| File name: | 8411026.shtml |
| Full analysis: | https://app.any.run/tasks/f569a811-f979-42a3-b839-912558e42cde |
| Verdict: | No threats detected |
| Analysis date: | April 05, 2019, 08:19:19 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 64 bit) |
| Indicators: | |
| MIME: | text/html |
| File info: | HTML document, ASCII text, with CRLF line terminators |
| MD5: | 83DFBBCF3466E4F9B72729C358FD340E |
| SHA1: | D2E47263CDE40B77DAF436CA4400E76D73DDB4DC |
| SHA256: | A5100207A927D3DF3FEC92BE20393C5A59AEB7567D1E1DF41DB0DC7E511B52E0 |
| SSDEEP: | 3:gkJR9dBSAKDDni4TSWzALb0yg7Mv:P7GdDNTSWzxMv |
MALICIOUS
No malicious indicators.SUSPICIOUS
Modifies files in Chrome extension folder
- chrome.exe (PID: 2132)
INFO
Reads settings of System Certificates
- chrome.exe (PID: 2432)
Reads the machine GUID from the registry
- chrome.exe (PID: 2132)
- chrome.exe (PID: 2432)
- chrome.exe (PID: 2036)
Application launched itself
- chrome.exe (PID: 2132)
Connects to unusual port
- chrome.exe (PID: 2432)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
49
Monitored processes
18
Malicious processes
0
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 836 | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,9943350033793260545,5547960695659629950,131072 --disable-gpu-compositing --service-pipe-token=3663411108337891022 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3663411108337891022 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 73.0.3683.86 Modules
| |||||||||||||||
| 1128 | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,9943350033793260545,5547960695659629950,131072 --service-pipe-token=10664203698284865152 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10664203698284865152 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2448 /prefetch:1 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 73.0.3683.86 Modules
| |||||||||||||||
| 1428 | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,9943350033793260545,5547960695659629950,131072 --service-pipe-token=13161499262444524452 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13161499262444524452 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 73.0.3683.86 Modules
| |||||||||||||||
| 1640 | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=980,9943350033793260545,5547960695659629950,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=10927478121660518439 --mojo-platform-channel-handle=3380 /prefetch:2 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 73.0.3683.86 Modules
| |||||||||||||||
| 1640 | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,9943350033793260545,5547960695659629950,131072 --disable-gpu-compositing --service-pipe-token=639991045499798800 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=639991045499798800 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2892 /prefetch:1 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 73.0.3683.86 Modules
| |||||||||||||||
| 1892 | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,9943350033793260545,5547960695659629950,131072 --disable-gpu-compositing --service-pipe-token=12214322203867862253 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12214322203867862253 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:1 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 73.0.3683.86 Modules
| |||||||||||||||
| 1912 | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,9943350033793260545,5547960695659629950,131072 --service-pipe-token=14230875202606428388 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14230875202606428388 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 73.0.3683.86 Modules
| |||||||||||||||
| 2036 | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=980,9943350033793260545,5547960695659629950,131072 --lang=en-US --no-sandbox --service-request-channel-token=4332996847925728598 --mojo-platform-channel-handle=3324 /prefetch:8 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 73.0.3683.86 Modules
| |||||||||||||||
| 2132 | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "C:\Users\admin\Desktop\8411026.shtml" | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | explorer.exe | ||||||||||||
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 73.0.3683.86 Modules
| |||||||||||||||
| 2144 | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,9943350033793260545,5547960695659629950,131072 --disable-gpu-compositing --service-pipe-token=1659087298873576256 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1659087298873576256 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2320 /prefetch:1 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 73.0.3683.86 Modules
| |||||||||||||||
Total events
1 031
Read events
922
Write events
104
Delete events
5
Modification events
| (PID) Process: | (2132) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon |
| Operation: | write | Name: | failed_count |
Value: 0 | |||
| (PID) Process: | (2132) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon |
| Operation: | write | Name: | state |
Value: 2 | |||
| (PID) Process: | (2132) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty |
| Operation: | write | Name: | StatusCodes |
Value: | |||
| (PID) Process: | (2132) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty |
| Operation: | write | Name: | StatusCodes |
Value: 01000000 | |||
| (PID) Process: | (2132) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon |
| Operation: | write | Name: | state |
Value: 1 | |||
| (PID) Process: | (2288) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes |
| Operation: | write | Name: | 2132-13198925974890125 |
Value: 259 | |||
| (PID) Process: | (2132) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96} |
| Operation: | write | Name: | dr |
Value: 1 | |||
| (PID) Process: | (2132) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome |
| Operation: | write | Name: | UsageStatsInSample |
Value: 1 | |||
| (PID) Process: | (2132) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes |
| Operation: | delete value | Name: | 824-13197472068915039 |
Value: 0 | |||
| (PID) Process: | (2132) chrome.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96} |
| Operation: | write | Name: | usagestats |
Value: 0 | |||
Executable files
0
Suspicious files
44
Text files
84
Unknown types
2
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2132 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old | — | |
MD5:— | SHA256:— | |||
| 2132 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\dea6448c-ad56-408a-a912-011dcbcf25cd.tmp | — | |
MD5:— | SHA256:— | |||
| 2132 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000012.dbtmp | — | |
MD5:— | SHA256:— | |||
| 2132 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1 | — | |
MD5:— | SHA256:— | |||
| 2132 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7319.128.0.1_0\_metadata\computed_hashes.json | text | |
MD5:— | SHA256:— | |||
| 2132 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF1b4013.TMP | text | |
MD5:— | SHA256:— | |||
| 2132 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF1b4061.TMP | text | |
MD5:— | SHA256:— | |||
| 2132 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old | text | |
MD5:— | SHA256:— | |||
| 2132 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version | text | |
MD5:— | SHA256:— | |||
| 2132 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old | text | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
73
TCP/UDP connections
50
DNS requests
21
Threats
152
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
2432 | chrome.exe | GET | 302 | 91.215.153.90:80 | http://top.nov.ru/wqcyN9?r=55024075 | BG | — | — | suspicious |
2432 | chrome.exe | GET | 200 | 144.76.30.39:443 | https://mega-flirt-books.com/?u=qg9pte4&o=wfkkbb8&m=1 | DE | html | 7.00 Kb | whitelisted |
2432 | chrome.exe | GET | 200 | 172.217.22.99:443 | https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=73 | US | compressed | 29.6 Kb | whitelisted |
2432 | chrome.exe | GET | 200 | 144.76.30.39:443 | https://mega-flirt-books.com/media/dating/dirtytinder2/css/style.css | DE | text | 27.5 Kb | whitelisted |
2432 | chrome.exe | GET | 200 | 144.76.30.39:443 | https://mega-flirt-books.com/util/utils.js | DE | text | 5.35 Kb | whitelisted |
2432 | chrome.exe | GET | 200 | 172.217.16.170:443 | https://fonts.googleapis.com/css?family=Monoton|Raleway:400,700|Roboto:300,700 | US | text | 6.37 Kb | whitelisted |
2432 | chrome.exe | GET | 200 | 144.76.30.39:443 | https://mega-flirt-books.com/media/exit-new/exit1.js | DE | text | 32.3 Kb | whitelisted |
2432 | chrome.exe | GET | 301 | 144.76.30.39:80 | http://mega-flirt-books.com/?u=qg9pte4&o=wfkkbb8&m=1 | DE | html | 185 b | whitelisted |
2432 | chrome.exe | GET | 200 | 144.76.30.39:443 | https://mega-flirt-books.com/cookie/js.cookie.js | DE | text | 4.16 Kb | whitelisted |
2432 | chrome.exe | POST | 200 | 172.217.22.45:443 | https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard | US | text | 19 b | shared |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
2432 | chrome.exe | 172.217.22.99:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
2432 | chrome.exe | 172.217.22.45:443 | accounts.google.com | Google Inc. | US | whitelisted |
2432 | chrome.exe | 144.76.30.39:443 | mega-flirt-books.com | Hetzner Online GmbH | DE | unknown |
2432 | chrome.exe | 144.76.30.39:80 | mega-flirt-books.com | Hetzner Online GmbH | DE | unknown |
2432 | chrome.exe | 91.215.153.90:80 | top.nov.ru | ITL Company | BG | suspicious |
2432 | chrome.exe | 172.217.16.170:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2432 | chrome.exe | 139.162.133.246:443 | localdates69.com | Linode, LLC | DE | unknown |
2432 | chrome.exe | 104.16.123.175:443 | unpkg.com | Cloudflare Inc | US | shared |
2432 | chrome.exe | 172.217.21.202:443 | fcm.googleapis.com | Google Inc. | US | whitelisted |
2432 | chrome.exe | 46.161.31.12:443 | chatroom20.com | — | UA | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
clientservices.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
top.nov.ru |
| suspicious |
mega-flirt-books.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
ssl.gstatic.com |
| whitelisted |
clients2.google.com |
| whitelisted |
localdates69.com |
| whitelisted |
tdsjsext3.com |
| malicious |
Threats
PID | Process | Class | Message |
|---|---|---|---|
2432 | chrome.exe | Generic Protocol Command Decode | SURICATA TLS invalid handshake message |
2432 | chrome.exe | Generic Protocol Command Decode | SURICATA TLS invalid record/traffic |
2432 | chrome.exe | Generic Protocol Command Decode | SURICATA TLS invalid handshake message |
2432 | chrome.exe | Generic Protocol Command Decode | SURICATA TLS invalid record/traffic |
2432 | chrome.exe | Generic Protocol Command Decode | SURICATA TLS invalid handshake message |
2432 | chrome.exe | Generic Protocol Command Decode | SURICATA TLS invalid record/traffic |
2432 | chrome.exe | Generic Protocol Command Decode | SURICATA TLS invalid handshake message |
2432 | chrome.exe | Generic Protocol Command Decode | SURICATA TLS invalid record/traffic |
2432 | chrome.exe | Generic Protocol Command Decode | SURICATA TLS invalid handshake message |
2432 | chrome.exe | Generic Protocol Command Decode | SURICATA TLS invalid record/traffic |