File name:

temp.txt

Full analysis: https://app.any.run/tasks/ec5332c1-61ec-47ab-924b-7a2944d3f0a4
Verdict: Malicious activity
Analysis date: March 14, 2019, 17:11:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/plain
File info: ASCII text
MD5:

30742A91F627F07D3C0979CFF90694A7

SHA1:

F0380B115FF4F5C11BCB67A1467EB4DE8A9B4736

SHA256:

B688A0A512CAC3F484C1B51B78B6A60E36EE123CF9A83519A5B67D523B468E51

SSDEEP:

3:N1KOKLW2pb:CO65

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • chrome.exe (PID: 2444)

    • Reads settings of System Certificates

      • chrome.exe (PID: 2444)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
11
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start notepad.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2296"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,5319393405666837340,4270788836679509195,131072 --enable-features=PasswordImport --service-pipe-token=E3B9F8D70FC5DCE5BC07CEAF497EA3A6 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=E3B9F8D70FC5DCE5BC07CEAF497EA3A6 --renderer-client-id=5 --mojo-platform-channel-handle=1924 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2444"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2472"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2452 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2884"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,5319393405666837340,4270788836679509195,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=F8B47CC7B15229DA0C34A58BDF0E7B4E --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=F8B47CC7B15229DA0C34A58BDF0E7B4E --renderer-client-id=7 --mojo-platform-channel-handle=3860 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
3140"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=980,5319393405666837340,4270788836679509195,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=10B559131B5D58C779FCDC36034EA1AB --mojo-platform-channel-handle=2604 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
3224"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,5319393405666837340,4270788836679509195,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=3949923CF29BD0FB417A71D20516B691 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3949923CF29BD0FB417A71D20516B691 --renderer-client-id=6 --mojo-platform-channel-handle=3644 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
3256"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6f5800b0,0x6f5800c0,0x6f5800ccC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
3324"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\temp.txtC:\Windows\system32\NOTEPAD.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3460"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=980,5319393405666837340,4270788836679509195,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=5560DB7B709F785BACBF4DF3B9CB3A7E --mojo-platform-channel-handle=4080 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
3500"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,5319393405666837340,4270788836679509195,131072 --enable-features=PasswordImport --service-pipe-token=C338FF63AB3EB75072D706C921E4C73E --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=C338FF63AB3EB75072D706C921E4C73E --renderer-client-id=3 --mojo-platform-channel-handle=2128 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
522
Read events
476
Write events
43
Delete events
3

Modification events

(PID) Process:(2444) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2444) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2444) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2444) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(2472) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:2444-13197057138589000
Value:
259
(PID) Process:(2444) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(2444) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3516-13180984670829101
Value:
0
(PID) Process:(2444) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(2444) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:2444-13197057138589000
Value:
259
(PID) Process:(2444) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid
Value:
Executable files
0
Suspicious files
47
Text files
81
Unknown types
2

Dropped files

PID
Process
Filename
Type
2444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\18b59e20-3176-4313-8fa2-5a95fab77cb4.tmp
MD5:
SHA256:
2444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
MD5:
SHA256:
2444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
MD5:
SHA256:
2444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\c6a4c20f-29a8-4031-9c08-cb5a8899771c.tmp
MD5:
SHA256:
2444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Versiontext
MD5:
SHA256:
2444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\temp-index
MD5:
SHA256:
2444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF199e59.TMPtext
MD5:
SHA256:
2444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:
SHA256:
2444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.oldtext
MD5:
SHA256:
2444chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF199e98.TMPtext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
51
DNS requests
26
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2444
chrome.exe
GET
301
74.217.253.90:80
http://po.st/rLVzwQ
US
suspicious
2444
chrome.exe
GET
301
104.25.118.11:80
http://normour.com/r/5ae9bdd2-467c-11e9-9731-11461e9f4a1f/0/?_rh=b590I5IG-agsu0-DnAKkNvM0TdMk4iCf9WN3HmuX9JgAINYWYXmfXW3bLbPHZHYoeAoH3VY0WCwsYwwCSPSn4IC3Bwblj9bd3-gv-XiPW8CS1ffp1Uxh3GcW5dZHjfUA75kMHHVWJqRvKF9b39gh-OjL8Kwhfx8QRKg_d1I4FGCT71iyIfMGCyu_bSDQjJ3ANOp7NgQhhLUQYBNqWL6sJNfm0JylRZmWGqLDUZYkrth8fBrEOm5nAdoeVwjThuqfd7rUpls8rLn94LJP_XSMyLhm5fUNJy8w-QgjuM7NIblinp0spRZ6YBa2lXvvMqizVHQcLmLS0JUAQXHCat81xUDkoA-5bpi82yEkxPMab3Lqd6zbWhUk9Nk-zzfR_hH92vsafg
US
whitelisted
2444
chrome.exe
GET
301
104.25.118.11:80
http://normour.com/r/5ae9bdd2-467c-11e9-9731-11461e9f4a1f/1/?_rh=ed1dlMHwRLy2oPSDbUlEEef2M9ubMiQtrOM9mxmVg1rH-lZo3auEzuH4H4nsc1obUEaYrJGUl3i2gZwGoD4c4b7NxR_DHuMiewLc7GD__I410FeapjANN8X6wwNnFXcp1Rrf8jDB4Cczt7JKugZiduKyv7P03-vrj0oWGOL7qPpaJmlfm-7-ebad5yBT6J7Pbt9qhnwtUgNiWZ7zZVF1W6wAxIOabRzh0kgABGFdQQ1akO8bKjwwj1j2azbHWEfMGHI2ATzWN1Odj9QW4hnx8Wf0dBh92MjXIQW2EGW-bdUeQRMy7CsT-t3HSRLP4Lv_sjR4u0Z6grP5l5MEB9GEMTNDEg7k0Z1CA3g60IfAatFKe0k3yXurE5MiQ-3pkWBsSPAYh3nB
US
whitelisted
2444
chrome.exe
GET
200
13.107.4.50:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
55.2 Kb
whitelisted
2444
chrome.exe
GET
308
18.184.12.18:80
http://wooga2.info/LJjV/Mare
US
html
188 b
whitelisted
2444
chrome.exe
GET
301
100.24.181.71:80
http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=120085&sid=2858_b0a6bdc1f6b2amp&xk=10b15043343e2705e6831dae38a2581b&clickid=5ae9bdd2-467c-11e9-9731-11461e9f4a1f&i18n_country=NO
US
html
178 b
unknown
2444
chrome.exe
GET
200
52.84.197.149:80
http://x.ss2.us/x.cer
US
der
1.27 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2444
chrome.exe
172.217.22.67:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
2444
chrome.exe
216.58.208.35:443
www.gstatic.com
Google Inc.
US
whitelisted
2444
chrome.exe
172.217.16.163:443
www.google.de
Google Inc.
US
whitelisted
2444
chrome.exe
172.217.22.10:443
safebrowsing.googleapis.com
Google Inc.
US
whitelisted
2444
chrome.exe
172.217.22.35:443
ssl.gstatic.com
Google Inc.
US
whitelisted
2444
chrome.exe
172.217.22.14:443
apis.google.com
Google Inc.
US
whitelisted
2444
chrome.exe
74.217.253.90:80
po.st
Internap Network Services Corporation
US
unknown
2444
chrome.exe
18.184.12.18:80
wooga2.info
US
unknown
2444
chrome.exe
216.58.206.4:443
www.google.com
Google Inc.
US
whitelisted
2444
chrome.exe
18.184.12.18:443
wooga2.info
US
unknown

DNS requests

Domain
IP
Reputation
www.google.de
  • 172.217.16.163
whitelisted
clientservices.googleapis.com
  • 172.217.22.67
whitelisted
www.gstatic.com
  • 216.58.208.35
whitelisted
safebrowsing.googleapis.com
  • 172.217.22.10
whitelisted
accounts.google.com
  • 172.217.16.141
shared
ssl.gstatic.com
  • 172.217.22.35
whitelisted
apis.google.com
  • 172.217.22.14
whitelisted
po.st
  • 74.217.253.90
suspicious
wooga2.info
  • 18.184.12.18
unknown
www.google.com
  • 216.58.206.4
malicious

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
temp.txt