File name: | Discord Tokens Generator.zip |
Full analysis: | https://app.any.run/tasks/6e33a61b-b5dc-45fc-bd73-87a364639964 |
Verdict: | Malicious activity |
Analysis date: | October 20, 2020, 03:16:29 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | B1B310BB23492228FEC2352927E3B6EE |
SHA1: | 14E28A28A5D67562B145EB34012A98769D69F654 |
SHA256: | 95E4FF61B8BD20F5FB6B4A445F59503447926B30BB886C6335FE3339002AE1A1 |
SSDEEP: | 393216:Xz6wDVoaHjC9xH2/qX3e4dt4BQDP6Ew/1p21vys:Xz6wDnHm9xWUpHAkU/1p+ |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | Discord Tokens Generator.exe |
---|---|
ZipUncompressedSize: | 15862039 |
ZipCompressedSize: | 15573797 |
ZipCRC: | 0xfe490d13 |
ZipModifyDate: | 2020:10:05 10:29:01 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3260 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Discord Tokens Generator.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3620 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3260.15810\Discord Tokens Generator.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3260.15810\Discord Tokens Generator.exe | WinRAR.exe | |
User: admin Integrity Level: MEDIUM Exit code: 4294967295 | ||||
2584 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3260.15810\Discord Tokens Generator.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3260.15810\Discord Tokens Generator.exe | Discord Tokens Generator.exe | |
User: admin Integrity Level: MEDIUM Exit code: 4294967295 | ||||
3132 | C:\Windows\system32\cmd.exe /c title ThisEsteb - Discord Tokens Generator - 0 Tokens | C:\Windows\system32\cmd.exe | — | Discord Tokens Generator.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3876 | "C:\Program Files\Google\Chrome\Application\chrome.exe" | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 | ||||
2576 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6f70a9d0,0x6f70a9e0,0x6f70a9ec | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 | ||||
3872 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3548 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 | ||||
3112 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=996,1031986387425097470,12622182521222023346,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=17834590419946212576 --mojo-platform-channel-handle=1020 --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 75.0.3770.100 | ||||
3596 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=996,1031986387425097470,12622182521222023346,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=11526999282667165897 --mojo-platform-channel-handle=1600 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | chrome.exe | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 | ||||
3736 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=996,1031986387425097470,12622182521222023346,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1427887784047350096 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3260 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3260.15810\Discord Tokens Generator.exe | executable | |
MD5:37195F745437208103E331C64DA5B908 | SHA256:33081DD31F8712B1255F910C58B01F68E8BA1B20F9B7174B1459BEF807F2A4B3 | |||
3620 | Discord Tokens Generator.exe | C:\Users\admin\AppData\Local\Temp\_MEI36202\Crypto\Cipher\_raw_cfb.cp38-win32.pyd | executable | |
MD5:D26D006C35E1F37C8ACA392787521B4F | SHA256:E6B6959B7104B86D80C47E0D538077D8705043431EC4DAE61471543533E16FA4 | |||
3620 | Discord Tokens Generator.exe | C:\Users\admin\AppData\Local\Temp\_MEI36202\Crypto\Hash\_BLAKE2b.cp38-win32.pyd | executable | |
MD5:578E8F078926F5DECFC3A9C943621DE2 | SHA256:764CE76589515870DC1037DF974CF65F552393DEB88E646D3E937F32D1E35ED8 | |||
3620 | Discord Tokens Generator.exe | C:\Users\admin\AppData\Local\Temp\_MEI36202\Crypto\Cipher\_raw_des.cp38-win32.pyd | executable | |
MD5:302449E8BAA408E6A6E218B324383D33 | SHA256:F6DDF25D9A4A3EB86293BB6E849E515D4BEEA49908E281AE1B286CAAAD514E7C | |||
3620 | Discord Tokens Generator.exe | C:\Users\admin\AppData\Local\Temp\_MEI36202\Crypto\Cipher\_raw_aesni.cp38-win32.pyd | executable | |
MD5:5D5C1BC6C74C7C83F27BA9C8C6638863 | SHA256:53D8A935D07BC307692EB1AF1369C62E7AA051224178344270C6A2003394B67B | |||
3620 | Discord Tokens Generator.exe | C:\Users\admin\AppData\Local\Temp\_MEI36202\Crypto\Cipher\_raw_cast.cp38-win32.pyd | executable | |
MD5:6BFCD7F209C7D3E2168EEC0354E90B51 | SHA256:F526A4F1EAD0C2FAC0565830731A28B8B006CECEE809BDAFAD3A39A17A26BC39 | |||
3620 | Discord Tokens Generator.exe | C:\Users\admin\AppData\Local\Temp\_MEI36202\Crypto\Cipher\_raw_ctr.cp38-win32.pyd | executable | |
MD5:37424FF388C6236FEE06022A44FD3BF9 | SHA256:FCE59443A5468B292100E19C30D093DB33F1DB5C032A265AF0944DF388DC62AD | |||
3620 | Discord Tokens Generator.exe | C:\Users\admin\AppData\Local\Temp\_MEI36202\Crypto\Cipher\_raw_arc2.cp38-win32.pyd | executable | |
MD5:81F04220BF3B7B779BFAD8C0FE2C38DE | SHA256:6980DA95392C9B334B41757C0D19A95B8CABFA2608E64ADBA0838A852A2CB5D6 | |||
3620 | Discord Tokens Generator.exe | C:\Users\admin\AppData\Local\Temp\_MEI36202\Crypto\Cipher\_ARC4.cp38-win32.pyd | executable | |
MD5:FC1EF85BCF1D44DB6D32192EDAF931F4 | SHA256:DB4284303E94A682101C2C5FB73DD35405EB04AA7392E34429263547CF5B83B2 | |||
3620 | Discord Tokens Generator.exe | C:\Users\admin\AppData\Local\Temp\_MEI36202\Crypto\Cipher\_Salsa20.cp38-win32.pyd | executable | |
MD5:D60C062852DDF6117AB9764DEC4BC50D | SHA256:9A77AB2C8BFEE75F572B22BFF1ACE6A0E96D6C2969F38164B541B4266A35773B |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3596 | chrome.exe | 216.58.211.110:443 | play.google.com | Google Inc. | US | whitelisted |
3596 | chrome.exe | 172.217.20.110:443 | clients2.google.com | Google Inc. | US | whitelisted |
3596 | chrome.exe | 172.217.17.34:443 | adservice.google.com | Google Inc. | US | whitelisted |
3596 | chrome.exe | 216.58.208.99:443 | www.gstatic.com | Google Inc. | US | whitelisted |
3596 | chrome.exe | 172.217.168.238:443 | apis.google.com | Google Inc. | US | whitelisted |
3596 | chrome.exe | 216.58.208.110:443 | ogs.google.com | Google Inc. | US | whitelisted |
3596 | chrome.exe | 216.58.214.14:443 | consent.google.com | Google Inc. | US | whitelisted |
3596 | chrome.exe | 172.217.17.36:443 | www.google.com | Google Inc. | US | whitelisted |
3596 | chrome.exe | 216.58.214.13:443 | accounts.google.com | Google Inc. | US | suspicious |
3596 | chrome.exe | 216.58.214.10:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
discord.com |
| whitelisted |
clientservices.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
www.google.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
apis.google.com |
| whitelisted |
ogs.google.com |
| whitelisted |
consent.google.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
3596 | chrome.exe | Potential Corporate Privacy Violation | ET POLICY Known External IP Lookup Service Domain in SNI |
3596 | chrome.exe | Potential Corporate Privacy Violation | ET POLICY Known External IP Lookup Service Domain in SNI |