URL: | http://int.search.myway.com/search/GGmain.jhtml?ct=ARS&n=C08D3D5&p2=%5ECAM%5Emni000%5ELMESLA&pg=GGmain&pn=1&ptb=8AF51EE8-B9D6-4D33-A688-6FCEC9A941CC&qs=&si=&ss=sub&st=tab&trs=wtt&searchfor=Iniciar+Sesi%C3%B3n+en+Hotmail&feedurl=ars%252Ffeedback%253ForiginalQuery%253Dhotmail.com%2526relatedQuery%253Diniciar%252Bsesi%2525C3%2525B3n%252Ben%252Bhotmail&tpr=jre10&ots=1557474722665 |
Full analysis: | https://app.any.run/tasks/9518b41b-75ea-4f1f-b5f5-4e7cb5230bb6 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2019, 16:19:00 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | F1EA5630FF1BB52B251EFB37A15F3A09 |
SHA1: | A26904C97CDB1ECECB12CE994EEF5663D4F923BB |
SHA256: | AC01537AD58D0364018D3270C5558D833F2B2F336751A4B8C4221C086AF3CD59 |
SSDEEP: | 6:CFk1MGYfUGRYJbhn8y1nvhwhkkcKM+5La0MGMxnOfITDHiwcOSixU2GTAAU09x59:ykmGYfUGobayJwhkkcKb5O0MG8n3TDCL |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2980 | "C:\Program Files\Google\Chrome\Application\chrome.exe" http://int.search.myway.com/search/GGmain.jhtml?ct=ARS&n=C08D3D5&p2=%5ECAM%5Emni000%5ELMESLA&pg=GGmain&pn=1&ptb=8AF51EE8-B9D6-4D33-A688-6FCEC9A941CC&qs=&si=&ss=sub&st=tab&trs=wtt&searchfor=Iniciar+Sesi%C3%B3n+en+Hotmail&feedurl=ars%252Ffeedback%253ForiginalQuery%253Dhotmail.com%2526relatedQuery%253Diniciar%252Bsesi%2525C3%2525B3n%252Ben%252Bhotmail&tpr=jre10&ots=1557474722665 | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 73.0.3683.75 | ||||
3600 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=73.0.3683.75 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6ebb0f18,0x6ebb0f28,0x6ebb0f34 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 73.0.3683.75 | ||||
456 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2984 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 73.0.3683.75 | ||||
3988 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=960,5251663985741816586,2983713508810238180,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=3443485333466186929 --mojo-platform-channel-handle=948 --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 73.0.3683.75 | ||||
2372 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,5251663985741816586,2983713508810238180,131072 --enable-features=PasswordImport --service-pipe-token=14179709214135340398 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14179709214135340398 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1940 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 73.0.3683.75 | ||||
3012 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,5251663985741816586,2983713508810238180,131072 --enable-features=PasswordImport --service-pipe-token=11921581067812117256 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11921581067812117256 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 73.0.3683.75 | ||||
3536 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,5251663985741816586,2983713508810238180,131072 --enable-features=PasswordImport --service-pipe-token=11601211660976802937 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11601211660976802937 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2188 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 73.0.3683.75 | ||||
3900 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,5251663985741816586,2983713508810238180,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=10553358274472736317 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10553358274472736317 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 73.0.3683.75 | ||||
2952 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,5251663985741816586,2983713508810238180,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=7821619441295294776 --mojo-platform-channel-handle=3960 --ignored=" --type=renderer " /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 73.0.3683.75 | ||||
3028 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,5251663985741816586,2983713508810238180,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=9420514053350204027 --mojo-platform-channel-handle=4088 --ignored=" --type=renderer " /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 73.0.3683.75 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2980 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index | — | |
MD5:— | SHA256:— | |||
2980 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0 | — | |
MD5:— | SHA256:— | |||
2980 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1 | — | |
MD5:— | SHA256:— | |||
2980 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2 | — | |
MD5:— | SHA256:— | |||
2980 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3 | — | |
MD5:— | SHA256:— | |||
2980 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000018.dbtmp | — | |
MD5:— | SHA256:— | |||
2980 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\8bde6bc9-de9f-4bfb-889d-3bc444b6f89d.tmp | — | |
MD5:— | SHA256:— | |||
2980 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index | — | |
MD5:— | SHA256:— | |||
2980 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0 | — | |
MD5:— | SHA256:— | |||
2980 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1 | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2980 | chrome.exe | GET | 200 | 2.18.232.251:80 | http://int.search.myway.com/assets/js/b2c/b2c-v1-deferred-min-9a4eaf273144ed092cd8c7409bc2334.js | unknown | text | 11.9 Kb | whitelisted |
2980 | chrome.exe | GET | 200 | 2.18.232.251:80 | http://int.search.myway.com/assets/myway_logo_circle_enh_by_google_40height.png | unknown | image | 3.31 Kb | whitelisted |
2980 | chrome.exe | GET | 200 | 2.18.232.251:80 | http://int.search.myway.com/assets/c/SB_button_flat_search_40px_crop.png | unknown | image | 828 b | whitelisted |
2980 | chrome.exe | GET | 200 | 2.18.232.251:80 | http://int.search.myway.com/assets/common/btn-x.png | unknown | image | 1.20 Kb | whitelisted |
2980 | chrome.exe | GET | 200 | 2.18.232.251:80 | http://int.search.myway.com/assets/js/b2c/b2c-p2-min-dcec66fd4116cf998dde0c20d1aea6ca.js | unknown | html | 12.9 Kb | whitelisted |
2980 | chrome.exe | GET | 200 | 2.18.232.251:80 | http://int.search.myway.com/search/GGmain.jhtml?ct=ARS&n=C08D3D5&p2=%5ECAM%5Emni000%5ELMESLA&pg=GGmain&pn=1&ptb=8AF51EE8-B9D6-4D33-A688-6FCEC9A941CC&qs=&si=&ss=sub&st=tab&trs=wtt&searchfor=Iniciar+Sesi%C3%B3n+en+Hotmail&feedurl=ars%252Ffeedback%253ForiginalQuery%253Dhotmail.com%2526relatedQuery%253Diniciar%252Bsesi%2525C3%2525B3n%252Ben%252Bhotmail&tpr=jre10&ots=1557474722665 | unknown | html | 45.2 Kb | whitelisted |
2980 | chrome.exe | GET | 204 | 2.18.232.251:80 | http://int.search.myway.com/search/ulpixel.jhtml?anxuu=70D6EB5E-F030-479D-8824-F6C372BA8E5D&anxa=CAPSearch&anxv=4bb8bc4818346c96b4f77718afc4ae259efd29a2&anxd=2019-05-15T00%3A00%3A00Z&anxsn=&anxu=http%3A%2F%2Fint.search.myway.com%2Fsearch%2FGGmain.jhtml&anxl=en&anxlv=1558369157170&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=3&ss=sub&st=tab&p2=%5ECAM%5Emni000%5ELMESLA&acpt=GGmain.jhtml&actr=LMESLA&n=C08D3D5&RSUser2018=true&userSeg=LMESLA&q=Iniciar%2BSesi%25C3%25B3n%2Ben%2BHotmail&trs=wtt&tpr=jre10&userip=185.212.170.83&queryTerm=Iniciar%2BSesi%25C3%25B3n%2Ben%2BHotmail&pn=1&cb=CAM&ptb=8AF51EE8-B9D6-4D33-A688-6FCEC9A941CC&userSegType=ndl&mvtExperimentId=&mvtCampaignName=&mvtRecipeId=&mvtRecipeName=&endWith=withNoComma&ulMatchInfo=%7B%22engine%22%3A%7B%22eid%22%3A%22googleCSA%22%2C%22erc%22%3A200%2C%22ert%22%3A605%2C%22rreq%22%3A7%2C%22rret%22%3A0%2C%22rd%22%3A0%2C%22rdct%22%3A0%2C%22rdcb%22%3A0%2C%22adrep%22%3A3%2C%22client%22%3A%22iwon-myway-mysearch-ch06%22%2C%22channels%22%3A%22cam-figsd-tab%2Cacqsrc-8858%2Cx-dc-uswest%2Cx-test1%2Cx-ch-ggweb%2Cx-site-mws-new%2Cx-tpr-jre10%2Cx-st-tab%2Cx-ld-lmesla%2Cx-prod-y6%2Cx-prod-cam-chr%2Cch-001%2Cx-mktg-cammni000%2Cx-mktg-cam-mni000%2Cx-geo-ch%2Cch-008%2Cx-pf-win-7%2Cx-br-Chrome%2CCh-053%22%2C%22shadchannels%22%3A%5B%22cam-figsd-tab%22%2C%22acqsrc-8858%22%2C%22x-dc-uswest%22%2C%22x-test1%22%2C%22x-ch-ggweb%22%2C%22x-site-mws-new%22%2C%22x-tpr-jre10%22%2C%22x-st-tab%22%2C%22x-ld-lmesla%22%2C%22x-prod-y6%22%2C%22x-prod-cam-chr%22%2C%22ch-001%22%2C%22x-mktg-cammni000%22%2C%22x-mktg-cam-mni000%22%2C%22x-geo-ch%22%2C%22ch-008%22%2C%22x-pf-win-7%22%2C%22x-br-Chrome%22%5D%2C%22ResponseTimerAt%22%3A1558369158353%2C%22adCalledAt%22%3A1558369158353%2C%22jsCalledAt%22%3A1558369158314%2C%22jsLoadTime%22%3A1558369158334%2C%22adsBlocked%22%3Afalse%2C%22styleId%22%3A5331397229%2C%22adsResponseAt%22%3A1558369158958%2C%22topAdsLoadedAt%22%3A1558369158958%2C%22bottomAdsLoadedAt%22%3A1558369158959%2C%22afterTimeout%22%3A0%2C%22adsAfterTimeout%22%3A0%7D%7D&timeUserRequested=1557474722665&PageShownAt=1558369158958&ourAdsBlocked=false&displayAdShown=false&viewPortWidth=1280&viewPortHeight=720&queryId=f79036ad-b4ba-4665-af02-efd1a1369a72&anxi=afdc910f-9b3e-4bb9-afba-7d5fa1a52b05&anxe=backFill&anxr=241314321 | unknown | image | 1.20 Kb | whitelisted |
2980 | chrome.exe | GET | 200 | 2.18.232.251:80 | http://int.search.myway.com/assets/js/lib/ad-injector-filters/adframe.js | unknown | text | 15 b | whitelisted |
2980 | chrome.exe | GET | 200 | 2.18.232.251:80 | http://int.search.myway.com/assets/js/common/adsense/ourAds.js | unknown | text | 21 b | whitelisted |
2980 | chrome.exe | GET | 302 | 172.217.18.14:80 | http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx | US | html | 505 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2980 | chrome.exe | 216.58.205.227:443 | www.google.ch | Google Inc. | US | whitelisted |
2980 | chrome.exe | 172.217.22.77:443 | accounts.google.com | Google Inc. | US | whitelisted |
2980 | chrome.exe | 172.217.18.4:443 | www.google.com | Google Inc. | US | whitelisted |
2980 | chrome.exe | 172.217.16.163:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
2980 | chrome.exe | 172.217.22.10:443 | translate.googleapis.com | Google Inc. | US | whitelisted |
— | — | 172.217.18.14:80 | redirector.gvt1.com | Google Inc. | US | whitelisted |
2980 | chrome.exe | 216.58.208.33:443 | clients2.googleusercontent.com | Google Inc. | US | whitelisted |
2980 | chrome.exe | 216.58.207.35:443 | ssl.gstatic.com | Google Inc. | US | whitelisted |
— | — | 216.58.208.46:443 | clients2.google.com | Google Inc. | US | whitelisted |
2980 | chrome.exe | 2.18.232.251:80 | int.search.myway.com | Akamai International B.V. | — | whitelisted |
Domain | IP | Reputation |
---|---|---|
clientservices.googleapis.com |
| whitelisted |
int.search.myway.com |
| whitelisted |
accounts.google.com |
| shared |
code.jquery.com |
| whitelisted |
www.google.com |
| whitelisted |
www.google.ch |
| whitelisted |
acceder.email |
| unknown |
computerhoy.com |
| whitelisted |
account.microsoft.com |
| whitelisted |
es-la.facebook.com |
| whitelisted |