Malware Analysis Report

2025-05-05 21:53

Sample ID 220122-blqxvaggaq
Target a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a
SHA256 a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a
Tags
imminent persistence spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a

Threat Level: Known bad

The file a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a was found to be: Known bad.

Malicious Activity Summary

imminent persistence spyware trojan

Imminent RAT

Executes dropped EXE

Deletes itself

Loads dropped DLL

Adds Run key to start application

Drops desktop.ini file(s)

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Runs ping.exe

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-01-22 01:14

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-01-22 01:14

Reported

2022-01-22 06:05

Platform

win7-en-20211208

Max time kernel

152s

Max time network

131s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe"

Signatures

Imminent RAT

trojan spyware imminent

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows\CurrentVersion\Run\18.exe = "C:\\Users\\Admin\\AppData\\RoamingMicrosoft\\System\\Services\\18.exe" C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows\CurrentVersion\Run\davibot = "\\davibot\\davibot.exe" C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows\CurrentVersion\Run\18.exe = "C:\\Users\\Admin\\AppData\\RoamingMicrosoft\\System\\Services\\18.exe" C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\18.exe = "C:\\Users\\Admin\\AppData\\RoamingMicrosoft\\System\\Services\\18.exe" C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows\CurrentVersion\Run\davibot = "C:\\Users\\Admin\\AppData\\Local\\davibot\\davibot.exe" C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\18.exe = "C:\\Users\\Admin\\AppData\\RoamingMicrosoft\\System\\Services\\18.exe" C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A

Enumerates physical storage devices

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1632 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe
PID 1632 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe
PID 1632 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe
PID 1632 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe
PID 1632 wrote to memory of 420 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Windows\SysWOW64\cmd.exe
PID 1632 wrote to memory of 420 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Windows\SysWOW64\cmd.exe
PID 1632 wrote to memory of 420 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Windows\SysWOW64\cmd.exe
PID 1632 wrote to memory of 420 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Windows\SysWOW64\cmd.exe
PID 268 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Windows\SysWOW64\taskmgr.exe
PID 268 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Windows\SysWOW64\taskmgr.exe
PID 268 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Windows\SysWOW64\taskmgr.exe
PID 268 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Windows\SysWOW64\taskmgr.exe
PID 420 wrote to memory of 1056 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 420 wrote to memory of 1056 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 420 wrote to memory of 1056 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 420 wrote to memory of 1056 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe

"C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe"

C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe

"C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 1000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\PING.EXE

ping 1.1.1.1 -n 1 -w 1000

Network

Country Destination Domain Proto
US 8.8.8.8:53 davibot.ddns.net udp

Files

memory/1632-55-0x0000000076B81000-0x0000000076B83000-memory.dmp

memory/1632-56-0x0000000002020000-0x0000000002021000-memory.dmp

\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe

MD5 601b14f244f7ff8d4a9ca45cec3a4d0c
SHA1 e247d7df8b88050a7345e108957c6b616c81fbe0
SHA256 a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a
SHA512 429f8c00669007a115a40e08672097d9340ab191e548a66c81d38cd315679ddef9ab7ddb4fad6e007ab8ffb09c9c1bb75ebeb4793092b9a99cd35d37e84b8c92

\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe

MD5 601b14f244f7ff8d4a9ca45cec3a4d0c
SHA1 e247d7df8b88050a7345e108957c6b616c81fbe0
SHA256 a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a
SHA512 429f8c00669007a115a40e08672097d9340ab191e548a66c81d38cd315679ddef9ab7ddb4fad6e007ab8ffb09c9c1bb75ebeb4793092b9a99cd35d37e84b8c92

C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe

MD5 601b14f244f7ff8d4a9ca45cec3a4d0c
SHA1 e247d7df8b88050a7345e108957c6b616c81fbe0
SHA256 a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a
SHA512 429f8c00669007a115a40e08672097d9340ab191e548a66c81d38cd315679ddef9ab7ddb4fad6e007ab8ffb09c9c1bb75ebeb4793092b9a99cd35d37e84b8c92

C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe

MD5 601b14f244f7ff8d4a9ca45cec3a4d0c
SHA1 e247d7df8b88050a7345e108957c6b616c81fbe0
SHA256 a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a
SHA512 429f8c00669007a115a40e08672097d9340ab191e548a66c81d38cd315679ddef9ab7ddb4fad6e007ab8ffb09c9c1bb75ebeb4793092b9a99cd35d37e84b8c92

memory/268-62-0x0000000002200000-0x0000000002201000-memory.dmp

\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe

MD5 601b14f244f7ff8d4a9ca45cec3a4d0c
SHA1 e247d7df8b88050a7345e108957c6b616c81fbe0
SHA256 a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a
SHA512 429f8c00669007a115a40e08672097d9340ab191e548a66c81d38cd315679ddef9ab7ddb4fad6e007ab8ffb09c9c1bb75ebeb4793092b9a99cd35d37e84b8c92

\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe

MD5 601b14f244f7ff8d4a9ca45cec3a4d0c
SHA1 e247d7df8b88050a7345e108957c6b616c81fbe0
SHA256 a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a
SHA512 429f8c00669007a115a40e08672097d9340ab191e548a66c81d38cd315679ddef9ab7ddb4fad6e007ab8ffb09c9c1bb75ebeb4793092b9a99cd35d37e84b8c92

Analysis: behavioral2

Detonation Overview

Submitted

2022-01-22 01:14

Reported

2022-01-22 06:06

Platform

win10-en-20211208

Max time kernel

154s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe"

Signatures

Imminent RAT

trojan spyware imminent

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Windows\CurrentVersion\Run\18.exe = "C:\\Users\\Admin\\AppData\\RoamingMicrosoft\\System\\Services\\18.exe" C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
Key created \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Windows\CurrentVersion\Run\davibot = "\\davibot\\davibot.exe" C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\18.exe = "C:\\Users\\Admin\\AppData\\RoamingMicrosoft\\System\\Services\\18.exe" C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Windows\CurrentVersion\Run\18.exe = "C:\\Users\\Admin\\AppData\\RoamingMicrosoft\\System\\Services\\18.exe" C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\18.exe = "C:\\Users\\Admin\\AppData\\RoamingMicrosoft\\System\\Services\\18.exe" C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Windows\CurrentVersion\Run\davibot = "C:\\Users\\Admin\\AppData\\Local\\davibot\\davibot.exe" C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2708 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe
PID 2708 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe
PID 2708 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe
PID 2708 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Windows\SysWOW64\cmd.exe
PID 2708 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Windows\SysWOW64\cmd.exe
PID 2708 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Windows\SysWOW64\cmd.exe
PID 2304 wrote to memory of 808 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2304 wrote to memory of 808 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2304 wrote to memory of 808 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1028 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Windows\SysWOW64\Taskmgr.exe
PID 1028 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Windows\SysWOW64\Taskmgr.exe
PID 1028 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe C:\Windows\SysWOW64\Taskmgr.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe

"C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe"

C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe

"C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 1000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe"

C:\Windows\SysWOW64\PING.EXE

ping 1.1.1.1 -n 1 -w 1000

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp
US 8.8.8.8:53 davibot.ddns.net udp

Files

memory/2708-115-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe

MD5 601b14f244f7ff8d4a9ca45cec3a4d0c
SHA1 e247d7df8b88050a7345e108957c6b616c81fbe0
SHA256 a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a
SHA512 429f8c00669007a115a40e08672097d9340ab191e548a66c81d38cd315679ddef9ab7ddb4fad6e007ab8ffb09c9c1bb75ebeb4793092b9a99cd35d37e84b8c92

C:\Users\Admin\AppData\Local\Temp\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a\a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a.exe

MD5 601b14f244f7ff8d4a9ca45cec3a4d0c
SHA1 e247d7df8b88050a7345e108957c6b616c81fbe0
SHA256 a3fb704316fcbb49fb9182c619ebaa2243f3c2ccd6ee17b3c0bca587074c4c8a
SHA512 429f8c00669007a115a40e08672097d9340ab191e548a66c81d38cd315679ddef9ab7ddb4fad6e007ab8ffb09c9c1bb75ebeb4793092b9a99cd35d37e84b8c92

memory/1028-118-0x0000000000B00000-0x0000000000C4A000-memory.dmp