File name: | temp.txt |
Full analysis: | https://app.any.run/tasks/ec5332c1-61ec-47ab-924b-7a2944d3f0a4 |
Verdict: | Malicious activity |
Analysis date: | March 14, 2019, 17:11:52 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text |
MD5: | 30742A91F627F07D3C0979CFF90694A7 |
SHA1: | F0380B115FF4F5C11BCB67A1467EB4DE8A9B4736 |
SHA256: | B688A0A512CAC3F484C1B51B78B6A60E36EE123CF9A83519A5B67D523B468E51 |
SSDEEP: | 3:N1KOKLW2pb:CO65 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3324 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\temp.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2444 | "C:\Program Files\Google\Chrome\Application\chrome.exe" | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 68.0.3440.106 | ||||
3256 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6f5800b0,0x6f5800c0,0x6f5800cc | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 68.0.3440.106 | ||||
2472 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2452 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 68.0.3440.106 | ||||
3640 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=980,5319393405666837340,4270788836679509195,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=9413AA05D69B8FC871943AA2BBB772BA --mojo-platform-channel-handle=996 --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 68.0.3440.106 | ||||
2296 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,5319393405666837340,4270788836679509195,131072 --enable-features=PasswordImport --service-pipe-token=E3B9F8D70FC5DCE5BC07CEAF497EA3A6 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=E3B9F8D70FC5DCE5BC07CEAF497EA3A6 --renderer-client-id=5 --mojo-platform-channel-handle=1924 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 68.0.3440.106 | ||||
3500 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,5319393405666837340,4270788836679509195,131072 --enable-features=PasswordImport --service-pipe-token=C338FF63AB3EB75072D706C921E4C73E --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=C338FF63AB3EB75072D706C921E4C73E --renderer-client-id=3 --mojo-platform-channel-handle=2128 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 | ||||
3224 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,5319393405666837340,4270788836679509195,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=3949923CF29BD0FB417A71D20516B691 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3949923CF29BD0FB417A71D20516B691 --renderer-client-id=6 --mojo-platform-channel-handle=3644 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 | ||||
2884 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,5319393405666837340,4270788836679509195,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=F8B47CC7B15229DA0C34A58BDF0E7B4E --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=F8B47CC7B15229DA0C34A58BDF0E7B4E --renderer-client-id=7 --mojo-platform-channel-handle=3860 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 68.0.3440.106 | ||||
3460 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=980,5319393405666837340,4270788836679509195,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=5560DB7B709F785BACBF4DF3B9CB3A7E --mojo-platform-channel-handle=4080 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 |
(PID) Process: | (2444) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon |
Operation: | write | Name: | failed_count |
Value: 0 | |||
(PID) Process: | (2444) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon |
Operation: | write | Name: | state |
Value: 2 | |||
(PID) Process: | (2444) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon |
Operation: | write | Name: | state |
Value: 1 | |||
(PID) Process: | (2444) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96} |
Operation: | write | Name: | dr |
Value: 1 | |||
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes |
Operation: | write | Name: | 2444-13197057138589000 |
Value: 259 | |||
(PID) Process: | (2444) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome |
Operation: | write | Name: | UsageStatsInSample |
Value: 0 | |||
(PID) Process: | (2444) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes |
Operation: | delete value | Name: | 3516-13180984670829101 |
Value: 0 | |||
(PID) Process: | (2444) chrome.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96} |
Operation: | write | Name: | usagestats |
Value: 0 | |||
(PID) Process: | (2444) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes |
Operation: | delete value | Name: | 2444-13197057138589000 |
Value: 259 | |||
(PID) Process: | (2444) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96} |
Operation: | write | Name: | metricsid |
Value: |
PID | Process | Filename | Type | |
---|---|---|---|---|
2444 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\18b59e20-3176-4313-8fa2-5a95fab77cb4.tmp | — | |
MD5:— | SHA256:— | |||
2444 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp | — | |
MD5:— | SHA256:— | |||
2444 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp | — | |
MD5:— | SHA256:— | |||
2444 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\c6a4c20f-29a8-4031-9c08-cb5a8899771c.tmp | — | |
MD5:— | SHA256:— | |||
2444 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF199e59.TMP | text | |
MD5:92BE6B127E72365885AD4C3FB6534EE2 | SHA256:54302A2573ACC775720E7DB0AD85873276713302B4F72596A8DCC44B01C70E51 | |||
2444 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old | text | |
MD5:92BE6B127E72365885AD4C3FB6534EE2 | SHA256:54302A2573ACC775720E7DB0AD85873276713302B4F72596A8DCC44B01C70E51 | |||
2444 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\temp-index | — | |
MD5:— | SHA256:— | |||
2444 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version | text | |
MD5:C10EBD4DB49249EFC8D112B2920D5F73 | SHA256:90A1B994CAFE902F22A88A22C0B6CC9CB5B974BF20F8964406DD7D6C9B8867D1 | |||
2444 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF199e98.TMP | text | |
MD5:197882774A7ECEC9046BC48F63189B66 | SHA256:27377B0D5F989997C2C3F74ACF163EED44B60631DDAA768F6655D7BE555742B2 | |||
2444 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF199e98.TMP | text | |
MD5:1AA66EFDB743FB0A8DCC1CD79B0B6542 | SHA256:28D56532CCED7375A2A1C7731E57C1A1C2EC1AC9827F3E5BEEE7F8069A5F87DD |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2444 | chrome.exe | GET | 301 | 74.217.253.90:80 | http://po.st/rLVzwQ | US | — | — | suspicious |
2444 | chrome.exe | GET | 301 | 104.25.118.11:80 | http://normour.com/r/5ae9bdd2-467c-11e9-9731-11461e9f4a1f/0/?_rh=b590I5IG-agsu0-DnAKkNvM0TdMk4iCf9WN3HmuX9JgAINYWYXmfXW3bLbPHZHYoeAoH3VY0WCwsYwwCSPSn4IC3Bwblj9bd3-gv-XiPW8CS1ffp1Uxh3GcW5dZHjfUA75kMHHVWJqRvKF9b39gh-OjL8Kwhfx8QRKg_d1I4FGCT71iyIfMGCyu_bSDQjJ3ANOp7NgQhhLUQYBNqWL6sJNfm0JylRZmWGqLDUZYkrth8fBrEOm5nAdoeVwjThuqfd7rUpls8rLn94LJP_XSMyLhm5fUNJy8w-QgjuM7NIblinp0spRZ6YBa2lXvvMqizVHQcLmLS0JUAQXHCat81xUDkoA-5bpi82yEkxPMab3Lqd6zbWhUk9Nk-zzfR_hH92vsafg | US | — | — | whitelisted |
2444 | chrome.exe | GET | 301 | 104.25.118.11:80 | http://normour.com/r/5ae9bdd2-467c-11e9-9731-11461e9f4a1f/1/?_rh=ed1dlMHwRLy2oPSDbUlEEef2M9ubMiQtrOM9mxmVg1rH-lZo3auEzuH4H4nsc1obUEaYrJGUl3i2gZwGoD4c4b7NxR_DHuMiewLc7GD__I410FeapjANN8X6wwNnFXcp1Rrf8jDB4Cczt7JKugZiduKyv7P03-vrj0oWGOL7qPpaJmlfm-7-ebad5yBT6J7Pbt9qhnwtUgNiWZ7zZVF1W6wAxIOabRzh0kgABGFdQQ1akO8bKjwwj1j2azbHWEfMGHI2ATzWN1Odj9QW4hnx8Wf0dBh92MjXIQW2EGW-bdUeQRMy7CsT-t3HSRLP4Lv_sjR4u0Z6grP5l5MEB9GEMTNDEg7k0Z1CA3g60IfAatFKe0k3yXurE5MiQ-3pkWBsSPAYh3nB | US | — | — | whitelisted |
2444 | chrome.exe | GET | 308 | 18.184.12.18:80 | http://wooga2.info/LJjV/Mare | US | html | 188 b | whitelisted |
2444 | chrome.exe | GET | 200 | 13.107.4.50:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | US | compressed | 55.2 Kb | whitelisted |
2444 | chrome.exe | GET | 301 | 100.24.181.71:80 | http://tours-78-94.wellhello.com/wh_redgirls/?t=25566&aid=120085&sid=2858_b0a6bdc1f6b2amp&xk=10b15043343e2705e6831dae38a2581b&clickid=5ae9bdd2-467c-11e9-9731-11461e9f4a1f&i18n_country=NO | US | html | 178 b | unknown |
2444 | chrome.exe | GET | 200 | 52.84.197.149:80 | http://x.ss2.us/x.cer | US | der | 1.27 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2444 | chrome.exe | 172.217.22.10:443 | safebrowsing.googleapis.com | Google Inc. | US | whitelisted |
2444 | chrome.exe | 172.217.22.14:443 | apis.google.com | Google Inc. | US | whitelisted |
2444 | chrome.exe | 216.58.208.35:443 | www.gstatic.com | Google Inc. | US | whitelisted |
2444 | chrome.exe | 172.217.22.35:443 | ssl.gstatic.com | Google Inc. | US | whitelisted |
2444 | chrome.exe | 172.217.22.67:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
2444 | chrome.exe | 172.217.16.163:443 | www.google.de | Google Inc. | US | whitelisted |
2444 | chrome.exe | 172.217.16.141:443 | accounts.google.com | Google Inc. | US | suspicious |
2444 | chrome.exe | 74.217.253.90:80 | po.st | Internap Network Services Corporation | US | unknown |
2444 | chrome.exe | 18.184.12.18:80 | wooga2.info | — | US | unknown |
2444 | chrome.exe | 104.25.189.21:443 | ads.gold | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
www.google.de |
| whitelisted |
clientservices.googleapis.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
safebrowsing.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
ssl.gstatic.com |
| whitelisted |
apis.google.com |
| whitelisted |
po.st |
| suspicious |
wooga2.info |
| unknown |
www.google.com |
| whitelisted |