File name:

Keyword Scraper - by xRisky.rar

Full analysis: https://app.any.run/tasks/006af97f-be37-42c2-83bd-0d0abc4b15f3
Verdict: Malicious activity
Analysis date: July 09, 2023, 07:14:18
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

832AA1F6C3AD0BA9231CDB6D6D953F6D

SHA1:

58E660D541B542CA3293FC27273F62E90003901A

SHA256:

EF5A9F70E6479173CCF4C4067709F95D79B3E9D3BEF0E60382F071591F748AEB

SSDEEP:

196608:OtSDpjNFNcum0tSDpi93sU923HYChrn8YgvFYHr:fjNL+43sUs34CF8vvGHr

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Launcher.exe (PID: 2220)
      • Keyword Scraper v1.exe (PID: 3444)
      • Scraper.exe (PID: 3976)
      • Runtime Explorer.exe (PID: 2936)
      • Secure System Shell.exe (PID: 3732)
      • Windows Services.exe (PID: 1828)
      • Runtime Explorer.exe (PID: 3496)
      • Runtime Explorer.exe (PID: 3744)
      • Runtime Explorer.exe (PID: 3328)

    • Loads dropped or rewritten executable

      • Launcher.exe (PID: 2220)
      • Scraper.exe (PID: 3976)

    • Adds path to the Windows Defender exclusion list

      • Launcher.exe (PID: 2220)

    • Create files in the Startup directory

      • Launcher.exe (PID: 2220)

  • SUSPICIOUS

    • Reads the Internet Settings

      • Keyword Scraper v1.exe (PID: 3444)
      • powershell.exe (PID: 3072)
      • Launcher.exe (PID: 2220)
      • Windows Services.exe (PID: 1828)
      • Scraper.exe (PID: 3976)

    • Script adds exclusion path to Windows Defender

      • Launcher.exe (PID: 2220)

    • The process creates files with name similar to system file names

      • WinRAR.exe (PID: 4060)
      • Launcher.exe (PID: 2220)

    • Starts POWERSHELL.EXE for commands execution

      • Launcher.exe (PID: 2220)

    • Using PowerShell to operate with local accounts

      • powershell.exe (PID: 3072)

    • Executable content was dropped or overwritten

      • Launcher.exe (PID: 2220)

    • Reads Internet Explorer settings

      • Scraper.exe (PID: 3976)

  • INFO

    • Checks supported languages

      • Keyword Scraper v1.exe (PID: 3444)
      • Launcher.exe (PID: 2220)
      • Scraper.exe (PID: 3976)
      • Windows Services.exe (PID: 1828)
      • Secure System Shell.exe (PID: 3732)
      • Runtime Explorer.exe (PID: 2936)
      • Runtime Explorer.exe (PID: 3496)
      • Runtime Explorer.exe (PID: 3744)
      • Runtime Explorer.exe (PID: 3328)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 4060)

    • The process checks LSA protection

      • Keyword Scraper v1.exe (PID: 3444)
      • Launcher.exe (PID: 2220)
      • Scraper.exe (PID: 3976)
      • Runtime Explorer.exe (PID: 2936)
      • Windows Services.exe (PID: 1828)
      • Runtime Explorer.exe (PID: 3744)
      • Runtime Explorer.exe (PID: 3496)
      • Runtime Explorer.exe (PID: 3328)

    • Reads the computer name

      • Launcher.exe (PID: 2220)
      • Keyword Scraper v1.exe (PID: 3444)
      • Windows Services.exe (PID: 1828)
      • Secure System Shell.exe (PID: 3732)
      • Scraper.exe (PID: 3976)

    • Reads the machine GUID from the registry

      • Launcher.exe (PID: 2220)
      • Runtime Explorer.exe (PID: 2936)
      • Scraper.exe (PID: 3976)
      • Runtime Explorer.exe (PID: 3496)
      • Runtime Explorer.exe (PID: 3744)
      • Runtime Explorer.exe (PID: 3328)

    • Create files in a temporary directory

      • Runtime Explorer.exe (PID: 2936)
      • Runtime Explorer.exe (PID: 3496)
      • Runtime Explorer.exe (PID: 3744)
      • Runtime Explorer.exe (PID: 3328)

    • Creates files or folders in the user directory

      • Launcher.exe (PID: 2220)

    • Reads Environment values

      • Scraper.exe (PID: 3976)

    • Application launched itself

      • chrome.exe (PID: 3624)

    • Manual execution by a user

      • chrome.exe (PID: 3624)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
84
Monitored processes
38
Malicious processes
6
Suspicious processes
3

Behavior graph

Click at the process to see the details
drop and start start drop and start winrar.exe keyword scraper v1.exe no specs launcher.exe powershell.exe no specs scraper.exe windows services.exe no specs secure system shell.exe no specs runtime explorer.exe no specs runtime explorer.exe no specs runtime explorer.exe no specs runtime explorer.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
128"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,1226719744569892035,11375226025914254008,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1408 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
900"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1032,1226719744569892035,11375226025914254008,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2676 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
932"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1032,1226719744569892035,11375226025914254008,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2988 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1024"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,1226719744569892035,11375226025914254008,131072 --enable-features=PasswordImport --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1060"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,1226719744569892035,11375226025914254008,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1680"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,1226719744569892035,11375226025914254008,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3792 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1796"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,1226719744569892035,11375226025914254008,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1828"C:\Windows\IMF\Windows Services.exe" {Arguments If Needed}C:\Windows\IMF\Windows Services.exeLauncher.exe
User:
admin
Integrity Level:
HIGH
Description:
Windows Services
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\windows\imf\windows services.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
2060"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1032,1226719744569892035,11375226025914254008,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
2176"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1032,1226719744569892035,11375226025914254008,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2992 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
Total events
27 149
Read events
26 821
Write events
322
Delete events
6

Modification events

(PID) Process:(4060) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(4060) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(4060) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(4060) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(4060) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(4060) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(4060) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(4060) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(4060) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(4060) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
28
Suspicious files
164
Text files
108
Unknown types
0

Dropped files

PID
Process
Filename
Type
4060WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa4060.39589\Keyword Scraper - by xRisky\gScrape\DevComponents.DotNetBar2.dllexecutable
MD5:D068CE38F5F9CAED1E63FFB1169EDE92
SHA256:08C17E74BE6CEEE14634C12BCEE4985490620C2C39986D2EFC367CC86F3339C7
4060WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa4060.39589\Keyword Scraper - by xRisky\gScrape\bcastdvr.proxy.dllexecutable
MD5:EB1E9D853B3A71F8DB7DE8A1EE04A757
SHA256:610AB0B7BEE791A97E1EBB78A71897ADCDAD3E1DB53598A1E1FBA0B3CAE624C3
4060WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa4060.39589\Keyword Scraper - by xRisky\gScrape\gScrape.vshost.exe.manifestxml
MD5:A19A2658BA69030C6AC9D11FD7D7E3C1
SHA256:C0085EB467D2FC9C9F395047E057183B3CD1503A4087D0DB565161C13527A76F
4060WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa4060.39589\Keyword Scraper - by xRisky\gScrape\geckodriver.exeexecutable
MD5:9AB2C9902D01E699BE19989695B8FA54
SHA256:3104A5BA26FF22962D0D75536506C081939BCD7580BA16503D4F3CE5507D06D2
4060WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa4060.39589\Keyword Scraper - by xRisky\DevComponents.DotNetBar2.dllexecutable
MD5:D068CE38F5F9CAED1E63FFB1169EDE92
SHA256:08C17E74BE6CEEE14634C12BCEE4985490620C2C39986D2EFC367CC86F3339C7
4060WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa4060.39589\Keyword Scraper - by xRisky\gScrape\gScrape.exeexecutable
MD5:4A93F404B4D93301D5D29B49148F1C4A
SHA256:AD9A8548ED89FE552F3042D0E666F91A977A263BC1D110C541BA3184AA62866F
4060WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa4060.39589\Keyword Scraper - by xRisky\gScrape\dsregtask.dllexecutable
MD5:A19DC8EB9BC666E09318BB14752FBBAE
SHA256:77162AD33EE59E96882E02EBAE14CE3A214A687E9E62FF1F93128702B5315C8D
4060WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa4060.39589\Keyword Scraper - by xRisky\gScrape\gScrape.pdbbinary
MD5:7C7A79CCA57F887A259ED60F8F69C2C8
SHA256:D523F3EB0C47EBDE7743AE30E2ACEA92151BD1472DCA7407F4BE525E6B6798A2
4060WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa4060.39589\Keyword Scraper - by xRisky\gScrape\gScrape.vshost.exeexecutable
MD5:02BE6D33B1EDBC61C79882D3F556BD8A
SHA256:4C9F9B9DE2FFEEA9CCC6524D05EA5B78A14C1642CECC189FE40E7A57A6C294B3
4060WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa4060.39589\Keyword Scraper - by xRisky\gScrape\Keyword Scraper.pdbpdb
MD5:FDDB0FD6E8710CCE14AA559A8BD431D4
SHA256:AAACE21EA0E8CD94ADC9AACCFE5B8201EB9642FF15FC598DF5D7B6B75869276C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
73
TCP/UDP connections
65
DNS requests
33
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3976
Scraper.exe
GET
200
142.250.185.206:80
http://suggestqueries.google.com/complete/search?output=toolbar&hl=en&q=spotify%20A
US
xml
818 b
whitelisted
3976
Scraper.exe
GET
200
142.250.185.206:80
http://suggestqueries.google.com/complete/search?output=toolbar&hl=en&q=%0Aspotify%20premiium%20B
US
xml
897 b
whitelisted
3976
Scraper.exe
GET
200
142.250.185.206:80
http://suggestqueries.google.com/complete/search?output=toolbar&hl=en&q=%0Aspotify%20premiium%20A
US
xml
42 b
whitelisted
3976
Scraper.exe
GET
200
142.250.185.206:80
http://suggestqueries.google.com/complete/search?output=toolbar&hl=en&q=%0Aspotify%20premiium%20M
US
xml
960 b
whitelisted
3976
Scraper.exe
GET
200
142.250.185.206:80
http://suggestqueries.google.com/complete/search?output=toolbar&hl=en&q=%0Aspotify%20premiium%20E
US
xml
892 b
whitelisted
3976
Scraper.exe
GET
200
142.250.185.206:80
http://suggestqueries.google.com/complete/search?output=toolbar&hl=en&q=%0Aspotify%20premiium%20K
US
xml
884 b
whitelisted
3976
Scraper.exe
GET
200
142.250.185.206:80
http://suggestqueries.google.com/complete/search?output=toolbar&hl=en&q=spotify%20E
US
xml
863 b
whitelisted
3976
Scraper.exe
GET
200
142.250.185.206:80
http://suggestqueries.google.com/complete/search?output=toolbar&hl=en&q=%0Aspotify%20premiium%20F
US
xml
910 b
whitelisted
3976
Scraper.exe
GET
200
142.250.185.206:80
http://suggestqueries.google.com/complete/search?output=toolbar&hl=en&q=%0Aspotify%20premiium%20D
US
xml
924 b
whitelisted
3976
Scraper.exe
GET
200
142.250.185.206:80
http://suggestqueries.google.com/complete/search?output=toolbar&hl=en&q=%0Aspotify%20premiium%20C
US
xml
897 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2400
svchost.exe
239.255.255.250:1900
whitelisted
3976
Scraper.exe
142.250.185.206:80
suggestqueries.google.com
GOOGLE
US
whitelisted
1076
svchost.exe
224.0.0.252:5355
unknown
3216
chrome.exe
142.250.185.193:443
clients2.googleusercontent.com
GOOGLE
US
whitelisted
3624
chrome.exe
239.255.255.250:1900
whitelisted
3216
chrome.exe
172.217.16.206:443
clients2.google.com
GOOGLE
US
whitelisted
3216
chrome.exe
142.250.181.227:443
www.gstatic.com
GOOGLE
US
whitelisted
3216
chrome.exe
142.250.186.35:443
clientservices.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
suggestqueries.google.com
  • 142.250.185.206
whitelisted
clients2.google.com
  • 172.217.16.206
whitelisted
accounts.google.com
  • 142.250.185.141
shared
www.google.com
  • 142.250.184.228
malicious
clientservices.googleapis.com
  • 142.250.186.35
whitelisted
clients2.googleusercontent.com
  • 142.250.185.193
whitelisted
fonts.googleapis.com
  • 142.250.186.74
whitelisted
www.gstatic.com
  • 142.250.181.227
whitelisted
fonts.gstatic.com
  • 142.250.185.195
whitelisted
apis.google.com
  • 172.217.18.14
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Keyword Scraper - by xRisky.rar