Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Sept. 4, 2024, 10:05 a.m. | Sept. 4, 2024, 10:12 a.m. |
-
66d5e39de168d_cry.exe#kiscrypto "C:\Users\test22\AppData\Local\Temp\66d5e39de168d_cry.exe#kiscrypto"
2552-
RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2640
-
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
147.45.47.137 | Active | Moloch |
Suricata Alerts
Suricata TLS
No Suricata TLS
pdb_path | c:\rje\tg\6rjuz\obj\Re\ease\gqa.pdb |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayVersion |
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://147.45.47.137/ | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://147.45.47.137/6ecdc9436941ebbd.php | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://147.45.47.137/04912fc0ffa81c54/sqlite3.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://147.45.47.137/04912fc0ffa81c54/freebl3.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://147.45.47.137/04912fc0ffa81c54/mozglue.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://147.45.47.137/04912fc0ffa81c54/msvcp140.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://147.45.47.137/04912fc0ffa81c54/nss3.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://147.45.47.137/04912fc0ffa81c54/softokn3.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://147.45.47.137/04912fc0ffa81c54/vcruntime140.dll |
request | GET http://147.45.47.137/ |
request | POST http://147.45.47.137/6ecdc9436941ebbd.php |
request | GET http://147.45.47.137/04912fc0ffa81c54/sqlite3.dll |
request | GET http://147.45.47.137/04912fc0ffa81c54/freebl3.dll |
request | GET http://147.45.47.137/04912fc0ffa81c54/mozglue.dll |
request | GET http://147.45.47.137/04912fc0ffa81c54/msvcp140.dll |
request | GET http://147.45.47.137/04912fc0ffa81c54/nss3.dll |
request | GET http://147.45.47.137/04912fc0ffa81c54/softokn3.dll |
request | GET http://147.45.47.137/04912fc0ffa81c54/vcruntime140.dll |
request | POST http://147.45.47.137/6ecdc9436941ebbd.php |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Local Extension Settings\fldfpgipfncgndfolcbkdeeknbbbnhcc\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\te\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\Local Extension Settings\lpilbniiabackdjcionkobglmddfbcjo\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma~RF3a15fe.TMP\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\fil\messages.json\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\Local Extension Settings\jhfjfclepacoldmjmkmdlmganfaalklb\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\am\messages.json\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\fr\messages.json\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma\Local Extension Settings\fooolghllnmhmmndgjiamiiodkpenpbb\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\uk\messages.json\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\_locales\fr\messages.json\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Local Extension Settings\djclckkglechooblngghdinmeemkbgci\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma~RF3a15fe.TMP\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma\Local Extension Settings\pnlccmojcmeohlpggmfnbbiapkmbliob\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\_locales\nb\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\zh_CN\messages.json\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma~RF3a15fe.TMP\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Current Tabs\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\topbar_floating_button_close.png\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma~RF3a15fe.TMP\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Local Extension Settings\gjagmgiddbbciopjhllkdnddhcglnemk\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\es_419\messages.json\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal\Local Extension Settings\oeljdldpnmdbchonielidgobddffflal\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\lo\messages.json\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\03019df3fd85a69a8ebd1facc6da9ba73e469774fe77f579fc5a08b8328c1d6b.sth\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\GPUCache\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\cs\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\ar\messages.json\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\fr_CA\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\52\manifest.json\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\ka\messages.json\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa\CURRENT |
file | C:\ProgramData\freebl3.dll |
file | C:\ProgramData\msvcp140.dll |
file | C:\ProgramData\nss3.dll |
file | C:\ProgramData\vcruntime140.dll |
file | C:\ProgramData\mozglue.dll |
file | C:\ProgramData\softokn3.dll |