URL: | https://u4266501.ct.sendgrid.net/wf/click?upn=pdd3mdGNe-2BcKFsTZX4UNcFA1HVI6Q8Iv69Og2Rgryp6wyfQJ7MhNSq6eAgAa9G4X35dmXQd-2F1hJEPf9pUpQ-2BeB7heR3t8MwsUVrOb4A86K313e-2B4g9NsFMeX5URbT9XvGArHZm9daK4UP3nHER7SCAhUBDFLBkVhCi0cTx5DaTam29Rdw29MIYQsXPEJUxErzS7-2B46p-2BUizy25YDOaWS1sLlufY3e4OlO9FiXGSJo-2Bal1UOw16nkCJ7bb4O-2BW3FSvAugfk-2BJxJ1HPqMBi0a6SFPASIpt6h8dtQJdOdPg0oRa0Nf9Cm7AF-2F22o-2BCVRrFDAEL0mlvNrWJ9lsIfxPB2O-2FPs3VfG7txhJH23tRCpwyaza-2Bw4JPpm4z7-2F6wbkV8ugYLpZMfAkEh1zb2LhDPFTVcFDgdv2XYKIZ8qfep-2BCN5Yjt9zWwhaPdl8jMQ9-2BZcZfJG3ZHeejp0G1hHoG9vdGbwzu9MpvzyRc-2BMX-2F3xYN8vMXpRSYNJvZGe62RNoFRAWVtYm-2FeZKpqfRS-2FdSFCy6rOKPPASis4CPe0CoaJCKR-2BeVi7WygsrbuO-2FDcGiHn103-2BG6rMZvoLvI6Q-2BGCWw0vo7WiE7vmDC0FJZtmoF56gWExsWlaFqx10A2riMjOLeiUYzRT8GdXXgQkhc-2FlC2R59O9igXrnTNzVI28y2Iq3p7bOdwsVLuwtMVM7RI1z88OZDNC0hailMX0kI9KQjk1McaShZguxaDn-2FBt4eTAlVP1WFQvYrR6K4DwFgZckNGPUuhEpkAT3FtmMlGSLAzgk5wkJXUjsHwAAvBu3-2BsxDnH1zI-2BIAESXEb-2FkFmE0r4Ugwa-2F_6HUhi9j3zHg0xQdNErOp32-2FySwqg6i4PI2tCEE2-2BKxAPJ-2BAS-2Fpmky3uHMNJVncsCtmvAp-2Fw4E9o9T6TEoK5H6GqLO6O3j1zaTn-2FljfyQ2JY-2BroE2mYQbkwf4MGiAINPSYm7PxMVGZQ9j80S0ETg7TbDng-2FMvC6iDXjBXK10zKMVVURAZ7qphk7FY9nMR9ReBdbRWJ9EEngz-2Boice-2FuROAjqYnfp4rcYnPjFrS7POJO3sib5t1vx58Fq-2FrAlpLVmRm4dr5ozkB0wBWx9qC4e92AkLJNjokc0ZOnWRcAI2t9rJHcJOMh109MUYuL94OPNSraUpfEyXoncqtaNEwD9nnGVtIT-2BAn8mKr2vkbPQrHfysr-2FMLOnqah3VdYfI3GTZD |
Full analysis: | https://app.any.run/tasks/bcddab90-3b2b-482f-b892-69861d2a41f2 |
Verdict: | Malicious activity |
Analysis date: | March 14, 2019, 15:39:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 807F6EB24B91BAF5004E90C829A33008 |
SHA1: | 6C78F0F84A76D183AD1E33630C7430C02CE2BF2B |
SHA256: | E3CFB79507397C311860E3B77B01983880F7582B87476B21BEE23535E0670FE8 |
SSDEEP: | 24:2yDhnFxBmamC5IFubvjr/NLUqk7Y7PtM391PCG:fDhX5mC2Fumqk7YLUraG |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3372 | "C:\Program Files\Google\Chrome\Application\chrome.exe" https://u4266501.ct.sendgrid.net/wf/click?upn=pdd3mdGNe-2BcKFsTZX4UNcFA1HVI6Q8Iv69Og2Rgryp6wyfQJ7MhNSq6eAgAa9G4X35dmXQd-2F1hJEPf9pUpQ-2BeB7heR3t8MwsUVrOb4A86K313e-2B4g9NsFMeX5URbT9XvGArHZm9daK4UP3nHER7SCAhUBDFLBkVhCi0cTx5DaTam29Rdw29MIYQsXPEJUxErzS7-2B46p-2BUizy25YDOaWS1sLlufY3e4OlO9FiXGSJo-2Bal1UOw16nkCJ7bb4O-2BW3FSvAugfk-2BJxJ1HPqMBi0a6SFPASIpt6h8dtQJdOdPg0oRa0Nf9Cm7AF-2F22o-2BCVRrFDAEL0mlvNrWJ9lsIfxPB2O-2FPs3VfG7txhJH23tRCpwyaza-2Bw4JPpm4z7-2F6wbkV8ugYLpZMfAkEh1zb2LhDPFTVcFDgdv2XYKIZ8qfep-2BCN5Yjt9zWwhaPdl8jMQ9-2BZcZfJG3ZHeejp0G1hHoG9vdGbwzu9MpvzyRc-2BMX-2F3xYN8vMXpRSYNJvZGe62RNoFRAWVtYm-2FeZKpqfRS-2FdSFCy6rOKPPASis4CPe0CoaJCKR-2BeVi7WygsrbuO-2FDcGiHn103-2BG6rMZvoLvI6Q-2BGCWw0vo7WiE7vmDC0FJZtmoF56gWExsWlaFqx10A2riMjOLeiUYzRT8GdXXgQkhc-2FlC2R59O9igXrnTNzVI28y2Iq3p7bOdwsVLuwtMVM7RI1z88OZDNC0hailMX0kI9KQjk1McaShZguxaDn-2FBt4eTAlVP1WFQvYrR6K4DwFgZckNGPUuhEpkAT3FtmMlGSLAzgk5wkJXUjsHwAAvBu3-2BsxDnH1zI-2BIAESXEb-2FkFmE0r4Ugwa-2F_6HUhi9j3zHg0xQdNErOp32-2FySwqg6i4PI2tCEE2-2BKxAPJ-2BAS-2Fpmky3uHMNJVncsCtmvAp-2Fw4E9o9T6TEoK5H6GqLO6O3j1zaTn-2FljfyQ2JY-2BroE2mYQbkwf4MGiAINPSYm7PxMVGZQ9j80S0ETg7TbDng-2FMvC6iDXjBXK10zKMVVURAZ7qphk7FY9nMR9ReBdbRWJ9EEngz-2Boice-2FuROAjqYnfp4rcYnPjFrS7POJO3sib5t1vx58Fq-2FrAlpLVmRm4dr5ozkB0wBWx9qC4e92AkLJNjokc0ZOnWRcAI2t9rJHcJOMh109MUYuL94OPNSraUpfEyXoncqtaNEwD9nnGVtIT-2BAn8mKr2vkbPQrHfysr-2FMLOnqah3VdYfI3GTZD | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 68.0.3440.106 | ||||
2092 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6f5800b0,0x6f5800c0,0x6f5800cc | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 68.0.3440.106 | ||||
3408 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3376 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 68.0.3440.106 | ||||
2492 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=916,242606157672125368,8062065844879851193,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=D24AAD625AB16B6FA0E38663173B429A --mojo-platform-channel-handle=968 --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 68.0.3440.106 | ||||
3140 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=916,242606157672125368,8062065844879851193,131072 --enable-features=PasswordImport --service-pipe-token=BA9BD930A5890A3E39150447521DBC3E --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=BA9BD930A5890A3E39150447521DBC3E --renderer-client-id=4 --mojo-platform-channel-handle=1876 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 | ||||
3932 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=916,242606157672125368,8062065844879851193,131072 --enable-features=PasswordImport --service-pipe-token=5EA4CC695E445DBB2B0637E70157E72B --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5EA4CC695E445DBB2B0637E70157E72B --renderer-client-id=3 --mojo-platform-channel-handle=2160 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 | ||||
3068 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=916,242606157672125368,8062065844879851193,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=9B6CBA602D73F88A6338D3B51628B15E --mojo-platform-channel-handle=3484 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 | ||||
3148 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=916,242606157672125368,8062065844879851193,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=ED8274E59992BE3B515C3B7D4BBB0BE3 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=ED8274E59992BE3B515C3B7D4BBB0BE3 --renderer-client-id=6 --mojo-platform-channel-handle=2620 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 68.0.3440.106 | ||||
3632 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=916,242606157672125368,8062065844879851193,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=5D576D41364BFEF7E4A442C90B7BC1A7 --mojo-platform-channel-handle=3388 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 | ||||
2468 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=916,242606157672125368,8062065844879851193,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=BB84E9E5D61A08EFC251161E9DD77469 --mojo-platform-channel-handle=2584 --ignored=" --type=renderer " /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3372 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\0ee052eb-c6f4-450e-a905-552ccf560be2.tmp | — | |
MD5:— | SHA256:— | |||
3372 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp | — | |
MD5:— | SHA256:— | |||
3372 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp | — | |
MD5:— | SHA256:— | |||
3372 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version | text | |
MD5:C10EBD4DB49249EFC8D112B2920D5F73 | SHA256:90A1B994CAFE902F22A88A22C0B6CC9CB5B974BF20F8964406DD7D6C9B8867D1 | |||
3372 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF1986e9.TMP | text | |
MD5:92BE6B127E72365885AD4C3FB6534EE2 | SHA256:54302A2573ACC775720E7DB0AD85873276713302B4F72596A8DCC44B01C70E51 | |||
3372 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old | text | |
MD5:1AA66EFDB743FB0A8DCC1CD79B0B6542 | SHA256:28D56532CCED7375A2A1C7731E57C1A1C2EC1AC9827F3E5BEEE7F8069A5F87DD | |||
3372 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF198747.TMP | text | |
MD5:1AA66EFDB743FB0A8DCC1CD79B0B6542 | SHA256:28D56532CCED7375A2A1C7731E57C1A1C2EC1AC9827F3E5BEEE7F8069A5F87DD | |||
3372 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old | text | |
MD5:92BE6B127E72365885AD4C3FB6534EE2 | SHA256:54302A2573ACC775720E7DB0AD85873276713302B4F72596A8DCC44B01C70E51 | |||
3372 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF1987e3.TMP | text | |
MD5:F727DD25CDA7B2CC574098CEE1F5764A | SHA256:5F7BD6926940E400EE7FAA6D620192CA299F7B5AAA92D672F8173A767B3FBBFF | |||
3372 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old | text | |
MD5:F727DD25CDA7B2CC574098CEE1F5764A | SHA256:5F7BD6926940E400EE7FAA6D620192CA299F7B5AAA92D672F8173A767B3FBBFF |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3372 | chrome.exe | 216.58.205.227:443 | www.gstatic.com | Google Inc. | US | whitelisted |
3372 | chrome.exe | 172.217.16.195:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
3372 | chrome.exe | 172.217.22.99:443 | ssl.gstatic.com | Google Inc. | US | whitelisted |
3372 | chrome.exe | 167.89.118.35:443 | u4266501.ct.sendgrid.net | SendGrid, Inc. | US | suspicious |
3372 | chrome.exe | 104.111.225.193:443 | www.demandforced3.com | Akamai International B.V. | NL | whitelisted |
3372 | chrome.exe | 167.89.123.16:443 | u4266501.ct.sendgrid.net | SendGrid, Inc. | US | malicious |
3372 | chrome.exe | 130.211.5.208:443 | cdn.mxpnl.com | Google Inc. | US | whitelisted |
3372 | chrome.exe | 172.217.18.110:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
3372 | chrome.exe | 130.211.34.183:443 | api.mixpanel.com | Google Inc. | US | whitelisted |
3372 | chrome.exe | 108.177.15.156:443 | stats.g.doubleclick.net | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
u4266501.ct.sendgrid.net |
| malicious |
www.gstatic.com |
| whitelisted |
clientservices.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
www.demandforced3.com |
| malicious |
local.demandforce.com |
| malicious |
ssl.gstatic.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
ajax.googleapis.com |
| whitelisted |
cdn.mxpnl.com |
| whitelisted |
Process | Message |
---|---|
chrome.exe | Error - |
chrome.exe | Too long restart command line passed |
chrome.exe |