hxxps://simplyturd[.]com/filelist[.]xml

Analysis

max time kernel
137s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
31/01/2023, 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://simplyturd.com/filelist.xml

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f04b06a08535d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e03b17a08535d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c18a35286efbab4ea3f95f420b0cc7e100000000020000000000106600000001000020000000c173e41ad5dabd779e119b03a9e422ca3957113d5b63327362141937199c43f7000000000e8000000002000020000000071ab2378b49c056114da86be3f774af5f6b17325d51125c6dbf93f0edfb32aa200000005ef787afc9871d76f377b53f938f992a8d5cc0d903f5d48bd5e6eb403beb209240000000ee4fda25058ea03d8b6f7cc2ed0992438658b9c00459c42866415805fbb10d4a32da6778d79afd0ae1df5ceacdba76b960424c3a972c56f946bd4ab56a2d0108	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "381942541"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C8514F8E-A178-11ED-A0EE-D64C4877EDD1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2656026895"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31012229"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2644150825"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31012229"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31012229"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2644150825"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c18a35286efbab4ea3f95f420b0cc7e10000000002000000000010660000000100002000000076a60dd307e380c899b3d67dab8bec6c8c7a71e139d6f7103497a2301f0de978000000000e800000000200002000000022d7d15bbb1c83b412989e59f2d9c1dcdf86a7084f873a4021580005cda68c6d2000000009e67bebbe7e8e4bf555298b1b89f49f315db73d0293bb8bd159ab433d11d44e400000003dabe4d0f78ca74442e0a017bca544fbd86baa462e468207d7ac6eb6c0f22f710b62fc0023c9be1ed52980189900712fa10d7170fd5506eea4232d8f41e6d006	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2228	chrome.exe
2228	chrome.exe
5116	chrome.exe
5116	chrome.exe
5828	chrome.exe
5828	chrome.exe
5976	chrome.exe
5976	chrome.exe
5280	chrome.exe
5280	chrome.exe
5328	chrome.exe
5328	chrome.exe
5696	chrome.exe
5696	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4832	iexplore.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4832	iexplore.exe
4832	iexplore.exe
2168	IEXPLORE.EXE
2168	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4832 wrote to memory of 2168	4832	iexplore.exe	81
PID 4832 wrote to memory of 2168	4832	iexplore.exe	81
PID 4832 wrote to memory of 2168	4832	iexplore.exe	81
PID 5116 wrote to memory of 4084	5116	chrome.exe	94
PID 5116 wrote to memory of 4084	5116	chrome.exe	94
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 3272	5116	chrome.exe	97
PID 5116 wrote to memory of 2228	5116	chrome.exe	98
PID 5116 wrote to memory of 2228	5116	chrome.exe	98
PID 5116 wrote to memory of 5008	5116	chrome.exe	100
PID 5116 wrote to memory of 5008	5116	chrome.exe	100
PID 5116 wrote to memory of 5008	5116	chrome.exe	100
PID 5116 wrote to memory of 5008	5116	chrome.exe	100
PID 5116 wrote to memory of 5008	5116	chrome.exe	100
PID 5116 wrote to memory of 5008	5116	chrome.exe	100
PID 5116 wrote to memory of 5008	5116	chrome.exe	100
PID 5116 wrote to memory of 5008	5116	chrome.exe	100
PID 5116 wrote to memory of 5008	5116	chrome.exe	100
PID 5116 wrote to memory of 5008	5116	chrome.exe	100
PID 5116 wrote to memory of 5008	5116	chrome.exe	100
PID 5116 wrote to memory of 5008	5116	chrome.exe	100
PID 5116 wrote to memory of 5008	5116	chrome.exe	100
PID 5116 wrote to memory of 5008	5116	chrome.exe	100
PID 5116 wrote to memory of 5008	5116	chrome.exe	100
PID 5116 wrote to memory of 5008	5116	chrome.exe	100
PID 5116 wrote to memory of 5008	5116	chrome.exe	100

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://simplyturd.com/filelist.xml
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4832
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4832 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec3f4f50,0x7ffcec3f4f60,0x7ffcec3f4f70
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1612 /prefetch:2
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4444 /prefetch:8
  2⤵
  PID:5292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4448 /prefetch:8
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4660 /prefetch:8
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2988 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3360 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1600,5957106969441167659,7528501672630643773,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3112

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
2KB

MD5
c2ed2c633828a1bcf603a04772f6bc6f

SHA1
a2d3abb39d5551c5b594d30d0dcdd05fa5a50085

SHA256
7e8561e47f6e0af457bca0ff0ea2fa11f64942e80e2d20e5a9611a9915049808

SHA512
5ab5dc3bfbf196b4eeaa40ee06e94c452f271046c7e0b656cf944ab1cdc109130f40d18388adcc4b5eb15de08f996f8650f136f1fa53e2ae8efe1bb0715ea83a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
ec8ff3b1ded0246437b1472c69dd1811

SHA1
d813e874c2524e3a7da6c466c67854ad16800326

SHA256
e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

SHA512
e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
45bed99b77849633578e48717ab4ab9f

SHA1
1405b374642207700e7856d055063d440ba2c7be

SHA256
889a3dd063736dbb434687a5d1af1e3b2f43802e043f6a5c8f1d50bee3752c60

SHA512
35d1b8a16d17f708497d05a48a0878a9b6771cf8bd27ae651224bb7cb8a7465fc12c105e7ee884f48a45a8497e677cd1a1002d6d57871ae728ca68608e910882

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
ecc14948a799c449f8e4b01e27667754

SHA1
1193f7d656b05d8142c472ab37b74953452aef6f

SHA256
5e7691e16f5325daafb3ab17b276b74681b7f9d44cd6b7e473c6b769078d1841

SHA512
ad4d8ebe622f73f03e0453a155977ca6439e7f6ab15c136b0deabe2b723c3207e6d3e6bbcbd547d1e193cec9f683a1bfd190160d90597d8959d05e4fb2b05960

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
415f2185a9c64b830e7558bce25207be

SHA1
5b9087daa5a7c1b42fa0d84b25de64ecc9ab335b

SHA256
9845be82fb85d04acc616713931ce35e21b76fb6bd0c76945417c9377200607b

SHA512
a6385a6c7a0c8eb7f4dc5dbaba72d34e921ece1bda233687a38520b10fdb1a1451339ff6a4e63e6ce3840dfeadaf01e2d95cc01554830f88811989a814ccfbac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_8644DFFBF90B065FEEE23C169019AFBE

Filesize
280B

MD5
363936321a9f08665a6afc9fdafbe442

SHA1
bf305cdf4315648572bcd015a12a8768570b23ca

SHA256
b273c986b58d473155841e29084a1cbd2693b45f51fe92a91345f7daeb4fb812

SHA512
b40fe5c0e39f9d47c246c98b51cc4e70e121adc9fd4568a752a713fff60ace69e6fbd92c8e3e6aa839ea76704447a1b4d4abb19bfb328ec655940068653d74f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
9bf10855213d2d2b26123cd2a04220b8

SHA1
231d2ed3b9098617f196e89cee3c2a82b38b5d40

SHA256
a508e5bc0086119681076c2b05889d6f70047f971342d65792776ab7b53ca1e9

SHA512
df78a9f4ed0296f9a16d17672758411306e1b3664e9c6aece1ec738da350e2ee703f5c4f30167c4d5b54de8d154a7a4dc7250420c024e26063c8521a333e3dfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
59c7d1c3e315494e116f2c507c82c767

SHA1
12a70b21e3d5d6f4aa8b9f06e115754d2ad47de6

SHA256
9164088264623e289af26a53f6aae4948e9190885685866c9c7675382406d50c

SHA512
a5dafd1fe7527b25a13de644ba43a79e1f2a50aed20f46c8b2b60af9926d08775480fb22f926f903231bf183da016b2dfebb0cc1195505e00b5ab7c84a0f9ac2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_7CF2B82B1528C2AB9D72E5870B6DE81A

Filesize
471B

MD5
f7c7bb7225c10524e8a4c4865da5a6f1

SHA1
a7d13d671a7896602b3978b3cf95b36e6717a0e0

SHA256
46603c49f6db6002e629cbe237183c257b80bba17e0841b76c103048a7f51909

SHA512
a022b1578aa624c831bab5579da608352a6a84c0d075bef1f7c706886584d6640f012d73229c332c3487fb6fdd4a197f12ebbe9c131d46f307b01cdf3df85cee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_450C63FC50977E21DE9DE54EB1509725

Filesize
471B

MD5
40bac282ee9730b7a7fde839fcf58736

SHA1
be00063ec5c760560f34663d0a6a9cad87cfebe4

SHA256
45b83537d8621d3c4a7c046a9b78f6745977c359db2868d720f19dbb0eb80d3d

SHA512
4c36bdee8e1ec6d491008f4ccda3d82db288036c7fa5537e9d275919790fc0d53807fb74a1f8c8c8b56fa4195099029bd56145c0358d321f354e88e8bfbd09b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
488B

MD5
51898f2ea8595260631ab9cb0a571c97

SHA1
4e1d6b6cd0b2fcaf6d172c162e12f01ee5f56e22

SHA256
95b7c96994afba3b3e857f5d00d5a0234bf05f15014e494354f5fab97b0917ef

SHA512
d8f08537e147a970bfc3bc614fe80db8c9e3f3405901950c39589dbfd4a396faf594ff6e0d119937746c176239320468362774283d7c8151a5c5f28cf4776808

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
ee979a0cf182317e602fd7288392f35d

SHA1
cbd297d13f1e3ab4e98452b9825b706eedf5a94a

SHA256
e5d8f7fb1f9f9250727d5807fd87e96100173f29853fe88bd91ef366771d8881

SHA512
220415c620e3a4613738f1f8e35ca74c14af56b8f8f23b63a147f198fbbebcae1bfaaf3e359654f1907f69cd560fd944a04fdbd4e8659fe5d1994073890a0b47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
7812af3d04ee77e7d53138e43509108f

SHA1
f42e2d865029e040f49dd3bb8a777125022ecbe2

SHA256
fd4786a10154fd611deed47f7f34e5ff7763d321a339ae61cc6e5f747e2a3284

SHA512
8ab3211e354de2fcbf66e9d382bbcb07112ba882780b87343590c9244abd68723f890918a2464c2107fa0e040553c2040dd07b7b2a067de6e6e194b3505f2781

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
42712cad15c6d8a74d1d0e0f3d6ec1d7

SHA1
8fb5ff01f73e3cd6798e3c7f7d8614ec2a92b756

SHA256
2698f594482fb3b99e2e8f0e274ad38c7a09727c903435ab53874a88530b8eea

SHA512
dc3e14b4617560662dd89136c7d49b00b04bd41fa919d1c1cba2cc2f004ebf9cb5354c9baa263a89d6df0b50e002ed7d0c5f2040c90dd893ca263ea1beeaa0bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
a15312d11bc05e799b50d18a777428f3

SHA1
1f5e8b737a521d14e3585f5f6873ffa42dac1793

SHA256
6fb05976c39718a3c0dd63b11d88580744699f2a233f950e47d8a571006eeb84

SHA512
662e4684cc1b0135aa17b093d5b5dd69c5a60042b6cae76f7dc3fd757c1b1dc6d229e570ef8202a4e7197a95296983b3a5dddba5f682966c1756e5c2fa15e7e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_8644DFFBF90B065FEEE23C169019AFBE

Filesize
426B

MD5
65b8ab76ed0438c5f03e33e5d4fcc963

SHA1
9680ec1216f4d7bc3b9b697c44eb66f5ade48763

SHA256
c3db04269a7d4d3cf42576c28af00afca61c9ae5baa7d18da541ba76268e7a80

SHA512
697180f81c64c19b0966501bdbd2118bc8c34ca927641a2680c60fa595ede0e5299cfbb0bea19c1e2d5b57b83285eba485870132e87f3dd7658fc38a3dea98e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
b65bc75034fde4c6a7b04dd8280f1379

SHA1
387bc6dc3b8fe6bb39392f7bf608a31971930f19

SHA256
a00e5fe87bc9d4917609c49389cfad4e58ec4f415f57475ad527230e5c9d3a7f

SHA512
d3213592d69775bd1d0305ccbd1bb03b7105d7184a437af1b527a87fc8efd5c9fdc00ec5d11d804266289720cfc83bb317ce02945f48d978c8b5ebb4615bbc39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
430B

MD5
3dae7a7a2f2416cb65784bb9707ae711

SHA1
12d93ac5499e0fe05f727f082df42b33ae4a2f6e

SHA256
32c70f236e4be397bb5faaae37c5516d022ebfa343d8c851abf2518d26db96f1

SHA512
bb6b9d79511f29d3016a6fa6997292d4e9b37718721c6684978dc356170afbf166ae64466866b4c2eba7cd4584749241d13f8094ec7b242512e2846084ff26c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
f21a3ec589e4fbeb1a06f39ec2a383c5

SHA1
bd5ca841a2f002078314ad6ae7746c6bc9fe5bf5

SHA256
2569d75adde87b41bc8a5896ed3bad9d11ef849d6be10baef893ff8726784008

SHA512
03d20ea23b7f042582a6ab7fb68c50da4a153566ff7653daee20e2a9d14f42ba958d5283c670804672c8615108f5b7c402cd92882a6e75df6d135cba57e2b0fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_7CF2B82B1528C2AB9D72E5870B6DE81A

Filesize
430B

MD5
0ff5a1f047ad60e698500cb59aa91656

SHA1
e5b3606760fbb6b368e19d590985e20ae01d8d84

SHA256
8a966c29f6bb06502472fef236b1eeeac98d8e39a627d89158bf3d8cfdb0cda4

SHA512
39b5365f5a378f05d69d61cacd9fbbc4954c7eb1d8d0685918bc09e553832827f6a6c86c5d1b703e3880d588b59f874df18d6b7d0a0111734b20e141a7b4c379

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_450C63FC50977E21DE9DE54EB1509725

Filesize
410B

MD5
c933c2846125c6ec2d7542f45c5b35d7

SHA1
10495a5fb6fe5d2d6320a9a36c28dc832cebd530

SHA256
7d8efe3b933a2ebdc2eb78eff73cbc05454857db7f513bf73f0c6f48d8aac74b

SHA512
c961941a85a7e8217e1521142155a480b5cfcd4ad6dad4af176d3bf23e908afd2faabcd75a874cd2ce739892799fcd482a81a1c24f55398902dd8d8455cc2d18

Download Submit