\n\n\n\n \n \n \n\n\n\n \n \n drop and start \n \n\n\n\n\n \n \nstart \n \n\n\n\n \n\niexplore.exe \n\n\n \n\n\n\n\n \n\n\n\n \n\niexplore.exe \n\n\n \n\n\n\n#QUASAR \n \n\npxpx[1].exe \n\n \n \n\n\n\n \n\nexplorer.exe \nno specs \n \n\n\n","processesValues":[{"rowId":"2e7379f7-3eeb-41a6-b93b-eef140c08fcf","rowData":{"threatLevel":2,"values":[2852,"\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome","C:\\Program Files\\Internet Explorer\\iexplore.exe",["executableDropped","network"],"explorer.exe"],"information":{"values":["admin","Microsoft Corporation","MEDIUM","Internet Explorer","1","8.00.7600.16385 (win7_rtm.090713-1255)"],"modules":[]}}},{"rowId":"77f00852-2f62-4ba6-82f4-fac0145376b6","rowData":{"threatLevel":0,"values":[3336,"\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" SCODEF:2852 CREDAT:71937","C:\\Program Files\\Internet Explorer\\iexplore.exe",["executableDropped","network"],"iexplore.exe"],"information":{"values":["admin","Microsoft Corporation","LOW","Internet Explorer","0","8.00.7600.16385 (win7_rtm.090713-1255)"],"modules":[]}}},{"rowId":"cbd1f447-0e96-4411-86de-a04b9e02fd54","rowData":{"threatLevel":2,"values":[2052,"\"C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\R9ZEWH8D\\pxpx[1].exe\" ","C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\R9ZEWH8D\\pxpx[1].exe",["knownThreat","network"],"iexplore.exe"],"information":{"values":["admin","Symantec","MEDIUM","pxpx.exe","","7.1.0.0"],"modules":[]}}},{"rowId":"53b5d9c0-c989-44d4-81c3-90f291ae028f","rowData":{"threatLevel":0,"values":[2980,"\"C:\\Windows\\explorer.exe\" ","C:\\Windows\\explorer.exe",[],"explorer.exe"],"information":{"values":["admin","Microsoft Corporation","MEDIUM","Windows Explorer","1","6.1.7600.16385 (win7_rtm.090713-1255)"],"modules":[]}}}]},"registryActivity":{"stats":[{"name":"Total events","value":"748"},{"name":"Read events","value":"671"},{"name":"Write events","value":"72"},{"name":"Delete events","value":"5"}],"modificationEvents":[{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main","name":"CompatibilityFlags","value":"0"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap","name":"UNCAsIntranet","value":"0"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap","name":"AutoDetect","value":"1"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones","name":"SecuritySafe","value":"1"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","name":"ProxyEnable","value":"0"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections","name":"SavedLegacySettings","value":"4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Recovery\\Active","name":"{B134CDE7-4A82-11E9-BAD8-5254004A04AF}","value":"0"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{2670000A-7350-4F3C-8081-5663EE0C6C49}\\iexplore","name":"Type","value":"4"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{2670000A-7350-4F3C-8081-5663EE0C6C49}\\iexplore","name":"Count","value":"3"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{2670000A-7350-4F3C-8081-5663EE0C6C49}\\iexplore","name":"Time","value":"E3070300020013001400080000001F02"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\\iexplore","name":"Type","value":"4"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\\iexplore","name":"Count","value":"3"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\\iexplore","name":"Time","value":"E3070300020013001400080000001F02"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main","name":"FullScreen","value":"no"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main","name":"Window_Placement","value":"2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MenuOrder\\Favorites\\Links","name":"Order","value":"08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\\iexplore","name":"Type","value":"3"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\\iexplore","name":"Count","value":"3"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\\iexplore","name":"Time","value":"E307030002001300140008000000CA02"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\\iexplore","name":"LoadTime","value":"14"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\\iexplore","name":"Type","value":"3"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\\iexplore","name":"Count","value":"3"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\\iexplore","name":"Time","value":"E307030002001300140008000000F902"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\\iexplore","name":"LoadTime","value":"52"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{DBC80044-A445-435B-BC74-9C25C1C588A9}\\iexplore","name":"Type","value":"3"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{DBC80044-A445-435B-BC74-9C25C1C588A9}\\iexplore","name":"Count","value":"3"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{DBC80044-A445-435B-BC74-9C25C1C588A9}\\iexplore","name":"Time","value":"E3070300020013001400080000008603"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{DBC80044-A445-435B-BC74-9C25C1C588A9}\\iexplore","name":"LoadTime","value":"35"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Discardable\\PostSetup\\Component Categories\\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\\Enum","name":"Implementing","value":"1C00000001000000E307030002001300140008000C00F90200000000"},{"pid":"(3336) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\LowCache\\Extensible Cache\\MSHist012019031920190320","name":"CachePath","value":"%USERPROFILE%\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012019031920190320"},{"pid":"(3336) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\LowCache\\Extensible Cache\\MSHist012019031920190320","name":"CachePrefix","value":":2019031920190320: "},{"pid":"(3336) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\LowCache\\Extensible Cache\\MSHist012019031920190320","name":"CacheLimit","value":"8192"},{"pid":"(3336) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\LowCache\\Extensible Cache\\MSHist012019031920190320","name":"CacheOptions","value":"11"},{"pid":"(3336) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\LowCache\\Extensible Cache\\MSHist012019031920190320","name":"CacheRepair","value":"0"},{"pid":"(3336) iexplore.exe","operation":"delete key","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\LowCache\\Extensible Cache\\MSHist012018082820180829","name":"","value":""},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main","name":"NotifyDownloadComplete","value":"yes"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019031920190320","name":"CachePath","value":"%USERPROFILE%\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019031920190320"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019031920190320","name":"CachePrefix","value":":2019031920190320: "},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019031920190320","name":"CacheLimit","value":"8192"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019031920190320","name":"CacheOptions","value":"11"},{"pid":"(2852) iexplore.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019031920190320","name":"CacheRepair","value":"0"},{"pid":"(2852) iexplore.exe","operation":"delete key","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018082720180903","name":"","value":""},{"pid":"(2852) iexplore.exe","operation":"delete key","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012018090920180910","name":"","value":""},{"pid":"(2052) pxpx[1].exe","operation":"write","key":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\pxpx[1]_RASAPI32","name":"EnableFileTracing","value":"0"},{"pid":"(2052) pxpx[1].exe","operation":"write","key":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\pxpx[1]_RASAPI32","name":"EnableConsoleTracing","value":"0"},{"pid":"(2052) pxpx[1].exe","operation":"write","key":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\pxpx[1]_RASAPI32","name":"FileTracingMask","value":"4294901760"},{"pid":"(2052) pxpx[1].exe","operation":"write","key":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\pxpx[1]_RASAPI32","name":"ConsoleTracingMask","value":"4294901760"},{"pid":"(2052) pxpx[1].exe","operation":"write","key":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\pxpx[1]_RASAPI32","name":"MaxFileSize","value":"1048576"},{"pid":"(2052) pxpx[1].exe","operation":"write","key":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\pxpx[1]_RASAPI32","name":"FileDirectory","value":"%windir%\\tracing"},{"pid":"(2052) pxpx[1].exe","operation":"write","key":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\pxpx[1]_RASMANCS","name":"EnableFileTracing","value":"0"},{"pid":"(2052) pxpx[1].exe","operation":"write","key":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\pxpx[1]_RASMANCS","name":"EnableConsoleTracing","value":"0"},{"pid":"(2052) pxpx[1].exe","operation":"write","key":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\pxpx[1]_RASMANCS","name":"FileTracingMask","value":"4294901760"},{"pid":"(2052) pxpx[1].exe","operation":"write","key":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\pxpx[1]_RASMANCS","name":"ConsoleTracingMask","value":"4294901760"},{"pid":"(2052) pxpx[1].exe","operation":"write","key":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\pxpx[1]_RASMANCS","name":"MaxFileSize","value":"1048576"},{"pid":"(2052) pxpx[1].exe","operation":"write","key":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\pxpx[1]_RASMANCS","name":"FileDirectory","value":"%windir%\\tracing"},{"pid":"(2052) pxpx[1].exe","operation":"write","key":"HKEY_CLASSES_ROOT\\Local Settings\\MuiCache\\5F\\52C64B7E","name":"LanguageList","value":"en-US"},{"pid":"(2052) pxpx[1].exe","operation":"write","key":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DAC9024F54D8F6DF94935FB1732638CA6AD77C13","name":"Blob","value":"040000000100000010000000410352DC0FF7501B16F0028EBA6F45C50F00000001000000140000005BCAA1C2780F0BCB5A90770451D96F38963F012D090000000100000042000000304006082B0601050507030406082B0601050507030106082B0601050507030206082B06010505070308060A2B0601040182370A0304060A2B0601040182370A030C6200000001000000200000000687260331A72403D909F105E69BCF0D32E1BD2493FFC6D9206D11BCD67707390B000000010000001E000000440053005400200052006F006F0074002000430041002000580033000000140000000100000014000000C4A7B1A47B2C71FADBE14B9075FFC415608589101D00000001000000100000004558D512EECB27464920897DE7B66053030000000100000014000000DAC9024F54D8F6DF94935FB1732638CA6AD77C131900000001000000100000006CF252FEC3E8F20996DE5D4DD9AEF42420000000010000004E0300003082034A30820232A003020102021044AFB080D6A327BA893039862EF8406B300D06092A864886F70D0101050500303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F74204341205833301E170D3030303933303231313231395A170D3231303933303134303131355A303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F7420434120583330820122300D06092A864886F70D01010105000382010F003082010A0282010100DFAFE99750088357B4CC6265F69082ECC7D32C6B30CA5BECD9C37DC740C118148BE0E83376492AE33F214993AC4E0EAF3E48CB65EEFCD3210F65D22AD9328F8CE5F777B0127BB595C089A3A9BAED732E7A0C063283A27E8A1430CD11A0E12A38B9790A31FD50BD8065DFB7516383C8E28861EA4B6181EC526BB9A2E24B1A289F48A39E0CDA098E3E172E1EDD20DF5BC62A8AAB2EBD70ADC50B1A25907472C57B6AAB34D63089FFE568137B540BC8D6AEEC5A9C921E3D64B38CC6DFBFC94170EC1672D526EC38553943D0FCFD185C40F197EBD59A9B8D1DBADA25B9C6D8DFC115023AABDA6EF13E2EF55C089C3CD68369E4109B192AB62957E3E53D9B9FF0025D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E04160414C4A7B1A47B2C71FADBE14B9075FFC41560858910300D06092A864886F70D01010505000382010100A31A2C9B17005CA91EEE2866373ABF83C73F4BC309A095205DE3D95944D23E0D3EBD8A4BA0741FCE10829C741A1D7E981ADDCB134BB32044E491E9CCFC7DA5DB6AE5FEE6FDE04EDDB7003AB57049AFF2E5EB02F1D1028B19CB943A5E48C4181E58195F1E025AF00CF1B1ADA9DC59868B6EE991F586CAFAB96633AA595BCEE2A7167347CB2BCC99B03748CFE3564BF5CF0F0C723287C6F044BB53726D43F526489A5267B758ABFE67767178DB0DA256141339243185A2A8025A3047E1DD5007BC02099000EB6463609B16BC88C912E6D27D918BF93D328D65B4E97CB15776EAC5B62839BF15651CC8F677966A0A8D770BD8910B048E07DB29B60AEE9D82353510"},{"pid":"(2052) pxpx[1].exe","operation":"delete key","key":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DAC9024F54D8F6DF94935FB1732638CA6AD77C13","name":"","value":""},{"pid":"(2852) iexplore.exe","operation":"delete value","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Recovery\\Active","name":"{B134CDE7-4A82-11E9-BAD8-5254004A04AF}","value":"0"}]},"filesActivity":{"stats":[{"name":"Executable files","value":"2"},{"name":"Suspicious files","value":"1"},{"name":"Text files","value":"4"},{"name":"Unknown types","value":"8"}],"droppedFiles":[{"pid":2852,"process":"iexplore.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RB73MZ6Y\\favicon[1].ico","md5":"—","sha256":"—","type":{}},{"pid":2852,"process":"iexplore.exe","filename":"C:\\Users\\admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico","md5":"—","sha256":"—","type":{}},{"pid":2852,"process":"iexplore.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\~DF41B310D3F6F7A619.TMP","md5":"—","sha256":"—","type":{}},{"pid":2852,"process":"iexplore.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\~DF97619FE50D94AB80.TMP","md5":"—","sha256":"—","type":{}},{"pid":2852,"process":"iexplore.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active\\RecoveryStore.{B134CDE7-4A82-11E9-BAD8-5254004A04AF}.dat","md5":"—","sha256":"—","type":{}},{"pid":3336,"process":"iexplore.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012019031920190320\\index.dat","md5":"80AE162F896C476DD994BC19B1C4A3E7","sha256":"EB4633C9CE5C76786AD162FAF991EE1D115E8D5AA2850BDF84782D12FB70FFA9","type":{"value":"dat","type":4}},{"pid":2852,"process":"iexplore.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019031920190320\\index.dat","md5":"8606F7AC80FB9B0E99DDE57DE0D66DC7","sha256":"8084BBD89E3200589642EA9247F6302E3C8A354E6497F0483C8E56C42DB615AE","type":{"value":"dat","type":4}},{"pid":2852,"process":"iexplore.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\R9ZEWH8D\\pxpx[1].exe","md5":"89782B6CDAAAB7848D544255D5FE7002","sha256":"FFEE8C0DAAD6B88B91AE8F12C4564A9A7986FC55497CACF09732737893E0C186","type":{"value":"executable","type":2}},{"pid":2852,"process":"iexplore.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RB73MZ6Y\\favicon[3].png","md5":"9FB559A691078558E77D6848202F6541","sha256":"6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914","type":{"value":"image","type":0}},{"pid":2852,"process":"iexplore.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active\\{B134CDE8-4A82-11E9-BAD8-5254004A04AF}.dat","md5":"79691A79469D3860F0BFE3409BE9BBA1","sha256":"0B362D924B828D4BFF694EC01F1B3C5230394D8CE107DD5ACA2C344984039ED0","type":{"value":"binary","type":1}},{"pid":3336,"process":"iexplore.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\OCDM6JB6\\pxpx[1].exe","md5":"89782B6CDAAAB7848D544255D5FE7002","sha256":"FFEE8C0DAAD6B88B91AE8F12C4564A9A7986FC55497CACF09732737893E0C186","type":{"value":"executable","type":2}},{"pid":3336,"process":"iexplore.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\Low\\JavaDeployReg.log","md5":"59E61622D500A64B07B56C6E25950D06","sha256":"6125CB69BDAFF51F3012B71AC82FD73C81DCF5986FE0B80399401AE1D73AFE91","type":{"value":"text","type":0}},{"pid":2852,"process":"iexplore.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\R9ZEWH8D\\pxpx[1].exe:Zone.Identifier","md5":"FBCCF14D504B7B2DBCB5A5BDA75BD93B","sha256":"EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913","type":{"value":"text","type":0}},{"pid":2852,"process":"iexplore.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\OCDM6JB6\\pxpx[1].exe:Zone.Identifier","md5":"FBCCF14D504B7B2DBCB5A5BDA75BD93B","sha256":"EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913","type":{"value":"text","type":0}},{"pid":3336,"process":"iexplore.exe","filename":"C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\index.dat","md5":"D7A950FEFD60DBAA01DF2D85FEFB3862","sha256":"75D0B1743F61B76A35B1FEDD32378837805DE58D79FA950CB6E8164BFA72073A","type":{"value":"dat","type":4}},{"pid":2052,"process":"pxpx[1].exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\tempDataBase2019-03-19T20_08_33.9648750+00_0077","md5":"AC3CDEEC2CF63B09BFF2D68FF02CAAAF","sha256":"FAC2CA86788C0380D5A61973C16CBF71064A389C6469F41CE84E425311B67BB7","type":{"value":"sqlite","type":4}},{"pid":2052,"process":"pxpx[1].exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\tempDataBase2019-03-19T20_08_33.9648750+00_002020","md5":"33FAA3C0AB3E0E5F8E5446ED0D52CA32","sha256":"2AE728D9D195C37B8041CC088F9A28BB666B670E1A2410EFAEE5B26047C08BBF","type":{"value":"sqlite","type":4}},{"pid":2052,"process":"pxpx[1].exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\tempDataBase2019-03-19T20_08_33.9961250+00_001818","md5":"8BB736AB1E4300EF81B27CDBF26D78B0","sha256":"7059AEA2275152A5390580485A2180143879F721C88A4CB0D7702A832751A952","type":{"value":"sqlite","type":4}},{"pid":2052,"process":"pxpx[1].exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\tempDataBase2019-03-19T20_08_34.0117500+00_001919","md5":"978812E75543B001E6E1C55FDC1DC3F8","sha256":"9E364189042BCAC04AF32C70B56D41EE49D9078660F087D0FC270E66FDDAF8E7","type":{"value":"sqlite","type":4}},{"pid":2852,"process":"iexplore.exe","filename":"C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat","md5":"D7A950FEFD60DBAA01DF2D85FEFB3862","sha256":"75D0B1743F61B76A35B1FEDD32378837805DE58D79FA950CB6E8164BFA72073A","type":{"value":"dat","type":4}}]},"synchronization":{"values":[]},"rpsRequests":{"values":[]},"networkActivity":{"stats":[{"name":"HTTP(S) requests","value":"4"},{"name":"TCP/UDP connections","value":"6"},{"name":"DNS requests","value":"4"},{"name":"Threats","value":"3"}],"requests":[[2852,"iexplore.exe","GET",200,"204.79.197.200:80","http://www.bing.com/favicon.ico","US",{"value":"image","type":0},"237 b",{"value":"whitelisted","type":3}],[3336,"iexplore.exe","GET",302,"81.177.140.55:80","http://a4.doshimotai.ru/pxpx.exe","RU",{"value":"html","type":0},"154 b",{"value":"malicious","type":2}],[2052,"pxpx[1].exe","GET",101,"185.181.9.115:2012","http://185.181.9.115:2012/websocket","GB",{"value":null},"—",{"value":"unknown","type":4}],[2052,"pxpx[1].exe","GET",200,"185.194.141.58:80","http://ip-api.com/json/","DE",{"value":"text","type":0},"264 b",{"value":"shared","type":0}]],"connections":[[2852,"iexplore.exe","204.79.197.200:80","www.bing.com","Microsoft Corporation","US",{"value":"whitelisted","type":3}],[3336,"iexplore.exe","81.177.140.55:80","a4.doshimotai.ru","JSC RTComm.RU","RU",{"value":"malicious","type":2}],[3336,"iexplore.exe","81.177.140.55:443","a4.doshimotai.ru","JSC RTComm.RU","RU",{"value":"malicious","type":2}],[2052,"pxpx[1].exe","185.181.9.115:2012","—","Clouvider Limited","GB",{"value":"unknown","type":4}],[2052,"pxpx[1].exe","81.177.141.23:443","domekan.ru","JSC RTComm.RU","RU",{"value":"malicious","type":2}],[2052,"pxpx[1].exe","185.194.141.58:80","ip-api.com","netcup GmbH","DE",{"value":"malicious","type":2}]],"dns":[["www.bing.com",["204.79.197.200","13.107.21.200"],{"value":"whitelisted","type":3}],["a4.doshimotai.ru",["81.177.140.55"],{"value":"malicious","type":2}],["domekan.ru",["81.177.141.23"],{"value":"malicious","type":2}],["ip-api.com",["185.194.141.58"],{"value":"shared","type":0}]],"threatsProCount":1,"threats":[[2052,"pxpx[1].exe",{"value":"Potential Corporate Privacy Violation","type":2},"ET POLICY External IP Lookup ip-api.com"],[2052,"pxpx[1].exe",{"value":"A Network Trojan was detected","type":2},"MALWARE [PTsecurity] Quasar 1.3 RAT IP Lookup ip-api.com (HTTP headeer)"]]},"debugOutputStrings":{"values":[]},"meta":{"sha256":"95c912f7acead0967b333abd58de1b0de741304eb1fe6e4e33def5741774c756","uuid":"e3a6fb38-99e0-49f7-8778-99749c9c5f01","isUrlType":true,"taskName":"http://a4.doshimotai.ru/pxpx.exe","title":"Free Malware Sandbox Online","isPrivate":false,"tags":["evasion","trojan","rat","quasar"],"copyrightYear":2022},"vue_isInlineMode":false,"vue_publicPath":"/report/"}
We're sorry but any.run reports doesn't work properly without JavaScript enabled. Please enable it to continue.
General Info Add for printing
URL: http://a4.doshimotai.ru/pxpx.exe Full analysis: https://app.any.run/tasks/e3a6fb38-99e0-49f7-8778-99749c9c5f01 Verdict: Malicious activity Threats: Quasar RAT
Quasar RAT
Quasar is a very popular RAT in the world thanks to its code being available in open-source. This malware can be used to control the victim’s computer remotely.
Analysis date: March 19, 2019, 20:07:38 OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) Tags: Indicators: MD5: 5118C8DD1FFE8BC3F5E83E62EEB1F592 SHA1: 90E5FA8E6AF3FAADD24474DB3513825C966311A3 SHA256: 95C912F7ACEAD0967B333ABD58DE1B0DE741304EB1FE6E4E33DEF5741774C756 SSDEEP: 3:N1KfbMTVd0C:CDGVd0C
ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is.
ANY.RUN does not guarantee maliciousness or safety of the content.
Software environment set and analysis options Launch configuration Task duration: 60 seconds Heavy Evasion option: off Network geolocation: off Additional time used: none MITM proxy: off Privacy: Public submission Fakenet option: off Route via Tor: off Autoconfirmation of UAC: on Network: on Software preset Internet Explorer 8.0.7601.17514 undefined Adobe Acrobat Reader DC MUI (15.023.20070) Adobe Flash Player 26 ActiveX (26.0.0.131) Adobe Flash Player 26 NPAPI (26.0.0.131) Adobe Flash Player 26 PPAPI (26.0.0.131) Adobe Refresh Manager (1.8.0) CCleaner (5.35) FileZilla Client 3.36.0 (3.36.0) Google Chrome (68.0.3440.106) Google Update Helper (1.3.33.17) Java 8 Update 92 (8.0.920.14) Java Auto Updater (2.8.92.14) Microsoft .NET Framework 4.6.1 (4.6.01055) Microsoft Office Access MUI (English) 2010 (14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000) Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000) Microsoft Office Professional 2010 (14.0.6029.1000) Microsoft Office Proof (English) 2010 (14.0.6029.1000) Microsoft Office Proof (French) 2010 (14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000) Microsoft Office Proofing (English) 2010 (14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000) Microsoft Office Single Image 2010 (14.0.6029.1000) Microsoft Office Word MUI (English) 2010 (14.0.6029.1000) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005) Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005) Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0) Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706) Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706) Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2) Notepad++ (32-bit x86) (7.5.1) Opera 12.15 (12.15.1748) Skype version 8.29 (8.29) VLC media player (2.2.6) WinRAR 5.60 (32-bit) (5.60.0) Hotfixes Client LanguagePack Package Client Refresh LanguagePack Package CodecPack Basic Package Foundation Package IE Troubleshooters Package InternetExplorer Optional Package KB2534111 KB2999226 KB976902 LocalPack AU Package LocalPack CA Package LocalPack GB Package LocalPack US Package LocalPack ZA Package ProfessionalEdition UltimateEdition Processes Add for printing
Behavior graph Click at the process to see the details
drop and start
start
iexplore.exe
iexplore.exe
#QUASAR
pxpx[1].exe
explorer.exe
no specs
- +
Specs description Program did not start Low-level access to the HDD Process was added to the startup Debug information is available Probably Tor was used Behavior similar to spam Task has injected processes Executable file was dropped Known threat RAM overrun Network attacks were detected Integrity level elevation Connects to the network CPU overrun Process starts the services System was rebooted Task contains several apps running Application downloaded the executable file Actions similar to stealing personal data Task has apps ended with an error File is detected by antivirus software Inspected object has suspicious PE structure Behavior similar to exploiting the vulnerability Task contains an error or was rebooted The process has the malware config Process information
Network activity Add for printing
HTTP requests Download PCAP, analyze network streams, HTTP content and a lot more at the
full report Connections
DNS requests
Threats