Analysis Overview
Threat Level: Known bad
The file https://oxy.st/d/EPme was found to be: Known bad.
Malicious Activity Summary
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
Echelon
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
Looks up external IP address via web service
Enumerates system info in registry
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2021-10-30 17:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2021-10-30 17:10
Reported
2021-10-30 17:13
Platform
win10-en-20210920
Max time kernel
141s
Max time network
156s
Command Line
Signatures
Echelon
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\Akrien Premium.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\Akrien Premium.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://oxy.st/d/EPme
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffab174f50,0x7fffab174f60,0x7fffab174f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1956 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1544 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2292 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2852 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2844 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4380 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7312 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7456 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7372 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6724 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6672 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5668 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7436 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7392 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6688 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6488 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5308 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6632 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,6266607710932807876,12237180404709185367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
C:\Users\Admin\Desktop\Akrien Premium.exe
"C:\Users\Admin\Desktop\Akrien Premium.exe"
C:\Users\Admin\Desktop\Akrien Premium.exe
"C:\Users\Admin\Desktop\Akrien Premium.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | time.windows.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | oxy.st | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.142:443 | clients2.google.com | tcp |
| RU | 185.178.208.188:443 | oxy.st | tcp |
| RU | 185.178.208.188:443 | oxy.st | tcp |
| US | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| NL | 142.250.179.193:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| NL | 104.123.44.23:443 | contextual.media.net | tcp |
| US | 104.16.18.94:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | ads.themoneytizer.com | udp |
| US | 151.139.241.23:443 | ads.themoneytizer.com | tcp |
| US | 8.8.8.8:53 | cdn.adlook.me | udp |
| US | 8.8.8.8:53 | quantcast.mgr.consensu.org | udp |
| NL | 40.119.148.38:123 | time.windows.com | udp |
| LU | 92.38.145.145:443 | cdn.adlook.me | tcp |
| NL | 13.227.220.118:443 | quantcast.mgr.consensu.org | tcp |
| US | 8.8.8.8:53 | lg3.media.net | udp |
| US | 8.8.8.8:53 | g.themoneytizer.net | udp |
| US | 209.182.216.172:443 | g.themoneytizer.net | tcp |
| US | 8.8.8.8:53 | c.tmyzer.com | udp |
| US | 8.8.8.8:53 | ww1097.smartadserver.com | udp |
| FR | 185.86.137.113:443 | ww1097.smartadserver.com | tcp |
| FR | 54.38.64.100:443 | c.tmyzer.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | tag.leadplace.fr | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| FR | 145.239.192.166:443 | tag.leadplace.fr | tcp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| US | 104.22.25.87:443 | spl.zeotap.com | tcp |
| IE | 63.33.224.140:443 | p.cpx.to | tcp |
| US | 8.8.8.8:53 | d2zur9cc2gf1tx.cloudfront.net | udp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| NL | 178.250.2.146:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| NL | 13.227.211.222:443 | d2zur9cc2gf1tx.cloudfront.net | tcp |
| RU | 88.212.201.210:443 | counter.yadro.ru | tcp |
| US | 192.184.69.141:443 | secure.quantserve.com | tcp |
| NL | 80.67.93.51:443 | js-sec.indexww.com | tcp |
| US | 192.184.69.141:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | ced-ns.sascdn.com | udp |
| FR | 2.22.22.131:443 | ced-ns.sascdn.com | tcp |
| US | 8.8.8.8:53 | repository.certum.pl | udp |
| NL | 104.110.191.14:80 | repository.certum.pl | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 142.251.36.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 172.217.168.202:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | aa.agkn.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| NL | 185.33.223.178:443 | ib.adnxs.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| IE | 52.49.107.116:443 | dpm.demdex.net | tcp |
| GB | 18.169.90.17:443 | aa.agkn.com | tcp |
| NL | 142.250.179.130:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ads2.adlook.me | udp |
| RU | 176.122.21.131:443 | ads2.adlook.me | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 34.120.155.137:443 | api.rlcdn.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| NL | 142.250.179.138:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | apis.quantcast.mgr.consensu.org | udp |
| US | 54.144.110.34:443 | apis.quantcast.mgr.consensu.org | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| NL | 13.227.220.70:443 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | as-sec.casalemedia.com | udp |
| NL | 80.67.93.51:443 | as-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | adtrack.adleadevent.com | udp |
| IE | 54.228.202.78:443 | adtrack.adleadevent.com | tcp |
| US | 8.8.8.8:53 | mwzeom.zeotap.com | udp |
| NL | 142.250.179.130:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| IE | 52.30.185.188:443 | s.cpx.to | tcp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| NL | 178.250.2.146:443 | gum.criteo.com | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 8.8.8.8:53 | ssp.otm-r.com | udp |
| US | 104.26.7.39:443 | prebid.smilewanted.com | tcp |
| DE | 178.63.43.235:443 | ssp.otm-r.com | tcp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| US | 8.8.8.8:53 | ads.betweendigital.com | udp |
| NL | 188.42.191.196:443 | ads.betweendigital.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 147.75.61.140:443 | prebid.a-mo.net | tcp |
| US | 151.139.241.23:443 | ads.themoneytizer.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| IE | 54.246.156.93:443 | ice.360yield.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | tcp |
| DE | 54.36.109.166:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | translate.yandex.net | udp |
| RU | 213.180.204.194:443 | translate.yandex.net | tcp |
| RU | 213.180.204.194:443 | translate.yandex.net | tcp |
| RU | 213.180.204.194:443 | translate.yandex.net | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| NL | 185.33.220.242:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | pool.grid-data.bidswitch.net | udp |
| NL | 185.64.189.110:443 | image2.pubmatic.com | tcp |
| IE | 52.30.185.188:443 | s.cpx.to | tcp |
| NL | 213.19.162.80:443 | token.rubiconproject.com | tcp |
| IE | 52.30.185.188:443 | s.cpx.to | tcp |
| FR | 185.86.138.142:443 | sync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| CH | 185.29.132.245:443 | sync.mathtag.com | tcp |
| US | 35.211.144.1:443 | pool.grid-data.bidswitch.net | tcp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | cookie-matching.mediarithmics.com | udp |
| FR | 164.132.158.126:443 | cookie-matching.mediarithmics.com | tcp |
| FR | 54.38.64.100:443 | c.tmyzer.com | tcp |
| US | 8.8.8.8:53 | acdn.adnxs-simple.com | udp |
| US | 8.8.8.8:53 | cdn.adnxs.com | udp |
| US | 8.8.8.8:53 | ams1-ib.adnxs.com | udp |
| NL | 185.33.220.243:443 | ams1-ib.adnxs.com | tcp |
| US | 151.101.1.108:443 | acdn.adnxs-simple.com | tcp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| NL | 104.80.224.184:443 | cdn.adnxs.com | tcp |
| US | 52.6.110.71:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 151.101.1.108:443 | acdn.adnxs-simple.com | tcp |
| NL | 23.66.16.95:443 | tcp | |
| US | 107.178.246.49:443 | pixel.tapad.com | tcp |
| US | 52.42.52.156:443 | tcp | |
| DE | 3.126.38.41:443 | tcp | |
| RU | 193.232.148.156:443 | tcp | |
| NL | 216.52.2.48:443 | tcp | |
| DE | 31.172.81.158:443 | tcp | |
| DE | 31.172.81.158:443 | tcp | |
| DE | 151.236.71.19:443 | cache.betweendigital.com | tcp |
| BE | 35.210.53.219:443 | pool.admedo.com | tcp |
| DE | 188.34.165.163:443 | bidswitch-eu.splicky.com | tcp |
| NL | 216.52.2.48:443 | tcp | |
| DE | 3.126.38.41:443 | tcp | |
| RU | 89.108.120.76:443 | x01.aidata.io | tcp |
| DE | 31.172.81.172:443 | tcp | |
| NL | 104.98.130.104:443 | secure-assets.rubiconproject.com | tcp |
| NL | 104.126.125.209:443 | eus.rubiconproject.com | tcp |
| RU | 194.226.130.229:443 | www.tns-counter.ru | tcp |
| NL | 216.52.2.19:443 | ap.lijit.com | tcp |
| US | 104.22.54.206:443 | sync-eu.connectad.io | tcp |
| NL | 216.52.2.48:443 | tcp | |
| NL | 216.52.2.19:443 | ap.lijit.com | tcp |
| RU | 213.180.204.90:443 | tcp | |
| NL | 82.145.213.8:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 216.52.2.19:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:443 | dns.google | tcp |
| NL | 185.33.221.11:443 | ib.adnxs.com | tcp |
| DE | 37.252.172.250:443 | tcp | |
| FR | 54.38.64.100:443 | c.tmyzer.com | tcp |
| FR | 185.86.137.17:443 | ww1097.smartadserver.com | tcp |
| NL | 142.250.179.194:443 | tcp | |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | tcp |
| DE | 37.252.173.215:443 | tcp | |
| FR | 2.22.22.122:443 | csync.smartadserver.com | tcp |
| NL | 142.250.179.161:443 | tpc.googlesyndication.com | tcp |
| US | 142.251.36.38:443 | s0.2mdn.net | tcp |
| FR | 2.22.22.122:443 | csync.smartadserver.com | tcp |
| NL | 142.250.179.194:443 | udp | |
| DE | 37.252.172.250:443 | tcp | |
| NL | 104.80.224.240:443 | tcp | |
| NL | 104.80.224.240:443 | tcp | |
| NL | 142.250.179.161:443 | udp | |
| NL | 142.250.179.130:443 | cm.g.doubleclick.net | udp |
| DE | 141.95.3.9:443 | id5-sync.com | tcp |
| IE | 52.48.46.48:443 | ice.360yield.com | tcp |
| US | 54.84.123.214:443 | ads.avct.cloud | tcp |
| US | 18.210.100.189:443 | tcp | |
| NL | 178.250.2.151:443 | dis.eu.criteo.com | tcp |
| DK | 37.157.6.247:443 | tcp | |
| RU | 185.178.208.188:443 | oxy.st | tcp |
| RU | 185.178.208.188:443 | oxy.st | tcp |
| NL | 104.123.44.23:443 | lg3.media.net | tcp |
| RU | 88.212.201.216:443 | counter.yadro.ru | tcp |
| US | 104.21.26.203:443 | s1.oxy.st | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.174:443 | sb-ssl.google.com | tcp |
| NL | 216.58.208.110:443 | safebrowsing.google.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 142.251.36.35:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 52.20.78.240:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| RU | 141.8.197.42:80 | f0579826.xsph.ru | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 54.91.59.199:443 | api.ipify.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
Files
\??\pipe\crashpad_2712_UZXZOPTNYNMQLDCP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4392-116-0x0000024513B20000-0x0000024513B21000-memory.dmp
memory/4392-118-0x000002452E130000-0x000002452E1A1000-memory.dmp
memory/4392-119-0x0000024513D50000-0x0000024513D52000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies
| MD5 | 33119422a72a26e0628c7dc5dc6dfaa9 |
| SHA1 | 3975e2d50185a2abfb9180f15c7dc84a4b8d8cb3 |
| SHA256 | 3eb8ae71dbceb940954c12da4c6a2dedccdd1e9799c3fe12af370036c86b86ee |
| SHA512 | 1c03ed87a7221bb944b8276c74d79efa619394d25503bffcfd281c08c8b59f58c025c95e203dfceb879ef1b0121aab7d07728f47d08efabeb5451f6ab74ed4c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7e3dd91feae62b537d65b3969987f404 |
| SHA1 | 46e5c9fd2bc65b05fde3e375d14fcb4e8e968ff0 |
| SHA256 | a90b79abf897a9c3bdacfffe8910dd2b0f1daf3f7156de25af3ac84583a9e562 |
| SHA512 | e6fb37d45593b6e4a94347624f8aad3b3bf5f1a33a332929ca3f1ed01eb5f90bc2276bef4abc1082175c5640f6f0a566820be9b0820e81910af899418660a1ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | 9fcba7afcb6672ed0be5d775966739c8 |
| SHA1 | 5231a457b10ea3320f095a107970801a430130e5 |
| SHA256 | a76aae38a2c474814be2e022762769b4bb63ee5a97c019355a7d6df0f0310364 |
| SHA512 | b8a3326682745a3f5836d88d6f6eea45082d1ef1aca48946882a1b28adb0982a4b186b0e7330b225a975244a275b8c43fb4a2612f81979c22a1a0eb3777e16b2 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Akrien Premium.exe.log
| MD5 | 558febd82d226c394e00d73313f7f300 |
| SHA1 | 03bd1577bcfbb657d910df484f9a2d41353d6e89 |
| SHA256 | 88e7f0083ee6ae8debed8f2a9b7a5c33df34b3c025ea9e46d7700334f9f9dcd3 |
| SHA512 | 8778cacec666bfe73ae6c9f6fad1d55c038944e139f76ffa0a2d338b329d84e06f74977c1780dd439c0188b77cc15fe059e74eb02770247e592af269b398fd62 |
memory/2292-127-0x000001BD699E0000-0x000001BD699E2000-memory.dmp