URL:

https://www2.openstax.org/e/218812/g-2022-b2s-drip-1-utm-term-CTA/wl92kr/1497717912?h=HSuHRYCRyt-F-ecjBAapuZ9KXhDmHMKf2aQXF90wOuQ

Full analysis: https://app.any.run/tasks/c358cfef-abe1-4c00-8deb-424061663760
Verdict: Malicious activity
Analysis date: January 14, 2022, 21:18:26
OS: Windows 7 Professional Service Pack 1 (build: 7601, 64 bit)
Tags:
opendir
Indicators:
MD5:

3CC715859CC25008AFE984EC50DAE7E6

SHA1:

C1771BB89D898161EB409C4CB222B1C6C9099A75

SHA256:

8DB4D9708DCC5469FF5B5CCFF1616FA27F98CC3466A96788140A4536FFD3C928

SSDEEP:

3:N8DSXuiJDYEqItXI8IQRL8k4dSc1NTQt385Re9YN6UdouLE0uZh:2OXuiFq6bMk4QINT4BGNouBoh

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Checks supported languages

      • chrome.exe (PID: 1232)
      • chrome.exe (PID: 1212)
      • chrome.exe (PID: 2792)
      • chrome.exe (PID: 1052)
      • chrome.exe (PID: 448)
      • chrome.exe (PID: 2352)
      • chrome.exe (PID: 456)
      • chrome.exe (PID: 2412)
      • chrome.exe (PID: 860)

    • Application launched itself

      • chrome.exe (PID: 1232)

    • Reads the computer name

      • chrome.exe (PID: 1232)
      • chrome.exe (PID: 2792)
      • chrome.exe (PID: 1052)

    • Reads the hosts file

      • chrome.exe (PID: 1232)
      • chrome.exe (PID: 1052)

    • Reads settings of System Certificates

      • chrome.exe (PID: 1052)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
9
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
448"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=408 --on-initialized-event-handle=320 --parent-handle=324 /prefetch:6C:\Program Files (x86)\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files (x86)\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
456"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,1262032317923515546,9175618153933257295,131072 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12395740541500719409 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2588 /prefetch:1C:\Program Files (x86)\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files (x86)\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
860"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,1262032317923515546,9175618153933257295,131072 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8428730744646909845 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1C:\Program Files (x86)\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files (x86)\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
1052"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1048,1262032317923515546,9175618153933257295,131072 --lang=en-US --service-sandbox-type=network --service-request-channel-token=5129757341701301222 --mojo-platform-channel-handle=1568 /prefetch:8C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files (x86)\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
1212"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x84,0x88,0x8c,0x80,0x90,0x7fef5653ef8,0x7fef5653f08,0x7fef5653f18C:\Program Files (x86)\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files (x86)\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files (x86)\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
1232"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disk-cache-dir=null --disk-cache-size=1 --media-cache-size=1 --disable-gpu-shader-disk-cache --disable-background-networking "https://www2.openstax.org/e/218812/g-2022-b2s-drip-1-utm-term-CTA/wl92kr/1497717912?h=HSuHRYCRyt-F-ecjBAapuZ9KXhDmHMKf2aQXF90wOuQ"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Explorer.EXE
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files (x86)\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2352"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,1262032317923515546,9175618153933257295,131072 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1828915497782822994 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1C:\Program Files (x86)\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files (x86)\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\program files (x86)\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll
2412"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1048,1262032317923515546,9175618153933257295,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=1335067446905022017 --mojo-platform-channel-handle=3384 /prefetch:2C:\Program Files (x86)\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files (x86)\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2792"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1048,1262032317923515546,9175618153933257295,131072 --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=12604696801702740033 --mojo-platform-channel-handle=1116 --ignored=" --type=renderer " /prefetch:2C:\Program Files (x86)\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files (x86)\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\program files (x86)\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
Total events
4 485
Read events
4 434
Write events
48
Delete events
3

Modification events

(PID) Process:(1232) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(1232) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(1232) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(1232) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(1232) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(1232) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(1232) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
1
(PID) Process:(1232) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:2324-13239293534024414
Value:
0
(PID) Process:(1232) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(1232) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid
Value:
Executable files
0
Suspicious files
83
Text files
39
Unknown types
5

Dropped files

PID
Process
Filename
Type
1232chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61E1E8A5-4D0.pma
MD5:
SHA256:
1232chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
MD5:
SHA256:
1232chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
MD5:
SHA256:
1232chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
MD5:
SHA256:
1232chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
MD5:
SHA256:
1232chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
MD5:
SHA256:
1232chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old
MD5:
SHA256:
1232chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old
MD5:
SHA256:
1232chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
MD5:
SHA256:
1232chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
64
DNS requests
41
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1052
chrome.exe
GET
200
104.18.21.226:80
http://secure.globalsign.com/cacert/root-r3.crt
US
der
867 b
whitelisted
1052
chrome.exe
GET
200
143.204.214.125:80
http://x.ss2.us/x.cer
US
der
1.27 Kb
whitelisted
1052
chrome.exe
GET
200
72.247.185.59:80
http://apps.identrust.com/roots/dstrootcax3.p7c
NL
cat
893 b
shared
1052
chrome.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?43e959b925083603
US
compressed
59.9 Kb
whitelisted
1052
chrome.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635CB039D4329A5E8.crt?54f16d6ad0295c7c
US
der
1.36 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1052
chrome.exe
172.217.17.110:443
www.google-analytics.com
Google Inc.
US
whitelisted
1052
chrome.exe
142.250.186.77:443
accounts.google.com
Google Inc.
US
suspicious
1052
chrome.exe
35.174.150.168:443
www2.openstax.org
Amazon.com, Inc.
US
malicious
1052
chrome.exe
209.197.3.8:80
ctldl.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
1052
chrome.exe
72.247.185.59:80
apps.identrust.com
Akamai International B.V.
NL
whitelisted
13.224.193.54:443
openstax.org
US
malicious
1052
chrome.exe
13.224.193.54:443
openstax.org
US
malicious
1052
chrome.exe
142.250.187.174:443
www.googleoptimize.com
Google Inc.
US
whitelisted
1052
chrome.exe
185.60.216.19:443
connect.facebook.net
Facebook, Inc.
IE
whitelisted
1052
chrome.exe
13.225.80.92:443
js.pulseinsights.com
US
unknown

DNS requests

Domain
IP
Reputation
accounts.google.com
  • 142.250.186.77
shared
www2.openstax.org
  • 35.174.150.168
malicious
apps.identrust.com
  • 72.247.185.59
  • 72.247.185.41
shared
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
openstax.org
  • 13.224.193.54
  • 13.224.193.115
  • 13.224.193.56
  • 13.224.193.16
whitelisted
www.google-analytics.com
  • 172.217.17.110
whitelisted
www.googleoptimize.com
  • 142.250.187.174
whitelisted
script.crazyegg.com
  • 104.19.148.8
  • 104.19.147.8
whitelisted
pi.pardot.com
  • 35.174.150.168
whitelisted
js.pulseinsights.com
  • 13.225.80.92
  • 13.225.80.83
  • 13.225.80.31
  • 13.225.80.38
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www2.openstax.org/e/218812/g-2022-b2s-drip-1-utm-term-CTA/wl92kr/1497717912?h=HSuHRYCRyt-F-ecjBAapuZ9KXhDmHMKf2aQXF90wOuQ