URL:

https://2capallera.com/css/images/cs82108/

Full analysis: https://app.any.run/tasks/31d116ca-7c0f-493d-9a00-1808156d7f9e
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: March 31, 2020, 10:10:51
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
evasion
stealer
Indicators:
MD5:

B2BD3FBF74E13B678745E97705E48C16

SHA1:

2A35AC6DCDD68DB6152C4E53F33A6342B44F0B65

SHA256:

D151C32B2F6E51A1E86478C16B2CDFBCB3169EA8006530D03ED068667249F07E

SSDEEP:

3:N87MyQ3BWKMXn:2oyt

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Factura-AmcNetworks31032020.exe (PID: 2636)
      • Factura-AmcNetworks31032020.exe (PID: 3164)

    • Writes to a start menu file

      • Gld_Supporting.exe (PID: 1500)

    • Stealing of credential data

      • Gld_Supporting.exe (PID: 1500)

    • Loads dropped or rewritten executable

      • Gld_Supporting.exe (PID: 1500)

    • Connects to CnC server

      • Factura-AmcNetworks31032020.exe (PID: 2636)

  • SUSPICIOUS

    • Creates files in the program directory

      • Factura-AmcNetworks31032020.exe (PID: 2636)
      • Gld_Supporting.exe (PID: 1500)

    • Creates files in the user directory

      • Factura-AmcNetworks31032020.exe (PID: 2636)
      • Gld_Supporting.exe (PID: 1500)

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2764)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3800)
      • Gld_Supporting.exe (PID: 1500)

    • Reads Environment values

      • Factura-AmcNetworks31032020.exe (PID: 2636)
      • Gld_Supporting.exe (PID: 1500)

    • Reads Internet Cache Settings

      • Factura-AmcNetworks31032020.exe (PID: 2636)
      • Gld_Supporting.exe (PID: 1500)

    • Checks for external IP

      • Gld_Supporting.exe (PID: 1500)

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3140)
      • iexplore.exe (PID: 3072)
      • chrome.exe (PID: 2764)

    • Application launched itself

      • iexplore.exe (PID: 3072)
      • chrome.exe (PID: 2764)

    • Changes internet zones settings

      • iexplore.exe (PID: 3072)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3140)

    • Reads the hosts file

      • chrome.exe (PID: 2764)
      • chrome.exe (PID: 2072)

    • Manual execution by user

      • chrome.exe (PID: 2764)
      • WinRAR.exe (PID: 3800)
      • Factura-AmcNetworks31032020.exe (PID: 2636)
      • Factura-AmcNetworks31032020.exe (PID: 3164)

    • Creates files in the user directory

      • iexplore.exe (PID: 3072)

    • Reads settings of System Certificates

      • chrome.exe (PID: 2072)
      • iexplore.exe (PID: 3072)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3072)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3072)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
77
Monitored processes
38
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe chrome.exe no specs factura-amcnetworks31032020.exe chrome.exe no specs factura-amcnetworks31032020.exe no specs gld_supporting.exe

Process information

PID
CMD
Path
Indicators
Parent process
676"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,13544776638152194511,1850845629981464205,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12659940558471785330 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2436 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1456"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,13544776638152194511,1850845629981464205,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=5070898836401866062 --mojo-platform-channel-handle=3824 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1500"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1032,13544776638152194511,1850845629981464205,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=17990680760318198184 --mojo-platform-channel-handle=4088 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1500"C:\ProgramData\DecMcS4Tpj\Gld_Supporting.exe" C:\ProgramData\DecMcS4Tpj\Gld_Supporting.exe
Factura-AmcNetworks31032020.exe
User:
admin
Integrity Level:
MEDIUM
Description:
7-Zip Installer -1
Exit code:
0
Version:
19.1.2.3
Modules
Images
c:\windows\system32\bcrypt.dll
c:\windows\system32\devobj.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\evr.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\iertutil.dll
1544"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,13544776638152194511,1850845629981464205,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13901168581784449049 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1712"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,13544776638152194511,1850845629981464205,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=11519380292055276099 --mojo-platform-channel-handle=4084 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1800"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,13544776638152194511,1850845629981464205,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=2806344099108203602 --mojo-platform-channel-handle=3716 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1832"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6ebaa9d0,0x6ebaa9e0,0x6ebaa9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1844"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,13544776638152194511,1850845629981464205,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=252570961818462524 --mojo-platform-channel-handle=3428 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1876"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,13544776638152194511,1850845629981464205,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=7274558155811037657 --mojo-platform-channel-handle=4020 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
7 244
Read events
2 411
Write events
3 275
Delete events
1 558

Modification events

(PID) Process:(3072) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
3265224870
(PID) Process:(3072) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30803780
(PID) Process:(3072) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3072) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3072) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3072) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3072) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3072) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
46000000A1000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(3072) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3072) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
2
Suspicious files
44
Text files
297
Unknown types
20

Dropped files

PID
Process
Filename
Type
2764chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5E83173F-ACC.pma
MD5:
SHA256:
3072iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2764chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old
MD5:
SHA256:
2764chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RFa6813e.TMP
MD5:
SHA256:
2764chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000028.dbtmp
MD5:
SHA256:
3140iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\errorPageStrings[1]text
MD5:
SHA256:
2764chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:
SHA256:
2764chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RFa68073.TMPtext
MD5:
SHA256:
2764chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:
SHA256:
2764chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RFa68083.TMPtext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
57
DNS requests
34
Threats
11

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1500
Gld_Supporting.exe
GET
200
216.239.36.21:80
http://ipinfo.io/json
US
text
319 b
shared
2636
Factura-AmcNetworks31032020.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D
US
der
471 b
whitelisted
2636
Factura-AmcNetworks31032020.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
US
der
471 b
whitelisted
3072
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
3072
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
2636
Factura-AmcNetworks31032020.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAVjKs1LcjoWx51wu2cBcuE%3D
US
der
471 b
whitelisted
2072
chrome.exe
GET
200
173.194.129.232:80
http://r3---sn-q0c7rn76.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mh=bs&mip=81.17.242.238&mm=28&mn=sn-q0c7rn76&ms=nvh&mt=1585649415&mv=m&mvi=2&pl=20&shardbypass=yes
US
crx
862 Kb
whitelisted
1500
Gld_Supporting.exe
GET
200
216.239.36.21:80
http://ipinfo.io/json
US
text
319 b
shared
1500
Gld_Supporting.exe
GET
200
216.239.36.21:80
http://ipinfo.io/json
US
text
319 b
shared
1500
Gld_Supporting.exe
GET
200
216.239.36.21:80
http://ipinfo.io/json
US
text
319 b
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2072
chrome.exe
216.58.207.42:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2072
chrome.exe
216.58.210.14:443
apis.google.com
Google Inc.
US
whitelisted
2072
chrome.exe
172.217.23.163:443
fonts.gstatic.com
Google Inc.
US
whitelisted
2072
chrome.exe
172.217.16.206:443
ogs.google.com.ua
Google Inc.
US
whitelisted
2072
chrome.exe
172.217.22.67:443
www.google.ie
Google Inc.
US
whitelisted
2072
chrome.exe
172.217.16.193:443
clients2.googleusercontent.com
Google Inc.
US
whitelisted
2072
chrome.exe
173.194.129.232:80
r3---sn-q0c7rn76.gvt1.com
Google Inc.
US
whitelisted
3140
iexplore.exe
187.188.127.38:443
2capallera.com
TOTAL PLAY TELECOMUNICACIONES SA DE CV
MX
malicious
3072
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2072
chrome.exe
216.58.208.35:443
clientservices.googleapis.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
2capallera.com
  • 187.188.127.38
malicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
clientservices.googleapis.com
  • 216.58.208.35
whitelisted
accounts.google.com
  • 172.217.16.141
shared
www.google.com.ua
  • 172.217.21.227
whitelisted
fonts.googleapis.com
  • 216.58.207.42
whitelisted
www.gstatic.com
  • 172.217.16.195
whitelisted
apis.google.com
  • 216.58.210.14
whitelisted
ogs.google.com.ua
  • 172.217.16.206
whitelisted

Threats

PID
Process
Class
Message
3140
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3140
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
2636
Factura-AmcNetworks31032020.exe
A Network Trojan was detected
AV TROJAN Banload CnC System Info Exfil
1500
Gld_Supporting.exe
Potential Corporate Privacy Violation
ET POLICY Possible External IP Lookup ipinfo.io
1500
Gld_Supporting.exe
Potential Corporate Privacy Violation
ET POLICY Possible External IP Lookup ipinfo.io
1500
Gld_Supporting.exe
Potential Corporate Privacy Violation
ET POLICY Possible External IP Lookup ipinfo.io
1500
Gld_Supporting.exe
Potential Corporate Privacy Violation
ET POLICY Possible External IP Lookup ipinfo.io
1052
svchost.exe
Potentially Bad Traffic
ET POLICY DNS Query to DynDNS Domain *.hopto .org
1052
svchost.exe
Potentially Bad Traffic
ET POLICY DNS Query to DynDNS Domain *.serveminecraft .net
2 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://2capallera.com/css/images/cs82108/