Analysis Overview
SHA256
d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b
Threat Level: Likely malicious
The file d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
ASPack v2.12-2.42
Checks computer location settings
Reads user/profile data of web browsers
Checks installed software on the system
Enumerates connected drives
Enumerates physical storage devices
Unsigned PE
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-09 08:14
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-09 08:14
Reported
2024-05-09 08:17
Platform
win7-20240508-en
Max time kernel
146s
Max time network
140s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe | N/A |
Reads user/profile data of web browsers
Checks installed software on the system
Enumerates connected drives
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0b6192ee9a1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000020170df43d3550690176079363fd6100f7bb8b6a6bc94a81832d67831bfe6c98000000000e8000000002000020000000abbac80b12fa8a997f558084ac44fd9a766f4052ef3fe4dc6e8865daff7e07fb9000000041692f6dbb88e4e8737a39e5b8c496c684a0f923764eb59d407f4fe21d01f8c84015319be78a7100036d946204b04c747732a9e8c40de8a93e4e101651e14d645a6f90dd1a93e84255a7101b7241c1e50a7efde662a2fe3ba092ca09346fcab0244cc4c00aaa12b4024f3ff290bb7f2e7aea0cff15faa2949827b4823b323f3a7d8ebb6312cc52ccface305b996425af40000000f6259d76852a1d6dfda1c61025bdea7900f93b7a27b537fc67f55c5da6d910e731de3b090a197ddae50023f60b00e6e3752fc655122387dfc9a0184e9d6adb4d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421404376" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000168abb639b34ffaa52bcaff5d829754e29c5a0bcf136163ede8d1a614be3d235000000000e8000000002000020000000c21b304ed4f2d175a0aa83780b23199da7af38dc8937afcdb720f422ddb7734620000000d8fcab585118323efa00c31840a02558b30cfdc024b8fd83462151bc9cdffeb540000000101d2bb1f3e7137a1d1014513dc2ce1d34571009e29de443fd444330a81d70c6053b23bde09b15a31696c7cde3c5e9aab0a13a5d04fea3b8eb01239a6a6245a5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{40769471-0DDC-11EF-917C-6A2211F10352} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe
"C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe"
C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe
"C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe" Master
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | info.178stu.com | udp |
| HK | 103.133.93.52:80 | info.178stu.com | tcp |
| US | 8.8.8.8:53 | www.178stu.com | udp |
| HK | 103.133.93.52:80 | www.178stu.com | tcp |
| HK | 103.133.93.52:80 | www.178stu.com | tcp |
| HK | 103.133.93.52:80 | www.178stu.com | tcp |
| HK | 103.133.93.52:80 | www.178stu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/1384-0-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/1384-3-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/1384-2-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/1384-1-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/1384-4-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/1384-5-0x0000000000220000-0x0000000000221000-memory.dmp
memory/1384-6-0x00000000038B0000-0x0000000003B56000-memory.dmp
memory/1992-8-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/1992-11-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/1384-13-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/1992-14-0x0000000000220000-0x0000000000221000-memory.dmp
memory/1992-10-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/1992-9-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/1992-7-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/1992-17-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/1992-20-0x0000000000400000-0x00000000006A6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabFEB.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar103C.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23e0abe2f2b3696a83c52b3afc010694 |
| SHA1 | 0b146378018e24bb4dc2eb24ec626fbfad2ff778 |
| SHA256 | 3fe11140f72ef3a34963b9a156d226afd1f340742d140a1e270bc59abb9aec97 |
| SHA512 | fb961eb16d29841a8f5bdf26b9a3e14ff41681fd25fe509c367c46048e2e8cd08134cbb2f8c05cd70d5a4cd8328f7a16f3a0a11d8c254389d1b9cbbf095934b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4dcfcf572a000c26e7ccbba2e5c53c5b |
| SHA1 | 0bb0f0b8b4beea86b99da3785199a4efbfb8ff82 |
| SHA256 | 336344ae86c3dfd38b11b5e1b7ee480d4c0fbf1c4b8dc80a4067ac4728022c3d |
| SHA512 | 7a7f0967208d2b5c90b57023992c1cafaf6f59977b1a77ee933f39c723ef4f4ac60b6985111482bb2264455c826b396e4ab91cb83be17a8b7a0452057888fa77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e94449f129845e8d1bc670f852c6972b |
| SHA1 | 54ba904ddcce9a8170f9f5761a604d126fc3410d |
| SHA256 | 0f3cc171c9b4a160f4297c3d332108b864a83df585a4cd1b4cb13cd9f616cbec |
| SHA512 | 639b985f85c18b26550f8ba811c8acd71cb97b8bad9b0ca591401bf2cc00ee93b5a49b71c1c74da7e14b05fc30c0170274dd5dc78088ed864036163b4c1c2398 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0eea4d11ecbdf3aba4b57ba251524d41 |
| SHA1 | be34c569078855326d372fdcefd333fc3361d3d6 |
| SHA256 | 5956101f2a0cb02f44b95809cfba09ab7002f0d0ae9dd1741c99c7a9e35c0d9f |
| SHA512 | 267887b985be31e177648451ac9c81c640ac50f067af7db30979c1d67957ad09633f183d4cde51151319cb127a8b8a564b7e839a19e76647fccd57070c3c837f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1eac590336780e81ac055e852997d00 |
| SHA1 | 5e9835a5640f261dc661f9e0ea6a3b188d2d2c5a |
| SHA256 | 1983cb8c665bcf408008690f9409df4d900376628692629583b127ac7aaec0ca |
| SHA512 | e36877b5777757329e7afed0f107947c89fee594468d46f301463c1bd92221a8b51f2a1eab3d9d224f29ceacbdd94b2f3ba8a90596f9a93bc6d0792c9ca28478 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0f9bf370a071e828d999b00bc246dc5 |
| SHA1 | 141de8215cc2ecf37279620cb8ae431307eb9edc |
| SHA256 | 9c99191faf074c17dcc9e17f3409e28a90617f9504d137df2ca51a90054d4639 |
| SHA512 | b7b9c6525e0d36b64570dbaaa28f2632fef1d6630bc5d77abb4ac5e270ba89c0b4ea5b30f274affa414c8afae1368801c26ff6a312a81af24794a3cd90309665 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16a967b60740253725115fbd949ac979 |
| SHA1 | 5d602cbfdb360966c162039d90f34f5612953aab |
| SHA256 | 37c0df20e0fe4c6937f6fcd3d9d9e138d0675783116d9f9a046ea3717e5c057f |
| SHA512 | a25e04ec3a0808ff9838b61904b4fb819d8780578604ced78e5880d77326b13b69bc82c4cb37375d43aa7d5426f6b4926891107384e6f78fb1f32e84d21e2a0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87fabcc79d0aed9775d1a9e21cc65824 |
| SHA1 | 5b25fdcefdcaa3a12d53413fc7ed47c107a2ee6c |
| SHA256 | 399bbfcb0f75c98d419e03a862f63ae9b99d067bc6da44ca27a0c7dec66f103f |
| SHA512 | 4338418d3d6e4f31c760c9a23dba2f94e3d164f7106e1e5f4293b75c920392888eac03aca57ac5defdb54b3ac1ef5b28d00196e748448c4668aca520eca01173 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa0815ca06c8cb76abf898593544b426 |
| SHA1 | 8ce01d64c07e3b3e9f48d38f7ca2e290ac9d805d |
| SHA256 | 8276cd5f8d35667aed1ed34106a5028fc7bd599182f538d88a5923ab3b9aa274 |
| SHA512 | 7d7aa748c40b69c1b41d8086ff94c58a99eb40e068099af0c1fc15fd3cfb7dd81738524a588888cfba3704d8f44fba8266c4fba793171fee64dc69ee15c6bcd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afd20c5941a9a911a2fd33867b020efc |
| SHA1 | 1d2613f01d99567ea09adece580fbb8770910c90 |
| SHA256 | faffe484181d723b99ed996885770ac3cb5402dbe9c4168306813605fe3ed2a4 |
| SHA512 | 586014591250b652d77b5bba8aadade6fac52c1518b6acf5861140b1da68b0044174be9b1360936c6b39634a9c23f4614910622e350c5bed5789db3ee9efd87f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e33d4f95c37a4e268d4aedd453521f3f |
| SHA1 | cee242c171d7bb80ccdf856ac9e8103e9a8e61a1 |
| SHA256 | 9bb907295dc3eb01730b881b226a3f5da488399c4e6f8c42a9c7061fad516f42 |
| SHA512 | 3e4d18f58ba67b7c74c2d306dbe1513877413bb09c2a3906b284a1b5471842741ab0add89eb2886c791f696fb0ddf8bae5903db9cc91e0bc7b1c9ea357a53939 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 062694f81927f40995436fc8e51b2433 |
| SHA1 | 3b39957f57d9433352dc53bec0c40fca2c24982f |
| SHA256 | a0f1ec1b2307396b0c99060ac823c89dd17ac0578d61ccdec17ce2ad069bbd02 |
| SHA512 | 92160d96d49bf3edc68e8d36b781819dfc30e4f79b49f38baff49bde3f3e39349e4fb94d0a501902be71a3949314df2d7a5340c2afba691f3024bcbe94076379 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5bfe822bbc1b964b7b316514ecea1fb7 |
| SHA1 | 2e072b62d9dab425e7368767e4e61860be1d7ac9 |
| SHA256 | 463eee7c0a658768e8923d61fd06f45ee1776370275f78af5b8a18889be7268d |
| SHA512 | 6ba6572c8be8b207c922c16863c391c2071a1b5c094b6ff8868aad6e999d108d4687083c62df5ba7469b932784e8679052dfcd37a9274b0573707f8e95e4f6b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5014d138ae3dc726abdb3ae520c08fba |
| SHA1 | 921ad0bbc74fc152159c5f3a56ffd3fd6d0964e3 |
| SHA256 | 6e98c492e17823e59311cc822f060c5db7c90f1226030bf7375252c1f78644a8 |
| SHA512 | 6c8f82f061c82f58f71dfe3ab7061ebfbc9971a2bb8348ff83028771f6843e5be73b2d757ab67adbb0b9d7b4cd7cf8306658a273b00e7e7e64e5931db7e9dd42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02a10899bf5faffff6a845ccc5d4194a |
| SHA1 | 227d74b8b1ae4e8d043722b4af311e6e68a98e99 |
| SHA256 | d47aa2793acb266c7c97c8e07c68a7f65c92494520df88d91e43002e02211e57 |
| SHA512 | fc55f03d6276a8c86ca7e5ff732a7f75a7b24bb5a91da8c393bd4636715958ce5c3bee4f80a13b2fbf0419299cb16e20b92212834f06293fd0dde39851467327 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55f14d61b4def1b39188a12a960c8f5b |
| SHA1 | f1ef39ae47a0b4044c49d12a98bc82d5bcdf13df |
| SHA256 | 8c41d93c078d29006919e08b1f968a582b7e661f8c79d919812cb3942aa2e8a4 |
| SHA512 | 4bde6b5537c4737d2d3255ba3725694be03b9fd8ebe0cc1c3372556b67ea8365dd8c9f86a19a51f6b142816ef6b032d27f124a080748a3d92c9eae2ed69f434e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b578e85b423ae20ca2b7fc2e466e0872 |
| SHA1 | d6bd9d960d314c2facc19c23c16c731cd28c7b56 |
| SHA256 | ead6e109526b58f2a37d71cfa54c56485ecb4e2f3ca9cb0444d8eea5324bd50f |
| SHA512 | 36f659e64b94270a28c4edb1f148312c856cff0bd14e09a4b998a886a2f1820f1ae7c031f8ddb22175040e4e62ffbc13edfdfb9eaa03511649f4a32725689c65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a01957b6d32bc35878e51ed8e3551235 |
| SHA1 | 2c2d55b1cb132ea178f8542ac39779bb2dad0de8 |
| SHA256 | cb91f3e3513ede05686e077acae3a172a37a8985675a5d0c2b2d3496e7d72033 |
| SHA512 | c66eb1cc0e1a3251157493032095ecd747299cb0738396728490ea048aa4ebef3675ec76446c86946e203be8c613cf79043c2b9380fa9ecf7b8e2c25a9fb1240 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ea1061ea077720a92c73fb1566a408a |
| SHA1 | 18b4cdfdfd742c2d0be2e6cd6a23c4bb1b402320 |
| SHA256 | 6c8220a9465bf3acfdcba1f9b7c0dea2d9795e8e0b492e5c878b07148461b08d |
| SHA512 | c737dddde4b8d809a82253cef99e34bfeaa5fcffedd8b5d352b28845062bcabc123aedbe87e9afd5cc76f38d4af3dec056dc2ca996ed84581f0c540c743d1182 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-09 08:14
Reported
2024-05-09 08:17
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe | N/A |
Reads user/profile data of web browsers
Checks installed software on the system
Enumerates connected drives
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe
"C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe"
C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe
"C:\Users\Admin\AppData\Local\Temp\d241cf63e8186238485eaa809615712e251f987ba61ec36cc832f7dffeb0014b.exe" Master
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.178stu.com/my.htm
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xd8,0x110,0x7ff956ee46f8,0x7ff956ee4708,0x7ff956ee4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,7487941546958044838,14248816049585558777,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,7487941546958044838,14248816049585558777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,7487941546958044838,14248816049585558777,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7487941546958044838,14248816049585558777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7487941546958044838,14248816049585558777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7487941546958044838,14248816049585558777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7487941546958044838,14248816049585558777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7487941546958044838,14248816049585558777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7487941546958044838,14248816049585558777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7487941546958044838,14248816049585558777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7487941546958044838,14248816049585558777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7487941546958044838,14248816049585558777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7487941546958044838,14248816049585558777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7487941546958044838,14248816049585558777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7487941546958044838,14248816049585558777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,7487941546958044838,14248816049585558777,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3784 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | info.178stu.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| HK | 103.133.93.52:80 | info.178stu.com | tcp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.178stu.com | udp |
| HK | 103.133.93.52:80 | www.178stu.com | tcp |
| US | 8.8.8.8:53 | www.178stu.com | udp |
| US | 8.8.8.8:53 | nav.smartscreen.msiserver.lan | udp |
| HK | 103.133.93.52:80 | www.178stu.com | tcp |
| HK | 103.133.93.52:80 | www.178stu.com | tcp |
| HK | 103.133.93.52:80 | www.178stu.com | tcp |
| US | 8.8.8.8:53 | 80.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | arc.srv.lan | udp |
| US | 8.8.8.8:53 | edge.msiserver.lan | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ntp.srv.lan | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav.smartscreen.msiserver.lan | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| HK | 103.133.93.52:80 | www.178stu.com | tcp |
| HK | 103.133.93.52:80 | www.178stu.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.msiserver.lan | udp |
| HK | 103.133.93.52:80 | www.178stu.com | tcp |
| US | 8.8.8.8:53 | 202.142.123.92.in-addr.arpa | udp |
| HK | 103.133.93.52:80 | www.178stu.com | tcp |
| HK | 103.133.93.52:80 | www.178stu.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.msiserver.lan | udp |
| HK | 103.133.93.52:80 | www.178stu.com | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge.msiserver.lan | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge.msiserver.lan | udp |
| HK | 103.133.93.52:80 | www.178stu.com | tcp |
| HK | 103.133.93.52:80 | www.178stu.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.msiserver.lan | udp |
| HK | 103.133.93.52:80 | www.178stu.com | tcp |
Files
memory/2216-1-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/2216-2-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/2216-3-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/2216-4-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/2216-0-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/2216-5-0x0000000000880000-0x0000000000881000-memory.dmp
memory/4984-6-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/4984-8-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/4984-9-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/2216-11-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/4984-12-0x0000000002340000-0x0000000002341000-memory.dmp
memory/4984-7-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/4984-10-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/4984-15-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/4984-16-0x0000000000400000-0x00000000006A6000-memory.dmp
memory/4984-20-0x0000000000400000-0x00000000006A6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4860_LYJXGTVWDJNYRWVD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 68b5f41b8eac0435d287a3360e995466 |
| SHA1 | 6bc7a2301023e4e3cc49279e40e974dd5a159d9f |
| SHA256 | 548f094d406320f47933887fc173fd6a35feb2b5f7eb7e93c0b3bbdb287623b8 |
| SHA512 | e8dc2423ea6968db153e20b1edc132dd9d46c1b7b8f4d8a31d3623bc458a95ce06774ff2977842826f9b11ef0e154d8ee8f41c409089cd5050615447d917e131 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dc7bc37e6252d641f543dc26b4bdb9bf |
| SHA1 | 3f87c69746d3e92d24e77732a4dd24844e253e7b |
| SHA256 | 2bffe2749e0e6fbb176e0888e96e18833533e4051fda23525491ec9d87d45cf2 |
| SHA512 | 925a9cb706463a4b4655ef7f7058611b3badeee60c62ebaceb84b579e0e9a4f6d4d4371a3bf99e91d8d5ba7d45204bf50856de9c703a8e9f147e27d2264eff54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 88ba7a301de3fb2154ab4fc5df91e9cf |
| SHA1 | 8d62a2780336641af4fd1ac0289dcc55e5797032 |
| SHA256 | 592add9f708c8f2876677d017bfc2ddaaa98bd29001c203f3567c488898664a8 |
| SHA512 | bc9e1eddc3d6178a90b55f90331f748709a30241cb36b2284362d50f3aac7a68fcfb0a13a6945982a0496ee0ad8b7380634b0704e48bee86aa9d1f9827e5f072 |