Processes Exit code: 128 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
4032 | "C:\Program Files\Google\Chrome\Application\chrome.exe" | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 3221225547 Version: 75.0.3770.100 | ||||
3000 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6d07a9d0,0x6d07a9e0,0x6d07a9ec | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
3144 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1208 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
3764 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1020,8019145158480000674,12942599980220728279,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=7135005041516153370 --mojo-platform-channel-handle=992 --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
2112 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1020,8019145158480000674,12942599980220728279,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=16098392487744294892 --mojo-platform-channel-handle=1576 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | chrome.exe | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
4032 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F73E579-FC0.pma | — | |
MD5:— | SHA256:— | |||
4032 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ce05fced-53ed-4fcd-a56c-e47dab5a1e23.tmp | — | |
MD5:— | SHA256:— | |||
4032 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000046.dbtmp | — | |
MD5:— | SHA256:— | |||
4032 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old | text | |
MD5:D33038DC70A58F2AC0EA1823980691AE | SHA256:6EE5DB5588EB879D13CE5A0DB3CA1744079C1BE3F73959A3B900684C56061D97 | |||
4032 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF3cb707.TMP | text | |
MD5:D33038DC70A58F2AC0EA1823980691AE | SHA256:6EE5DB5588EB879D13CE5A0DB3CA1744079C1BE3F73959A3B900684C56061D97 | |||
4032 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF3cb6f8.TMP | text | |
MD5:D55489ED6031D8B188E37B0B59F5CED3 | SHA256:365B01D1B3333E366EEA50106551AAC8721156CB2572C173E2F501D8255093F4 | |||
4032 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF3cb726.TMP | text | |
MD5:745FF98D6EB320D6A946D4C43E8D3317 | SHA256:558AE8B06570B9C63A72F515E6CD288BCA67368A23E349B625D8B1B7E42E9918 | |||
4032 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old | text | |
MD5:745FF98D6EB320D6A946D4C43E8D3317 | SHA256:558AE8B06570B9C63A72F515E6CD288BCA67368A23E349B625D8B1B7E42E9918 | |||
4032 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old | text | |
MD5:3401B14F6B2624E5E44EB20FB8735443 | SHA256:E32F20AE6528B8952EE2FF112DACEE4E9005868B7DAF85D3533B6F0135403875 | |||
4032 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old | text | |
MD5:C5C3F347BDC11EA7A5BF62BCEA89896F | SHA256:EAE604A1C662FF82AD4B2D1056179FD77587159FDD7F1674404C0465E0610BC1 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2112 | chrome.exe | GET | 301 | 104.24.116.24:80 | http://shorturl.at/djvwN | US | html | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2112 | chrome.exe | 142.250.74.195:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
2112 | chrome.exe | 216.58.208.46:443 | clients2.google.com | Google Inc. | US | whitelisted |
2112 | chrome.exe | 216.58.208.36:443 | www.google.com | Google Inc. | US | whitelisted |
2112 | chrome.exe | 172.217.16.174:443 | sb-ssl.google.com | Google Inc. | US | whitelisted |
2112 | chrome.exe | 172.217.22.77:443 | accounts.google.com | Google Inc. | US | whitelisted |
2112 | chrome.exe | 216.58.207.35:443 | ssl.gstatic.com | Google Inc. | US | whitelisted |
2112 | chrome.exe | 172.217.21.202:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2112 | chrome.exe | 162.159.129.233:443 | cdn.discordapp.com | Cloudflare Inc | — | shared |
2112 | chrome.exe | 104.24.116.24:80 | shorturl.at | Cloudflare Inc | US | unknown |
2112 | chrome.exe | 104.24.117.24:443 | shorturl.at | Cloudflare Inc | US | unknown |
Domain | IP | Reputation |
---|---|---|
clientservices.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
www.google.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
clients2.google.com |
| whitelisted |
ssl.gstatic.com |
| whitelisted |
shorturl.at |
| whitelisted |
www.shorturl.at |
| whitelisted |
cdn.discordapp.com |
| shared |