URL:

http://s.zhitoudsp.com:808/pch/index.html

Full analysis: https://app.any.run/tasks/8043605f-0b9a-4bf9-a91a-4265cca5968a
Verdict: Malicious activity
Analysis date: September 11, 2019, 05:41:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

5523E0B48386E9F8F42A298510DDD7B7

SHA1:

72257C83E3ECA834D19DC4530EEED83615494CEE

SHA256:

A1AAE2CFF97118FF93321D8FA00DF88E9E802F21183D29201084EAAFA532776B

SSDEEP:

3:N1KNraWgAsaDG:ChaWgyG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2760)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 2760)

    • Reads settings of System Certificates

      • chrome.exe (PID: 296)

    • Reads the hosts file

      • chrome.exe (PID: 296)
      • chrome.exe (PID: 2760)

    • Dropped object may contain Bitcoin addresses

      • chrome.exe (PID: 2760)

    • Changes settings of System certificates

      • chrome.exe (PID: 296)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
78
Monitored processes
44
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
296"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1000,13772133699621992432,5168395197555412328,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=1177424383409044590 --mojo-platform-channel-handle=1540 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
352"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1000,13772133699621992432,5168395197555412328,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=15159372346864489814 --mojo-platform-channel-handle=2188 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
356"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,13772133699621992432,5168395197555412328,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13035599523527954839 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2176"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,13772133699621992432,5168395197555412328,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14153204526662157400 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2256"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1000,13772133699621992432,5168395197555412328,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=12613416916973536162 --mojo-platform-channel-handle=3888 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2376"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,13772133699621992432,5168395197555412328,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1721645116232329704 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2420"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,13772133699621992432,5168395197555412328,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7476123605947787806 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2636"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,13772133699621992432,5168395197555412328,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16530388463772452975 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2652"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,13772133699621992432,5168395197555412328,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14516962269988094903 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2656"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2764 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
630
Read events
535
Write events
91
Delete events
4

Modification events

(PID) Process:(2656) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:2760-13212654086144625
Value:
259
(PID) Process:(2760) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2760) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2760) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(2760) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(2760) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2760) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(2760) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(2760) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:1512-13197841398593750
Value:
0
(PID) Process:(2760) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
Executable files
0
Suspicious files
182
Text files
217
Unknown types
5

Dropped files

PID
Process
Filename
Type
2760chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a983a6a9-35f1-4a6a-a76d-80f177e2cc3c.tmp
MD5:
SHA256:
2760chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000020.dbtmp
MD5:
SHA256:
2760chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old
MD5:
SHA256:
2760chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:
SHA256:
2760chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
MD5:
SHA256:
2760chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF1690fa.TMPtext
MD5:
SHA256:
2760chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF1690bb.TMPtext
MD5:
SHA256:
2760chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
MD5:
SHA256:
2760chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF16909c.TMPtext
MD5:
SHA256:
2760chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Versiontext
MD5:1A89A1BEBE6C843C4FF582E7ED33CA1F
SHA256:65099CA087B66AA8CA420AB121DAAD713E1DB5A61C5A574D9B1C0DF24F012520
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
228
TCP/UDP connections
263
DNS requests
172
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
296
chrome.exe
GET
302
116.55.250.148:80
http://newcar.xcar.com.cn/xcarjump/new_jump_other.php
CN
unknown
296
chrome.exe
GET
200
118.193.104.48:80
http://stat.funshion.net/ecom-ad/ifar_all/?oc=c00100085
CN
malicious
296
chrome.exe
GET
200
118.193.104.48:80
http://stat.funshion.net/ecom-ad/ifar_load/?rprotocol=1&fck=15681804915ffce&mick=&oc=c00100085&loc=http%3A%2F%2Fvas.fun.tv%2Fmarket%2Fext%2Fudc%2Fc00100085.html%3Fzzt%3D1&ref=http%3A%2F%2Ftui.zhitoudsp.com%3A807%2Fip%2Fhuo.html&ua=Mozilla%2F5.0%20(Windows%20NT%206.1)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F75.0.3770.100%20Safari%2F537.36&beif=1&fin=0&ext=&source=null&cvid=75e1a545661572b5
CN
malicious
296
chrome.exe
GET
200
119.188.176.49:80
http://dup.baidustatic.com/js/os.js
CN
text
36.0 Kb
whitelisted
296
chrome.exe
GET
200
221.229.204.28:808
http://s.zhitoudsp.com:808/pch/index.html
CN
html
326 b
unknown
296
chrome.exe
GET
200
221.229.204.28:808
http://s.zhitoudsp.com:808/pch/yrc_001pc.js
CN
text
992 b
unknown
296
chrome.exe
GET
200
221.229.204.28:807
http://tui.zhitoudsp.com:807/ip/huo.html
CN
html
648 b
unknown
296
chrome.exe
GET
200
121.196.131.201:80
http://pc.botmh.com/jiuji
CN
compressed
1.13 Kb
unknown
296
chrome.exe
GET
200
182.61.200.109:80
http://pos.baidu.com/icxm?psi=5540490ca74ad025fbb0cd05320e5c99&di=5848908&dri=0&dis=15&dai=0&ps=8x8&enu=encoding&exps=110011&dcb=___adblockplus&dtm=SSP_JSONP&dvi=0.0&dci=-1&dpt=none&tsr=0&tpr=1568180490179&ari=2&dbv=2&drs=1&pcs=0x0&pss=1x16&cfv=0&cpl=3&chi=1&cce=true&cec=GBK&tlm=1559399672&rw=320&ltu=http%3A%2F%2Fs.zhitoudsp.com%3A808%2Fpch%2Findex.html&liu=http%3A%2F%2Ftui.zhitoudsp.com%3A807%2Fip%2Fhuo.html&ltr=http%3A%2F%2Fs.zhitoudsp.com%3A808%2Fpch%2Findex.html&ecd=1&uc=1280x692&pis=0x0&sr=1280x720&tcn=1568180490&lto=http%3A%2F%2Fs.zhitoudsp.com%3A808&ltl=1
CN
text
790 b
whitelisted
296
chrome.exe
GET
200
60.222.11.47:80
http://vas.fun.tv/market/ext/udc/c00100085.html?zzt=1
CN
html
783 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
296
chrome.exe
221.229.204.28:807
s.zhitoudsp.com
No.31,Jin-rong Street
CN
unknown
296
chrome.exe
121.196.131.201:80
pc.botmh.com
Hangzhou Alibaba Advertising Co.,Ltd.
CN
unknown
296
chrome.exe
119.188.176.49:80
dup.baidustatic.com
CHINA UNICOM China169 Backbone
CN
unknown
296
chrome.exe
60.222.11.47:80
vas.fun.tv
CHINA UNICOM China169 Backbone
CN
malicious
296
chrome.exe
219.136.244.23:443
price.pcauto.com.cn
CHINANET Guangdong province network
CN
unknown
296
chrome.exe
116.55.250.148:80
newcar.xcar.com.cn
CHINANET Sichuan province Chengdu MAN network
CN
unknown
296
chrome.exe
118.193.104.48:80
stat.funshion.net
IDC, China Telecommunications Corporation
CN
malicious
296
chrome.exe
116.211.183.234:80
s5.cnzz.com
CHINANET Hubei province network
CN
suspicious
296
chrome.exe
203.119.129.115:443
z12.cnzz.com
CN
malicious
296
chrome.exe
163.171.140.176:443
js.3conline.com
US
unknown

DNS requests

Domain
IP
Reputation
s.zhitoudsp.com
  • 221.229.204.28
unknown
accounts.google.com
  • 216.58.207.77
shared
clientservices.googleapis.com
  • 172.217.23.163
whitelisted
s5.cnzz.com
  • 116.211.183.234
whitelisted
tui.zhitoudsp.com
  • 221.229.204.28
unknown
dup.baidustatic.com
  • 119.188.176.49
whitelisted
cnzzz.zhitoudsp.com
  • 221.229.204.28
unknown
s23.cnzz.com
  • 116.211.183.234
suspicious
pc.botmh.com
  • 121.196.131.201
unknown
price.pcauto.com.cn
  • 219.136.244.23
malicious

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://s.zhitoudsp.com:808/pch/index.html