URL: | https://ly4ujziucz.slemmnp.tk/1.txt |
Full analysis: | https://app.any.run/tasks/033634f0-c87e-4306-8495-681342a2ac0e |
Verdict: | Malicious activity |
Analysis date: | May 20, 2022, 22:35:43 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 445E060BF0A549E76515C87B4C3AA59B |
SHA1: | 34CF76FBF714AFD9E84D29E064ED4D84A512EDE3 |
SHA256: | 011FE85A0C4FD44DB03F941DB85838CA48B06FD972D3F61ABCCA7B26576C5A1D |
SSDEEP: | 3:N8cRtfLWniu:2cbjWnh |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2944 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://ly4ujziucz.slemmnp.tk/1.txt" | C:\Program Files\Internet Explorer\iexplore.exe | — | Explorer.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1264 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2944 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1272 | "C:\Program Files\Google\Chrome\Application\chrome.exe" | C:\Program Files\Google\Chrome\Application\chrome.exe | Explorer.EXE | ||||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 Modules
| |||||||||||||||
2252 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6eb0d988,0x6eb0d998,0x6eb0d9a4 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 Modules
| |||||||||||||||
3320 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1032,12838671286459521698,5126343874368471945,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1052 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
| |||||||||||||||
3212 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1032,12838671286459521698,5126343874368471945,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1328 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | chrome.exe | ||||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 Modules
| |||||||||||||||
3140 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,12838671286459521698,5126343874368471945,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1940 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 86.0.4240.198 Modules
| |||||||||||||||
3776 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,12838671286459521698,5126343874368471945,131072 --enable-features=PasswordImport --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
| |||||||||||||||
1840 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,12838671286459521698,5126343874368471945,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2276 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
| |||||||||||||||
3500 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,12838671286459521698,5126343874368471945,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
1272 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-628817C9-4F8.pma | — | |
MD5:— | SHA256:— | |||
2944 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF1FF835E1FF2AF5AB.TMP | gmc | |
MD5:886F5393A2E198B9CA11831C07F95710 | SHA256:520F63A503A14C76C801BC2B85F721E6C7F9E1142FEC8AF5FD3D5EE8B15D17DF | |||
2944 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF8EBF876B4E5EE913.TMP | gmc | |
MD5:2367A58B74D1D9F92C422E759D976A69 | SHA256:C823031B69F85D3B7AB2FD7E21CD7523B35A272BAD9A28CBA65CB1DB0E1D38E3 | |||
2944 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFC039EA9596CDCF3B.TMP | gmc | |
MD5:CE2B8FDF1C042277E1AA452F283184E3 | SHA256:93F3D9F5A858AAD2ECABD478A07DC7EB3A4C46173492537750A13D39DABFDF33 | |||
2944 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{3095B06D-D88D-11EC-BF60-12A9866C77DE}.dat | binary | |
MD5:A8CB3F8D799AEA09FD85B83B1B49BB68 | SHA256:0BB964DB27DF0BB0D10B68334644526B45B5831DFB358701F02F73D218900974 | |||
2944 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{42C873D0-1D90-11EB-BA2C-12A9866C77DE}.dat | binary | |
MD5:F879D7CC98556EA324B4FAA65C7163DF | SHA256:26B0F9745E38C359E3C8D8A75107001624E7801E4849EB5EECD8CFB72A522F79 | |||
2944 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{3095B06F-D88D-11EC-BF60-12A9866C77DE}.dat | binary | |
MD5:BB2EE95F662AFB2E485C365B30086A84 | SHA256:4549F80BD807359CCB9664E9099C32AA4B1D2522C7D755DC7EE184F7986D5D70 | |||
2944 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{3095B070-D88D-11EC-BF60-12A9866C77DE}.dat | binary | |
MD5:F74434A727B8F4C6EEC063B6DA019414 | SHA256:B280C9C3F281D9A8D6E1F6DDBD91ED547BC321D6107AB8984538C4B41E176101 | |||
2252 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma | binary | |
MD5:03C4F648043A88675A920425D824E1B3 | SHA256:F91DBB7C64B4582F529C968C480D2DCE1C8727390482F31E4355A27BB3D9B450 | |||
3212 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\index | binary | |
MD5:FF2220C61A72C19B07CCB157F54587F4 | SHA256:57E58A52E480E281A32A5395D6C43F4BF64DFA5E1E12DE24FC68D0149F1D87AB |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3212 | chrome.exe | GET | 200 | 23.216.77.80:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d818397021ff8279 | US | compressed | 60.0 Kb | whitelisted |
3212 | chrome.exe | GET | 302 | 142.250.184.206:80 | http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx | US | html | 591 b | whitelisted |
3212 | chrome.exe | GET | 200 | 173.194.150.219:80 | http://r5---sn-5goeen7r.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mh=e_&mip=196.196.52.6&mm=28&mn=sn-5goeen7r&ms=nvh&mt=1653085939&mv=m&mvi=5&pl=24&rmhost=r6---sn-5goeen7r.gvt1.com&shardbypass=sd&smhost=r5---sn-5goeen7y.gvt1.com | US | crx | 242 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3212 | chrome.exe | 172.217.16.131:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
3212 | chrome.exe | 142.250.185.174:443 | clients2.google.com | Google Inc. | US | whitelisted |
3212 | chrome.exe | 142.250.186.173:443 | accounts.google.com | Google Inc. | US | suspicious |
3212 | chrome.exe | 142.250.185.110:443 | apis.google.com | Google Inc. | US | whitelisted |
3212 | chrome.exe | 142.250.185.196:443 | www.google.com | Google Inc. | US | whitelisted |
3212 | chrome.exe | 142.250.181.225:443 | clients2.googleusercontent.com | Google Inc. | US | whitelisted |
1264 | iexplore.exe | 172.67.186.19:443 | ly4ujziucz.slemmnp.tk | — | US | malicious |
3212 | chrome.exe | 142.250.185.163:443 | www.gstatic.com | Google Inc. | US | whitelisted |
3212 | chrome.exe | 172.217.16.138:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3212 | chrome.exe | 104.21.84.39:443 | ly4ujziucz.slemmnp.tk | Cloudflare Inc | US | unknown |
Domain | IP | Reputation |
---|---|---|
ly4ujziucz.slemmnp.tk |
| malicious |
clientservices.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
clients2.google.com |
| whitelisted |
www.google.com |
| whitelisted |
clients2.googleusercontent.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
apis.google.com |
| whitelisted |
a.nel.cloudflare.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query to a .tk domain - Likely Hostile |
— | — | Potentially Bad Traffic | ET DNS Query to a .tk domain - Likely Hostile |