Analysis Overview
SHA256
e7075f9a99683b8b4f07d99ecd4f760e5e9d3a49907ca15560759b4c0dc6f5fd
Threat Level: Known bad
The file Kaspersky_crack.exe was found to be: Known bad.
Malicious Activity Summary
Quasar payload
Quasar RAT
Quasar family
Executes dropped EXE
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Creates scheduled task(s)
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-25 15:05
Signatures
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-25 15:05
Reported
2024-05-25 15:08
Platform
win7-20240221-en
Max time kernel
37s
Max time network
155s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Kaspersky_crack.exe
"C:\Users\Admin\AppData\Local\Temp\Kaspersky_crack.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Kaspersky" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Kaspersky" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7feefa49758,0x7feefa49768,0x7feefa49778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1380,i,4492606498055474666,843030590835847543,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1380,i,4492606498055474666,843030590835847543,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1380,i,4492606498055474666,843030590835847543,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1380,i,4492606498055474666,843030590835847543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1380,i,4492606498055474666,843030590835847543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1388 --field-trial-handle=1380,i,4492606498055474666,843030590835847543,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3204 --field-trial-handle=1380,i,4492606498055474666,843030590835847543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3436 --field-trial-handle=1380,i,4492606498055474666,843030590835847543,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3548 --field-trial-handle=1380,i,4492606498055474666,843030590835847543,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 --field-trial-handle=1380,i,4492606498055474666,843030590835847543,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x140387688,0x140387698,0x1403876a8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3888 --field-trial-handle=1380,i,4492606498055474666,843030590835847543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3688 --field-trial-handle=1380,i,4492606498055474666,843030590835847543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=1380,i,4492606498055474666,843030590835847543,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2296 --field-trial-handle=1380,i,4492606498055474666,843030590835847543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4144 --field-trial-handle=1380,i,4492606498055474666,843030590835847543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4436 --field-trial-handle=1380,i,4492606498055474666,843030590835847543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4560 --field-trial-handle=1380,i,4492606498055474666,843030590835847543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4484 --field-trial-handle=1380,i,4492606498055474666,843030590835847543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4052 --field-trial-handle=1380,i,4492606498055474666,843030590835847543,131072 /prefetch:8
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
Network
| Country | Destination | Domain | Proto |
| N/A | 192.168.1.8:4782 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| N/A | 192.168.1.8:4782 | tcp | |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.200.35:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 104.27.206.92:443 | www.whatismyip.com | tcp |
| US | 104.27.206.92:443 | www.whatismyip.com | tcp |
| US | 104.27.206.92:443 | www.whatismyip.com | udp |
| US | 8.8.8.8:53 | apiv6.whatismyip.com | udp |
| US | 8.8.8.8:53 | api.whatismyip.com | udp |
| US | 8.8.8.8:53 | global.proper.io | udp |
| US | 34.111.161.200:443 | api.whatismyip.com | tcp |
| IE | 18.66.171.33:443 | global.proper.io | tcp |
| IE | 18.66.171.33:443 | global.proper.io | tcp |
| US | 8.8.8.8:53 | live.primis.tech | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 3.162.140.30:443 | live.primis.tech | tcp |
| US | 104.17.247.203:443 | unpkg.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 142.250.187.206:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| BE | 64.233.166.154:443 | stats.g.doubleclick.net | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 3.162.140.30:443 | live.primis.tech | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 3.162.142.187:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | video.primis.tech | udp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | tcp |
| IE | 18.66.171.110:443 | video.primis.tech | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | pixel.adsafeprotected.com | udp |
| US | 34.211.165.216:443 | pixel.adsafeprotected.com | tcp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | udp |
| US | 34.211.165.216:443 | pixel.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| FR | 185.86.139.116:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | rtb.primis.tech | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | abcheck.proper.io | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 3.162.142.187:443 | c.amazon-adsystem.com | tcp |
| US | 3.162.140.77:443 | abcheck.proper.io | tcp |
| US | 3.162.140.77:443 | abcheck.proper.io | tcp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| DE | 91.228.74.166:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | static.vidazoo.com | udp |
| US | 104.18.33.178:443 | static.vidazoo.com | tcp |
| US | 8.8.8.8:53 | bids.proper.io | udp |
| US | 44.240.55.57:443 | bids.proper.io | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.adsafeprotected.com | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| IE | 18.66.171.73:443 | static.adsafeprotected.com | tcp |
| IE | 18.66.171.123:443 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | dt.adsafeprotected.com | udp |
| US | 52.25.149.51:443 | dt.adsafeprotected.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | player.propervideo.io | udp |
| IE | 18.66.171.113:443 | player.propervideo.io | tcp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 104.18.33.178:443 | static.vidazoo.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| IE | 18.66.171.125:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | aps.zqtk.net | udp |
| FR | 172.234.63.226:443 | aps.zqtk.net | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| US | 3.162.140.101:443 | tags.crwdcntrl.net | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | wserver.vidazoo.com | udp |
| US | 207.148.31.85:443 | wserver.vidazoo.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| IE | 34.250.113.16:443 | bcp.crwdcntrl.net | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | bis1.vidazoo.com | udp |
| US | 45.76.8.207:443 | bis1.vidazoo.com | tcp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| BE | 2.21.18.175:443 | eus.rubiconproject.com | tcp |
| IE | 52.17.55.191:443 | id.crwdcntrl.net | tcp |
| GB | 2.21.188.239:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| NL | 142.250.179.131:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | fcc46f17060e4bfb53ff4447742b125e.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| GB | 172.217.169.65:443 | fcc46f17060e4bfb53ff4447742b125e.safeframe.googlesyndication.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 172.67.23.234:443 | a.ad.gt | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| GB | 172.217.169.65:443 | fcc46f17060e4bfb53ff4447742b125e.safeframe.googlesyndication.com | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| NL | 142.250.179.131:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 141.95.98.64:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 52.25.149.51:443 | dt.adsafeprotected.com | tcp |
| IE | 18.66.171.110:443 | video.primis.tech | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| FR | 185.86.139.116:443 | prg.smartadserver.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 52.25.149.51:443 | dt.adsafeprotected.com | tcp |
| N/A | 192.168.1.8:4782 | tcp | |
| FR | 185.86.139.116:443 | prg.smartadserver.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| FR | 185.86.139.116:443 | prg.smartadserver.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| IE | 18.66.171.110:443 | video.primis.tech | udp |
| US | 52.25.149.51:443 | dt.adsafeprotected.com | tcp |
| GB | 172.217.169.65:443 | fcc46f17060e4bfb53ff4447742b125e.safeframe.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 44.240.55.57:443 | bids.proper.io | tcp |
| N/A | 192.168.1.8:4782 | tcp | |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| FR | 185.86.139.116:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| N/A | 192.168.1.8:4782 | tcp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | e2c3.gcp.gvt2.com | udp |
| JP | 34.84.111.50:443 | e2c3.gcp.gvt2.com | tcp |
| JP | 34.84.111.50:443 | e2c3.gcp.gvt2.com | tcp |
| N/A | 192.168.1.8:4782 | tcp | |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 192.178.49.163:443 | beacons.gvt2.com | tcp |
| N/A | 192.168.1.8:4782 | tcp |
Files
memory/1652-0-0x000007FEF54C3000-0x000007FEF54C4000-memory.dmp
memory/1652-1-0x0000000000AE0000-0x0000000000E2C000-memory.dmp
memory/1652-2-0x000007FEF54C0000-0x000007FEF5EAC000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
| MD5 | 8fbbb4a62b7687217f6784b86e3ae0fb |
| SHA1 | c06e18e0fbece91d426196378e14f850c8eb8374 |
| SHA256 | e7075f9a99683b8b4f07d99ecd4f760e5e9d3a49907ca15560759b4c0dc6f5fd |
| SHA512 | 716580fc9594fe3a4f1f0014af0aee9513a7f502ce613187d99ae2b4614f5709cc5d702341eebd7de0006e3dc25e18c0b3f146d7c845d4681bc62190dc23c33c |
memory/1652-11-0x000007FEF54C0000-0x000007FEF5EAC000-memory.dmp
memory/2732-10-0x000007FEF54C0000-0x000007FEF5EAC000-memory.dmp
memory/2732-9-0x000007FEF54C0000-0x000007FEF5EAC000-memory.dmp
memory/2732-8-0x0000000000910000-0x0000000000C5C000-memory.dmp
\??\pipe\crashpad_2452_DTVEPKXGSDSNQBJR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
memory/2732-85-0x000007FEF54C0000-0x000007FEF5EAC000-memory.dmp
memory/2732-95-0x000007FEF54C0000-0x000007FEF5EAC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 489443e58b5313f06cc7ca1dcd726c3d |
| SHA1 | 56dcb46f9b8644553d71b50c4a2d79d3b8b51a6e |
| SHA256 | cfc17b20e424f1662c683cd205c8b6c8253fad04c23e21820478d2f94fd5fc04 |
| SHA512 | 212164b2f0fd9bef41b757597a40a4d215973160fd40106114d904318e69652e01024607ad814465a32f4006022285ae5452c9cfcb45013039ae21706cc73c99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e2c7cc60301967ed658b58dbede6d3d6 |
| SHA1 | b423ca378a522eb3cdeed171476d234de1e27419 |
| SHA256 | 17aa19fabf75012d8aa9e32aca8de2323bfd8d65d5ff67dd4054caa8a3e96f14 |
| SHA512 | 306690cf2c0af226582d25cbf334bf6386bcb9df1530f76a54980d2d35ce43e0a3e0e29a30e10aa4e68dad84d069a755c51c693c8a1fa348d7fa82ad8fd8dcd4 |
C:\Users\Admin\AppData\Local\Temp\Cab9F4D.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\TarA138.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11592bb1989f285ff5a967805429d9bb |
| SHA1 | a22c4e26c776b4a813e0efe50607dd273c8c8e4d |
| SHA256 | 4c6e57ccab0e10dcd5b7d360c92b0d8fd714236cc728e8d86722ea98eba51c29 |
| SHA512 | 6780e996031661cde9e468d138eeb7fba9da3dbc4d89287be5b6622fb2a0c4d0fcbedfcc62377d99c8a61d1292f89d1bcd0a759fdadcb0b2cd93649c4b53fc66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | e4b35dfad9ac24e671d23ba010b56f1a |
| SHA1 | 2dba5e6525d5f57f551b0ea7096cd49ee10dd6b7 |
| SHA256 | f2d98f57afc80cf435251703061586abed36d65d9d1fe1d42954878d6fae94b3 |
| SHA512 | 260f243c9a6287bb9c5c38c68867016683a21bf53cd99cc6adcd9a03fd289ffe5cbc3189fc59a0c9eab9bffd99750efd090f275547bd508a859b6d7e12801756 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6b29e39fcc53a1c2c04babd98ba8a36 |
| SHA1 | 4a75af8bea7fa0de51e0e828758c331ced11afa2 |
| SHA256 | 5609e432fed8d5638bb257986583708e441b00446676e1c7efabefbfc8ef2cea |
| SHA512 | 7a7d8ee70400f1716f1827ef995aa8b723e6ecb4c82276dd5dd9bfbbd21aa4c42f7f0de71abcb7296fb337144797c5f8a25f5004ba3b3a2ceb88a83f437facc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9309b7f885cb169dffa8879155728500 |
| SHA1 | 828b57786a96b29ad730034bc0d4a4a498aa5c1b |
| SHA256 | 667c378612983e7a5965b4b656006215b4826bdbeaec518d0d3439d131769ed2 |
| SHA512 | dd114c0cbf9a7ba710d9394cd7c7a64272f78eabf07db5dbd853b5fbe29a0468ea9a8373dbc0543153d89ca13d23a9f398b59e1c1e28751dd6c42bf82889d746 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22ccf26340b52d44faf36c93450376e1 |
| SHA1 | fc56d0f6a1d714849269bda20eb978cadca806de |
| SHA256 | c7792e4696639d0a186329f12d15a63ed5aef5f32c7a18029c2420a2ec2201c7 |
| SHA512 | 806f6ab5cac66335a4702414b5582bbfcbc44ce4a414ca6ebdf47afbce40a838b1edf3c6e37d71f7f69aaced09e7922436f08a4577cc981c3e13fba34feb7c9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09cd3ffed0416086fa9eabe0d4f8815b |
| SHA1 | 1b302d2bbc6a76b47e1e3891655d7207bff546fb |
| SHA256 | 5649c22f2e7c6477820825c9bf42507e1ed8157febd12659747ab315a7b0331c |
| SHA512 | ced06f6ec2d8dc6a99e60c38bc4242fc55ddb77aacfcf389e81796a0369fdcaf1e584e5f0f7e78e91a4e28290e7b4c90c23ddc13d8b4786ec3e056f7ac707241 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c99a5aabc972faef218ea077a6fd43f8 |
| SHA1 | 78317c09344afc17089bfd2741ee9b6550bc02f4 |
| SHA256 | 2c90613073924b6e6ff623dcba275298409ce1ebabd1386794f94d08d35a438d |
| SHA512 | 53dedbe07271c029af48af7b827e4100707a5ac2ed1e523430a9c586f9a802720e70582efbf09740908e014210005f5aff343901f5dbe596385a238c03c0b4ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba46a772dd0914d2549c09b8a262aa27 |
| SHA1 | 885f25e34ffa0db9ae4350d871223c0e4d989208 |
| SHA256 | 957694c7941f11c8348192e6c4dda506c6d3d3d0941de040566d9f603ac4eaa0 |
| SHA512 | 42d6571de9baed392df81b75ed52ae99490997b0a5f88916200466638a6d5122b1ba5fe46ed66ccdf53d1c9f1578696815783104d351c06625f0ec290518a409 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94566ce8ede3227aa63d90b30234f605 |
| SHA1 | 21ecb4fe328f251e393b84326211751768bb5388 |
| SHA256 | 4021c6219241cf3a737720e496dfd84699c7a90e6cd2bfc5e4c16cc1beda5d82 |
| SHA512 | 1088d308952f61544e21a3b83bdf9b790ffbdba9438864b29faf0086eb6595cea971e031c0e6a7abdb04358b702be873a8feb21868d01d521d1c529db449f80c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2c9a384c15bf3408417773b37c9a6cc |
| SHA1 | d13b840aa9f3460f47024a18710f915cd0f54c90 |
| SHA256 | 764a619a9915e4450f0aa5d81f6195c1b55a3ca0729eb3c5c3f54a708a4f4f34 |
| SHA512 | 7eaa114855ce547ffb55df7dc755a71217375429cb42d62507c91faed975b1f608f177328b2e937db5720c5a28ab35df0528ef1f14bf52785fc70669b95969c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3929a86e9e57d6c0a27f821ec00814a3 |
| SHA1 | d1a1a68affeba212f97d18426dcb5b23e8e1491e |
| SHA256 | 96fb5ee2337241afbadedcb90fea4cce8ebf0e0c0076bf202b8bafbe1221bfe1 |
| SHA512 | a2cfed32c13d904e1c70605f62d69b5f786c109daefc07597c2ed646277e41d256365e706ff9faf0ff0ccfb9b70063e97f63cf89e0ad78511d15bf8f36c46a86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba9b79c2d5d772ab819b9c9a25297e08 |
| SHA1 | 0068fa3492660a3ed46962b8ccd96c685ee6f341 |
| SHA256 | ab029eb22ea570646cf43d4757dff897ecab63d086eb83514165620f799cd029 |
| SHA512 | b0f9aa04533eab289889d1ae564d62b15bb807cd7ab619a6bd58476e16b5102a1b78abbc22ae26de518e430f348f905b18b6e460a378ebbbca0234c48ebd3463 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a65520ebf84ad5fe50b82f3769f5b47a |
| SHA1 | 696df9e14a6232d325bc61e71c154c4250fc690c |
| SHA256 | 3180b94f443441b7cc4ec27affa9f68ab69ef5e7e6b1f3ce28197857f4c1907e |
| SHA512 | 8e4376aa2d8954ee41581aebfdee792f5767706730e25897da695598a3940d83eb89d3deb7aebb9b0d0ee3a669afc2e78fe832860a382f2250f4c2858d17eea0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75c8d2bdeb719df684a8b978b7e7690e |
| SHA1 | 607aff94f50e3e15f9d5525519c9e767a79979e7 |
| SHA256 | 9323bdcc8887fa263d32915209874e0429104e6236892a18edad7ad00981c0dc |
| SHA512 | 07c6fa2ff1db46aa7e258933ba8075168406db04d61f27c01c4544549f7924ba5f211a7226cd12b39be20382d7030f1d8f221360e41dd7c8a9ac6941104a59e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | 5c978d3105c29e2bb9f5036b546e5ee4 |
| SHA1 | 08e9b657238136968498903dca77c6a6ec951f02 |
| SHA256 | d61d41ae28ef6f84b48cf2af605c7c3e3402f1f953b69399cbbb8cadb707a085 |
| SHA512 | e0c833c66be8c2acfe50cce6a4e99970b2980106d8394c3c4764c2c7278d8bce735326bdb5593b01c26165e7683dc8b6c93271ce1b4e3ed985e5468e924d8c97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4e1e5e8f46412038c649ef4cbcb7930 |
| SHA1 | 928e81d3792bd3168a4b33289028533d61c5c8e8 |
| SHA256 | 7d99f39899ad4f96a061e0a4277cf878c174c1c4e21d5c33936f7a6ebf123e81 |
| SHA512 | 80097445406a905c75016767ea0c980e2881419934cb668bd713c079585dd95516f86e2ace2f3dba696428921aaba798546329790297d6986987405b307e0982 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06d9dc0417ebfa427e01000ec760d4a8 |
| SHA1 | 2e793e47fe8f7da22d48643c535357d7f5d384b7 |
| SHA256 | 347e1b31f6d4c7cee719961bc4ff212cefb5588ef624e9adfca55f5976f878ff |
| SHA512 | 485a52b7c126623393f2848ffc2431044ae0d9ba225880a629c37c7c3042aa77185d59027127dd12c4c586008a40e051c282eab56f1753c8bb78c70819363e8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.whatismyip.com_0.indexeddb.leveldb\CURRENT~RFf76b201.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd832820b0b520b8a6accf5a716f15d2 |
| SHA1 | f17fbe0d322c298d194c8d273d5b99978816a89d |
| SHA256 | 1833d8fff4eb08e4246594a9ad09db3f880e51bbbb3cbb2288717932843d0dc7 |
| SHA512 | 455c76c43bccbb94449bb4c546459035dde89ac15b1b64aec66ea158c27025c78cb87290ea4c0ec2abd47afabd7e0cc63eb22f745b2ecb0cfb3095d18eb4a6b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83e0ac80246dac95cacba08d80d9095c |
| SHA1 | 319e7849c2a853eaf1a225ac9dfae66c8337e7d2 |
| SHA256 | a9fef67ce2e82614d459056056ff8a79726e35925737db59e4dd0d81048288e1 |
| SHA512 | 87726f6bbfec40bf228b188f5221a18950becb8ed1723900204557b3952846e8a07b82928c1603e3c69e99f96a1a058c5b6460de49c41f989c3d56b39065ad69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e95802c53b991e475eb7a4561692c321 |
| SHA1 | eba6a82a992b867ca61fc51aca5c15af02d79eda |
| SHA256 | 9fa0db56f8daa2f60e726c315aa67cdffce17696351083c4e3d86a9b721a9628 |
| SHA512 | f99226309f7b2e201f0e975427daace2ff00740d28651cfacb8a5a3b81e0007cbd1c68641e68a3f5bbf23b4ab12daa36310d5c22176e21a6423f817aeb1ea8ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd11b8c345260edb2437a57a1011ec8d |
| SHA1 | b45521eb12e440b1f67657c1d6845d753228105f |
| SHA256 | 2acc609f20aa6b28a74df4cf2683e5d8c6e91a10debb936517029ae196c84565 |
| SHA512 | c1f9c980f919112ef43e4870def330b75f7fe7042377b86f52d24127486cc858fa5e1a1b2ddfe30dfc8428dcb1b1348b6ff50a3626461d94e59dd42c8c8924f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6801c897721cae5fa65712905952426 |
| SHA1 | 594ab97ea9f07f746a77c0bf738b348bed46ec24 |
| SHA256 | 6e37041b298f6be68e45cdb045d5f7ef821fa21385e62026924ca0e7e2cda8cd |
| SHA512 | 0f8643cc3c3f23870f94cdefa8672308ece454f94028e57f493a61d8c6811c6b9969e604a06ac00005c7807e4638a469ca8c020e789bd5ab484ca0af6800878c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40c6ded83d7a250fafc1690f82beea10 |
| SHA1 | 4fb32beeb0123bc1769f08de04e647f26e43a3af |
| SHA256 | d14e1b4b8d51366b7b95ff4e6c95d7e0ac01764c8b11e41f387a479e024472dd |
| SHA512 | 2638c67ae2f91c5c97c8f9c3c682d378dbd9f773b47a24c0a9a17dce5ed1b61298709a2e72040fdb5e3f624db30e568e75ccbd944db5907a793da8a7fed21bde |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
| MD5 | d41d72406bf403e2a2d1ec60ef889531 |
| SHA1 | 3af9e732d1366595da6737bd0f943df4704ac4ac |
| SHA256 | 913bf99a86dde22866e137811794ce0a5737a1741583c2e06483c31a6b43629c |
| SHA512 | e1268f335a51062f1d59dd392e13730045cf0b4eac1eef48659f280330a0c280aa3d28064a94918acb3b1c6f6d53ee674f9ecb51eb0e78729672205c25f490ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5eac21e6e5d6dd37b8d800d93674e9de |
| SHA1 | e5a895017924404724ed9f284fce8133e4be0467 |
| SHA256 | e20c9c710a1b51a0ea41e3dd4c652397b1ecd7843cface45d8ebb0f570e26ed6 |
| SHA512 | 58159cc0d8e839054f3eaa8f42ed12a1737d4725cefe08c1941ff4d7f40e6dca76b784d1e98338846deb6d4ce863b34a268f0551f459d9948a84261a6af6bedd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dc4eb65bd128223dc7770d47504bb1b9 |
| SHA1 | 18e09a8f3152f28a9b5d4b2a9b02716559f3edca |
| SHA256 | 1fadda8eae913524099aacbf9695caaf40fd7b0dc3b3e1dd9bb09097bd98f216 |
| SHA512 | 250df86a1958e2bd00d503a040d83913e6b844b318ed205564e581c913a13e85657eef14cf63c3a97968a7987dcc08147d6347657246202dbee3ad17d91ce094 |
memory/624-1536-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/624-1535-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9918d01f6f72d9b003a92b8923dbfd0b |
| SHA1 | eb679ffb627269898d16e2da79cdd6f8832a783b |
| SHA256 | 0ca3c8214915416a798ba7a8ee4bf9bbad887f9f6554254a35a07da392980873 |
| SHA512 | ac913a40be0814343c7293b412f4ebaffddec7908b98e19658fd1d431972cd0849ce7cbfee9ce8045911aa534946f5feee3b0ed003fb9e2400b1c1ad837427c7 |
memory/624-1562-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/624-1561-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/624-1563-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/624-1564-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1afed1fa2ae8edfa1275c39fa01ac3dc |
| SHA1 | aaa3b50142f77579230a2cd9829e9e58f2c8624b |
| SHA256 | 4335dd3fbdeb67cf2c89df244dc76d0807c61be78a935fd2c68888e412bc8646 |
| SHA512 | b47422c41876e5e3023f6298dd1f4ae2b901def0e1347781974df94e148e3a248e22dc7cc3113c99fef308f94ec1cf4387660ec2c5e63e82bfba973d140174f6 |
memory/624-1599-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/624-1598-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c6725f38ff1867d9d385d1a9ca5dfd78 |
| SHA1 | 8ccc057e34c67bb7c1a0cec3469229e647358a05 |
| SHA256 | 0227f21697325dd94c02d58a1d79f926d3953c2214059fded27061de99bee454 |
| SHA512 | 68db5f8fe241c047387f3ac1d441f0c0c7aa205830c92ed89c9e2146bb63ff581e56c55c196113165ac3e4adbe5c331533b0b188fbdaa6be4fa05c26fbfe7887 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e98b9c71d3cafb8c9b5691f9dfca3c08 |
| SHA1 | cc73469e4eb4ac4cbe82c28290d43df06a2b560b |
| SHA256 | d7b0f633064d361aea8be0ce0eb6e830b5524e28fb5b84185f09df47b2c2fa0e |
| SHA512 | ff89720381a2ed0878108488efdf1fcefa81cfe0ce45e5cc81deda25bfd8491e3e0a66c44e0188b59f7054a4194305bde1d977dd8d2a96043c91d8bca1f768e5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-25 15:05
Reported
2024-05-25 15:08
Platform
win10v2004-20240426-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Kaspersky_crack.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 5004 wrote to memory of 2628 | N/A | C:\Users\Admin\AppData\Local\Temp\Kaspersky_crack.exe | C:\Windows\SYSTEM32\schtasks.exe |
| PID 5004 wrote to memory of 2628 | N/A | C:\Users\Admin\AppData\Local\Temp\Kaspersky_crack.exe | C:\Windows\SYSTEM32\schtasks.exe |
| PID 5004 wrote to memory of 4480 | N/A | C:\Users\Admin\AppData\Local\Temp\Kaspersky_crack.exe | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe |
| PID 5004 wrote to memory of 4480 | N/A | C:\Users\Admin\AppData\Local\Temp\Kaspersky_crack.exe | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe |
| PID 4480 wrote to memory of 4788 | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | C:\Windows\SYSTEM32\schtasks.exe |
| PID 4480 wrote to memory of 4788 | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | C:\Windows\SYSTEM32\schtasks.exe |
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Kaspersky_crack.exe
"C:\Users\Admin\AppData\Local\Temp\Kaspersky_crack.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Kaspersky" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Kaspersky" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 192.168.1.8:4782 | tcp | |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| N/A | 192.168.1.8:4782 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| N/A | 192.168.1.8:4782 | tcp | |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 192.168.1.8:4782 | tcp | |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| N/A | 192.168.1.8:4782 | tcp | |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| N/A | 192.168.1.8:4782 | tcp | |
| US | 8.8.8.8:53 | 94.65.42.20.in-addr.arpa | udp |
Files
memory/5004-0-0x00007FFD900B3000-0x00007FFD900B5000-memory.dmp
memory/5004-1-0x00000000002F0000-0x000000000063C000-memory.dmp
memory/5004-2-0x00007FFD900B0000-0x00007FFD90B71000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
| MD5 | 8fbbb4a62b7687217f6784b86e3ae0fb |
| SHA1 | c06e18e0fbece91d426196378e14f850c8eb8374 |
| SHA256 | e7075f9a99683b8b4f07d99ecd4f760e5e9d3a49907ca15560759b4c0dc6f5fd |
| SHA512 | 716580fc9594fe3a4f1f0014af0aee9513a7f502ce613187d99ae2b4614f5709cc5d702341eebd7de0006e3dc25e18c0b3f146d7c845d4681bc62190dc23c33c |
memory/5004-9-0x00007FFD900B0000-0x00007FFD90B71000-memory.dmp
memory/4480-10-0x00007FFD900B0000-0x00007FFD90B71000-memory.dmp
memory/4480-11-0x00007FFD900B0000-0x00007FFD90B71000-memory.dmp
memory/4480-12-0x0000000002A40000-0x0000000002A90000-memory.dmp
memory/4480-13-0x000000001BD80000-0x000000001BE32000-memory.dmp
memory/4480-14-0x00007FFD900B0000-0x00007FFD90B71000-memory.dmp