URL: | https://business.avast.com/public/#download/dta%3Dwoij4uO1SrV1X6-7Vaodr7Ef2JpttD_bsJQkZiNw_sayljlfBSWbYEutX3-SHpQxfVGzcWm6L8GDdPdntFSpXN17tEdhC2AIr328pPFcNWOrJW5UDlZb6ezgE_IpOj3koIvQJd2lrYWHJPIFuaT1KYOsWCYKTAewu6TBuS_rGK0%28%26ncn%3DwhZ10_UXWhPPwR7tcgsQR47p3Xs%28 |
Full analysis: | https://app.any.run/tasks/71b6dc26-4dea-47e0-9eb6-0bbbbb567956 |
Verdict: | Malicious activity |
Analysis date: | December 06, 2019, 14:30:35 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | B91BBB13C4FB35234D0C8BE9C32D28E4 |
SHA1: | 79C6AED1424A341AEAB2EE8C8A7AECEF46C3D501 |
SHA256: | C6015D8FB2569DC0BEA065CA09E6E0C46A6D27F382C963E584B7BDC40CD3E44E |
SSDEEP: | 6:2o6LCKHJlwpQuopJLNL2V0rKzimrVMpW7D2IpRvq3SbhSiZqZIyd:2o6LCcP9Ft2GrKzJrKWHRi3SbhSSq9 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
896 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://business.avast.com/public/#download/dta%3Dwoij4uO1SrV1X6-7Vaodr7Ef2JpttD_bsJQkZiNw_sayljlfBSWbYEutX3-SHpQxfVGzcWm6L8GDdPdntFSpXN17tEdhC2AIr328pPFcNWOrJW5UDlZb6ezgE_IpOj3koIvQJd2lrYWHJPIFuaT1KYOsWCYKTAewu6TBuS_rGK0%28%26ncn%3DwhZ10_UXWhPPwR7tcgsQR47p3Xs%28" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3400 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:896 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1740 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 | ||||
960 | "C:\Program Files\Google\Chrome\Application\chrome.exe" | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 | ||||
2056 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6feda9d0,0x6feda9e0,0x6feda9ec | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 | ||||
3040 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2692 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 | ||||
2352 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=988,9818328314133483865,10402043076335321595,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=17081802617098493550 --mojo-platform-channel-handle=1004 --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 75.0.3770.100 | ||||
2720 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=988,9818328314133483865,10402043076335321595,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=7010292060355818318 --mojo-platform-channel-handle=1616 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | chrome.exe | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 | ||||
3824 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,9818328314133483865,10402043076335321595,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4021696157836127699 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
912 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,9818328314133483865,10402043076335321595,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13318432086916526132 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2408 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 75.0.3770.100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
896 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
896 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3400 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XMUSLJAW\public[1].txt | — | |
MD5:— | SHA256:— | |||
3400 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XMUSLJAW\public[1].htm | html | |
MD5:C2C72C5EF2915C66097E37158F7AC0E9 | SHA256:EA3A4CB0169E0224D23637964FD460CA0CD9BE11474C2A2EBF5E0D5511C5E2DD | |||
3400 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat | dat | |
MD5:D5171EB6B751CAF9A8FC2E981132C9D7 | SHA256:79647D0A087E11A322D7A34700DB0CB60CECD9C3A672A16C1342573AC96F4ACD | |||
3400 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:451381253E40C6E46CBEA9966EE7157E | SHA256:2A91651BA205225F49218B7A4793BB219525E7BF094344269D2397536F0F3F92 | |||
3400 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\53UBUFPH\avast-business-logo-negative[1].svg | image | |
MD5:33C99C48FC7415FD1F9615A6BF8D77FA | SHA256:F8B3A44E67E956EB92F9A3DAD924C41414835134C59DA163AB627908F934CEB7 | |||
3400 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XMUSLJAW\afb__avasticon-font[1].css | text | |
MD5:3FC49CA01F8612EE85CDB01B84043C85 | SHA256:09A95B2668004D18ECA1E382CFEED9DD71E208824DE0BD2478A6A81E823C9F6E | |||
3400 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XMUSLJAW\fusion-fm.min[1].js | text | |
MD5:44A7C71F3BC4AC736A76115C63B7FD26 | SHA256:897B5EADFD46AEFA504B66E34E67DB7CB4F5E2C456D5D89437DF56C5D47EE02A | |||
3400 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:2FEC5DCCF11A493DB58FF2986CC41F08 | SHA256:0D87C58B1A46178421E0A622DB669152EC8A89A635BA343D5F7806D816E9C6C1 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2720 | chrome.exe | GET | 200 | 74.125.155.199:80 | http://r1---sn-p5qs7n7z.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mip=85.203.20.5&mm=28&mn=sn-p5qs7n7z&ms=nvh&mt=1575642566&mv=m&mvi=0&pl=24&shardbypass=yes | US | crx | 293 Kb | whitelisted |
2720 | chrome.exe | GET | 200 | 173.194.7.89:80 | http://r3---sn-p5qs7n7e.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=85.203.20.5&mm=28&mn=sn-p5qs7n7e&ms=nvh&mt=1575642566&mv=m&mvi=2&pl=24&shardbypass=yes | US | crx | 862 Kb | whitelisted |
2720 | chrome.exe | GET | 302 | 172.217.18.110:80 | http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx | US | html | 512 b | whitelisted |
2720 | chrome.exe | GET | 302 | 172.217.18.110:80 | http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx | US | html | 507 b | whitelisted |
2720 | chrome.exe | GET | 200 | 143.204.98.76:80 | http://x.ss2.us/x.cer | US | der | 1.27 Kb | whitelisted |
2720 | chrome.exe | GET | 200 | 93.184.221.240:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | US | compressed | 57.4 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3400 | iexplore.exe | 172.217.21.238:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
3400 | iexplore.exe | 216.58.205.226:443 | www.googleadservices.com | Google Inc. | US | whitelisted |
896 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3400 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3400 | iexplore.exe | 104.17.64.4:443 | cdnjs.cloudflare.com | Cloudflare Inc | US | unknown |
3400 | iexplore.exe | 23.210.250.131:443 | static.avast.com | Akamai International B.V. | NL | whitelisted |
3400 | iexplore.exe | 5.62.38.200:443 | business.avast.com | AVAST Software s.r.o. | NL | unknown |
3400 | iexplore.exe | 216.58.208.40:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
3400 | iexplore.exe | 147.75.32.75:443 | static.hotjar.com | Packet Host, Inc. | US | unknown |
3400 | iexplore.exe | 104.17.65.4:443 | cdnjs.cloudflare.com | Cloudflare Inc | US | unknown |
Domain | IP | Reputation |
---|---|---|
business.avast.com |
| unknown |
www.bing.com |
| whitelisted |
cdnjs.cloudflare.com |
| whitelisted |
static.avast.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
www.googleadservices.com |
| whitelisted |
static.hotjar.com |
| whitelisted |
bat.bing.com |
| whitelisted |
googleads.g.doubleclick.net |
| whitelisted |