Analysis Overview
SHA256
ab2cb970c5d0f041de312ba78707aa90264b0ef3399742202d16e83671cd51de
Threat Level: Known bad
The file 603cbf6c93b296fcafa13624daf1ede0N.exe was found to be: Known bad.
Malicious Activity Summary
Quasar RAT
Quasar payload
Suspicious use of SetThreadContext
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Runs regedit.exe
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-19 06:56
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-19 06:56
Reported
2024-08-19 06:58
Platform
win7-20240729-en
Max time kernel
93s
Max time network
74s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1112 set thread context of 1972 | N/A | C:\Users\Admin\AppData\Local\Temp\603cbf6c93b296fcafa13624daf1ede0N.exe | C:\Program Files (x86)\Windows Media Player\wmplayer.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000dacf4785a43f2c6492c806015b817930f339a6030bd4f4584d9787fbf18d2fa2000000000e8000000002000020000000004d5677b241c72c39d1b8e85bbd487f6415aaba205fd99030dff78155a0cea520000000799db09016a985311b3d05d3b3a4a55d64d9989e75a4d92a7e52a297f5fbb20140000000d7792ede66d3dc136767d5311580df15cf8d44abd1c72eb6ef4b46b6835ffd56e725cc32966c3b8ecf1e1a41e7efb825acde11028d8b8bfba45a7c1d65d3a548 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{20C942A1-5DF8-11EF-9DBD-525C7857EE89} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430212442" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000ad4a9a4e820a4f65d3d8e45e7e7093e6177195b9372d4f2823163acbecce1cdb000000000e80000000020000200000004a2bd83e17185264cdbace43e1b632baacc28dbe2b31ba10331082f1510775e490000000868d17492f89a8725087f111552e0aca1c77b833e28f3a455d97932686887cf85191aed7552364298a7cfabe031fcbf92fbb73673b0116cf34fcdad3cb0bedd23adf61096330de8998c67bc0d9cf2dee82b36a3f55a0049b3ea0e27da25947b3ea0011219d83137e9bdf7607ace78de661dcbc3e234906463cee2de5b579c36691b490508b9026fbf45fba72eeeff6c6400000002eb5f6beef205fab1af0c87207a6131649a6c91bc22f0ff32dfed0541e6bb1cdaf29fa2af1840057bb66379e2ed1b16f35c800aa6d1ad62055a089aea2feb26f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0a98bf604f2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Runs regedit.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\603cbf6c93b296fcafa13624daf1ede0N.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\603cbf6c93b296fcafa13624daf1ede0N.exe
"C:\Users\Admin\AppData\Local\Temp\603cbf6c93b296fcafa13624daf1ede0N.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\regedit.exe
"C:\Windows\regedit.exe"
C:\Windows\System32\calc.exe
"C:\Windows\System32\calc.exe"
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=wmplayer.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| GB | 95.100.246.21:443 | learn.microsoft.com | tcp |
| GB | 95.100.246.21:443 | learn.microsoft.com | tcp |
| GB | 95.100.246.21:443 | learn.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/1972-0-0x0000000000400000-0x0000000000724000-memory.dmp
memory/1972-4-0x0000000000400000-0x0000000000724000-memory.dmp
memory/1972-2-0x0000000000400000-0x0000000000724000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab7FE9.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar806D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db238ef836e9d63f2e152cc3352a8a8d |
| SHA1 | e881e5c0f18c27f4bd89c9f01df29fda5de1fa4b |
| SHA256 | 48df238429e0daed78ee3608af185cadadbed3679f11c2db60f6b8eacdf66014 |
| SHA512 | 84737e7f5e7ff4668621036d4373cd7f72537be58009c50d86a756ebc14ef269f2abed5551cb4573baf36aa68b6bfb163b44859b6327363ff4486183a07e4a10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d33984c7b53574436502456868e58e4 |
| SHA1 | e6ab20d522e77cf190892bc19b548e018c6e6deb |
| SHA256 | 1d2d9c3a35dea117dbc9ef199e16dccab79152e90b0f70f5068df7572fd71453 |
| SHA512 | f2c532b11536020677c5e16ebf31b2ce04fbc5c1cddb0e7560ee78818cae2e61732124ab555c7cbb3d277a1cb4d9ee472288ddefdbdf39f0909f5063341ad586 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 259aea7d7e34fe839554e2b9de93d29d |
| SHA1 | 4af35c4f2ec4dc5531ec71d8bad17e3c5c561663 |
| SHA256 | e6c23ecc9cc60062c800e0b1e28782abe53c77b69391556b9ccca093a8a7034f |
| SHA512 | f9fb09bbc19d7d3c0a55ff8a40345054f09befcef04ae6aeade40c952544a02d7d33f6aa3f88971919d97d8cef9292a18f090fa6bda56de493938240b0d1b7ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce407661c19958e21fa7ec128bcd1b80 |
| SHA1 | 52f30a383baeaf63585db5ceb99296ced4aa56cf |
| SHA256 | 448e358d6ee9a79cf091d13d5e561a403baee170539bc16a3ebc7c75521d7db5 |
| SHA512 | 449f2fbfd45417f71158eebedac49608218130d7c93724ed3d6dce85118eae62c6571dc1f74c40b2ee8898dbe2fd2d70af0c7b8db0fc16840a25701d83b122db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9217ab479581a55af66c94df5c01ed5 |
| SHA1 | 0c6b81ace0a9989626c31b86b3b189e744b57eae |
| SHA256 | 22c98456b05657998d4a092ab75db58575f79d4da24e3e7a779c1010ac2028b8 |
| SHA512 | 17d15d51d71f9615f882d4de458f4d323993eb30ea67bc71f0a19ac079e6c5ba9802bef46144c4b3318c6cf5a980cda1180a180cb16d98856e56e6def6653f0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4889d05ed5ab3fb6a9731c4312f8a901 |
| SHA1 | 0f2fcdd96e05d942f9a290e477cf9f436605da67 |
| SHA256 | 80fe82bb8911c615d990f8a129c86f111c41165f57b75e5b128cbdec9f43e1d3 |
| SHA512 | c8cfbdd7f3f2f7f1bdbd7953e2edd9d343aef35eac26451bdbf4dada666d7761b2dee842f2baa8899e83d8c19807a3b2ee4b3b7cb742d73b5328f423b075b9a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b8bdf70e9b9bb1c1ddbafee35b64cee |
| SHA1 | 094bf511f554e26e5b1b4ad206300e4e518e3e1a |
| SHA256 | e1df99f4f5b2f61ff433921bfba299feec43bd4b20890011a8e5164609d8043f |
| SHA512 | 1342339bcc289f1b2eeb273aa726e203a83a2044c8b8bdc426361409eeaad7f15291c063e7e4912045e261bc1461929f6f26535c51cf48e804dd3516711cab8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | ab3ffe64eb2921a972e61b5c70d5615c |
| SHA1 | 2f9e6b4ca2fc3d88a90b88b3f1800b28250ec149 |
| SHA256 | 425f887f2f973eb1d66b0ba4a4ef752888909070d1a7c0d8f966b69dde8c0cbf |
| SHA512 | eaea4429fb71450c7aa019e117077844e33d4d361ecea20d209a166b68830afdbb9e3ee2826e5635e388017011d196fc469693d216d2f3e15bfcccf790ffaf9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27b0bf55bb30bebab0363520df6e38cc |
| SHA1 | 66820cc135299024861c53c3f919b1e45003595c |
| SHA256 | 57d531838c80ac960c52d0e425913a99a952a13c6c87991ceca95c6f4f769b9a |
| SHA512 | 6218dcfc34c50365e6f183312d46b3c2d5f17b5643d21c2f3929290b6c02ba2a6c32d77352113ad2ea73effb3da8cce0ee3a99d5867ea8d2c7cb5cd65b90dcf0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22249dfc179024c179f77292af7b2b0f |
| SHA1 | e4b8582ac1e5f3fe1a4cd22626b72c446e05ebb6 |
| SHA256 | f25aa5e841da48d698922e1fa4c90efce7610068170edfb5a9f27b083eedba00 |
| SHA512 | 7ce55f5472e452805a108567274ef5859b44532f20b4db9cbceafe6ee3f4541dcd91613e90cc552efc0e711adc3b7037f2d95110194038389780685704aaa6d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50e52dc97b03bc359d581bcbd6ab21c8 |
| SHA1 | 18cb5187a9c73ce3ee83f111bb719efd4f7ba2e1 |
| SHA256 | 10e3bc34c8dafd8a84bb58b78c3cb103144ab34bcd7e9f38a977169097b56a08 |
| SHA512 | 1325512c45d365689facb4e2959917bd4064baff2da70145450a5bbc90331b377067226598c3ba7dd1d1a8f5b7117fc9cd8cbdd0f274e4c3517625b57e9b474c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e46d2aeab6118e0d591e3ad28a75b2e2 |
| SHA1 | c2863923862ac162b2990156ca9a45ccd99c595a |
| SHA256 | 35e33e3b361f53b4f1069768efe6f2c2c95471d2acb990c02ecd6dca9b678298 |
| SHA512 | 90c54f92c9dcae337a58cdfa5c47d7b3be64c17c77c63709c633c3a44f77e87f9fd41fb081cf2d88a04a0f64fbee4ce5e0babd13da0c3095ea523a884abe4bae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c747d89c4dc5d8669999a975acfa92b9 |
| SHA1 | d5344c5027f230baebfe7d618c512fb225d14e25 |
| SHA256 | 3bf9a56911c60869e91e2b9b2ca29af37c5c11c6830ca282658c570a4d257223 |
| SHA512 | c8f9f83af2d5fd6708d6a45bc22bfc2d1c0be7cab365b58667e2b6cefaf42f02dc6cac9a12ebd834eb0dde40c9909e88b8a393db60304e1c655e5eae7a5e21fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8d1b1e211275146e65d2156e631c814 |
| SHA1 | 7ea51dde1dfb0ee8d99516d5591618acf0e2b40c |
| SHA256 | 084aca7959a2510647821ec275a7f5c3611c6227215d8d9b374ac0e5a2310c4f |
| SHA512 | 23de008113f1a6c26ff55beaf60f19944da56cc73f7afde1ca9d2796c196a9e806df9484516e7fedc55a91e28394896e97c0af7e0914a7757a3ddd2d028c0f1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfcdb6f747a1774b95999447f2260a7a |
| SHA1 | 6f9a103020e82bc07d0d41d3f3d1dc0e955865eb |
| SHA256 | 7af1f334ef027ce9c5d804cf7918c1fc49c84ff2409177f065b6f1616fd785bf |
| SHA512 | 8ea52a8bd6642102a9007cda02f85fd405a6971ffbd90c91ac5e7f0ba0ee877ce4f6321effe7a14a2363e617455ca2ee8c1b956aa2e4d9d648b7499e0d04da5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc8560294759493ff32d516279dcc70e |
| SHA1 | a9cd55f70c78405c5b6aa6927ea8bb87ae58b4b1 |
| SHA256 | a60c1bccef85a42cd71e61c300d8e36095243c5db507f231f1ae26533c0b5455 |
| SHA512 | c09320f0b604c2c24c3aab51f9551654bff25e6f2214bd43639580605e390924b312ad7ef3876599056bda79a2a318a70fd3958b51fa12346b5f91b2f69562c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02c2420727a1db4b68c3aa0cbe151c6c |
| SHA1 | d7a0c2b91da526c2179077083c08e268d463ae4b |
| SHA256 | e7632022684d5e6e2a0332ed6b97a868b24756e7be85a52c0af91b405312f3a1 |
| SHA512 | 3f8c1077904d9a0a08d5f2a670e0baa2e8a42c5ecf63a5f6cd905d88b24ad470619674b77a5cefa8d27d536d330c56a699c2189676dd6f520ae518e6ab16c5da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 406bb1accbb63c28e2add9b0a5838019 |
| SHA1 | e7eb532c0673eb5dcafab9aaa9d5c78c9ce967f7 |
| SHA256 | 6eb3ee04ebc46a0342a9c22c543115f8fe43e7d19b6613c91da850992db01975 |
| SHA512 | a558e5e4cf6875cf88b48f76233b239901f99eae85202de4f9a7464eababfa3b81147be30482d98cfaf5b8de7696ef629399079c72818fadc9ff22c30a4131ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e94d86e3d529f9069095ef05b78e4211 |
| SHA1 | 5bb580515ebdd9b6308bd2bbcb85afc393244ad3 |
| SHA256 | 65227ba5b361548acd237df3559eb4687886d245eec7279a71fa7f0cef9a19f9 |
| SHA512 | 465606a21618eb842fcf1815bed0b7f83e6fda78d37efda5195514d0dbfaaa58e65ed6bcebe85316bf85cce348b89dcb3ddc257ad16185118dc2aef2c60a3511 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45536afb5ef8cfa9facc937c89e0cc6d |
| SHA1 | 087885ff043e096cdbe46965c69458f67e56097a |
| SHA256 | c28783172c62f2289238a50ac09f587c02ed3594c3ba2b71bf976fdfbd916a34 |
| SHA512 | ad337600d428910e0e2a4b7bc33fffc1cb39f922d7a061ce0b14081da2b5b79996d8f9e8d275571188bc7f74a3933d056fbb6aaf1d523e1ec2229fc3effba321 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa4cc72029c9143e4b12899ae39e0c98 |
| SHA1 | 29f0306a870ca7f28e7740dff76080db01b22571 |
| SHA256 | 8c20943cf487aa7384e6634096ece9d4e161eb3633bfecb34483e75d0f7bddc9 |
| SHA512 | 7f485c2652b9864c4bf7e27664c6a748920ccc5a9bc41324642505c98f559f29d7be60b8244828b18d119aa2df7f13fd1955ee931276a7011b139044d5007845 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c164b1757d93ca615a234efce8e8a703 |
| SHA1 | f12c864946e0b2938ea3dbefb1b301518ba6eff6 |
| SHA256 | 2dd8878bdb544846a8324c6bb9638b29db4b50b88abde1a7bb5ccb44ba393a4a |
| SHA512 | 990b2fd0fc1067fdd7014e15a9f26f043006984db23054efc80b6f9c01273ff5464323bc2d24f5a9eee4f3e4e590f0e9bf6bd00a32e44c05374da6e124725bc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8bbe1b70306faedf1ced9603cabe1c71 |
| SHA1 | 49b029f8219f2f78b658bc604bd1129f9b87aa83 |
| SHA256 | 60f4f2a51e4c9cb9b8a04ad628081977d0d824b54178c7c47d7e95ab2fe83b37 |
| SHA512 | 5a11135a38187ae6efa39aa3eb0c9aa035765add5f562a0818b344e8bc2508b80724b9fe4333bdd537125ab91a5141be2ecff590e3cdd0685fcc8cedd791858c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3b7c561e153fbf33b5ec7fbc37f2251 |
| SHA1 | 4ba1c37af43e316bfb3fa39256678c96da03da6b |
| SHA256 | 8550cf508c496b342caf53adab3c0c238eea2b9f4ad3364a6053ddbb0385d086 |
| SHA512 | ed1426a571cf6acfc31495ca206711a2c8ec4edcaa10e3a28cb572bf8bffe2efa3b7b814bb14e438b77e748d2889a9011d7c70a34172c86b53b3ba3c33454397 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28ed1dc08d466c91dfd1c6ff22fe1e03 |
| SHA1 | 598738394747e94b704e79f2a7c1d9f47d9bbb55 |
| SHA256 | ef50f1163be72271d09fe63bf196f25984a277c1a5807cf703482f42053d997d |
| SHA512 | aeea578989e99fb3888577fcff6c2939c2f1a0b83433e5c985d880b0596fdcb125f2b07cf35f604cb979f6e506d51b80735e50bf4ccf31e897e6cf9f4257a634 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 678eb442fb88e8cf107d85f103cf4b56 |
| SHA1 | ce5e0925fb8bd9c68122b29f6a66f9a22db0482c |
| SHA256 | 13e60c58826fbe67829f9aa65533e23d670b64b2d0731e86fb4f50b0582e464c |
| SHA512 | 7225509b4e33ff11f1808bec668996dba3cd097f7b030658a46439bf8d13ccdca753f546169a146e436aed5c951deb9bd3f81dcae155306012c41aab66f3634b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4baa4b3c3c16480f26545ead3e49554 |
| SHA1 | 40e7f2c7b6f3e33fff9ed66c521531a69ee8924c |
| SHA256 | c8ac32ec49468c60a1e5a06dabc72571d049a5c2347d506012513c5d1452b1cb |
| SHA512 | fcf25588142972b02ade9d98b12a5966df81dbd83a5cf1304a86eb4f38943c42eeb660017f8f85ee8775e6005931a22cb90ac040e8e84b1f33b93f1aa646c6ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c842e7a243888ef6ba346d6bcb2a0193 |
| SHA1 | 9da98bdc32563453e2e8ddd354e5bbead724bd97 |
| SHA256 | be8b3289811d0e8734e978ab825290daae9ff055e1aaf192730d555802fcca5d |
| SHA512 | b7348ab13500e607505a9fc82181876f639352f712d2926658c3c913fc35928ea0060f83c8ddcd477c615768707808f37528bbe5327051531fdb69aca646ff31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c64cb336bb947c7fe62dddb9c8e058ea |
| SHA1 | cda270c827418d086e37f45ef6cfade7c7b6ffc3 |
| SHA256 | c4c191acdd0c27f89225b925510f9a5b51dff3cd70e3cf44437932e5e1031e2a |
| SHA512 | 8d0e164f22b009527485f3cab76b141b8145177b8a9ecb1bc39c297abd88f1fcfd6d6b072df268cdc273cb7207f0e27e0a385e8c049d330eb49f0a00171b56fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22f360f686be0e8f6c2cc7975124cb1e |
| SHA1 | 2d83095f603a7a3e07fe379049b0b3f3e537314c |
| SHA256 | 4f4eeb39c81fea9f22f7e7571a00089c65989c5ee927bb5bec16479131aac0fc |
| SHA512 | 5056a80835cbb6df83bc38d6835a4bd68205a5699e5ef4c9b08115f9f01ba6e1b474d0d18421aeae9cefd7330655a4763702ea89306de9426964a1a8076a6d4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f19e9600401560b22ef5ba195db5b7eb |
| SHA1 | d3febd458266efb39ae763555e4c48dcb075658a |
| SHA256 | 0c7bfa0bd0fe18efed91a4ec4b56d287238f75015d01143904d431a68184dffe |
| SHA512 | 81a4b38eb365e578680de480573d6c3d8d83ecd84d5fdc335ada45d9e9a92c10e9082ab29bcbff94595a7d592ddd0b5e737fff7c3a10b3ebe5c09ce4ca21ce9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17782601051e19e41e4335210ce9c40c |
| SHA1 | 4010cf6b1f882a1f1d05facc99a6eda735a94bc5 |
| SHA256 | d407eb922c387302bf3ec013568048a8650abb70652c5d46ad09f304330a57b2 |
| SHA512 | d2c3e9358f91ff6de9bfb2cdec982f65a6c8f415eec23a849a4ae873042e61363e6eec0b3551f1b0c73c0421e9c895c681610199f47b28e6f913904f5db54911 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-19 06:56
Reported
2024-08-19 06:58
Platform
win10v2004-20240802-en
Max time kernel
114s
Max time network
119s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3504 set thread context of 1780 | N/A | C:\Users\Admin\AppData\Local\Temp\603cbf6c93b296fcafa13624daf1ede0N.exe | C:\Program Files (x86)\Windows Mail\wab.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Windows Mail\wab.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\603cbf6c93b296fcafa13624daf1ede0N.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\603cbf6c93b296fcafa13624daf1ede0N.exe
"C:\Users\Admin\AppData\Local\Temp\603cbf6c93b296fcafa13624daf1ede0N.exe"
C:\Program Files (x86)\Windows Mail\wab.exe
"C:\Program Files (x86)\Windows Mail\wab.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4064,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=3776 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=wab.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=5060,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=4024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4088,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5536,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5868,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5440,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=5268 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=wab.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6240,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=6272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6404,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=6196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5696,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=6308,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=5748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5808,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=4036 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 92.123.142.200:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 95.100.246.21:443 | learn.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.246.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| GB | 92.123.142.114:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.28:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 114.142.123.92.in-addr.arpa | udp |
| US | 20.189.173.28:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 28.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| GB | 92.123.142.114:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
memory/1780-0-0x0000000000400000-0x0000000000724000-memory.dmp