Malware Analysis Report

2024-10-24 18:45

Sample ID 231013-b7tkvsbf77
Target 5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074
SHA256 5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074
Tags
banload downloader dropper evasion trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074

Threat Level: Known bad

The file 5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074 was found to be: Known bad.

Malicious Activity Summary

banload downloader dropper evasion trojan

Banload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Unsigned PE

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-10-13 01:47

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-13 01:47

Reported

2023-10-13 01:51

Platform

win7-20230831-en

Max time kernel

150s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe"

Signatures

Banload

trojan dropper downloader banload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296}\InprocServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296}\VersionIndependentProgID\ = "BDATuner.ATSCChannelTuneRequest" C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296}\Implemented Categories\{0DE86A54-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296}\TypeLib C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296}\Version C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296}\ = "BDA Tuning Model ATSC Channel Tune Request" C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296}\InprocServer32\ = "C:\\Windows\\SysWOW64\\msvidctl.dll" C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296}\ProgID C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296}\Programmable C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296}\Version\ = "1.0" C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296} C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296}\ProgID\ = "BDATuner.ATSCChannelTuneRequest.1" C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296}\TypeLib\ = "{9B085638-018E-11D3-9D8E-00C04F72D980}" C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296}\Implemented Categories C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe

"C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe"

Network

N/A

Files

memory/1196-0-0x0000000003490000-0x000000000369C000-memory.dmp

memory/1196-6-0x0000000003490000-0x000000000369C000-memory.dmp

memory/1196-7-0x0000000003490000-0x000000000369C000-memory.dmp

memory/1196-10-0x0000000000410000-0x000000000098A000-memory.dmp

memory/1196-12-0x0000000000410000-0x000000000098A000-memory.dmp

memory/1196-13-0x0000000000410000-0x000000000098A000-memory.dmp

memory/1196-15-0x0000000003490000-0x000000000369C000-memory.dmp

memory/1196-14-0x0000000000410000-0x000000000098A000-memory.dmp

memory/1196-16-0x0000000003490000-0x000000000369C000-memory.dmp

memory/1196-17-0x0000000003490000-0x000000000369C000-memory.dmp

memory/1196-18-0x0000000000410000-0x000000000098A000-memory.dmp

memory/1196-19-0x0000000003490000-0x000000000369C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-13 01:47

Reported

2023-10-13 01:52

Platform

win10v2004-20230915-en

Max time kernel

172s

Max time network

182s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe"

Signatures

Banload

trojan dropper downloader banload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296} C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296}\ = "PrintTaskConfigurationProxyServer" C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296}\InProcHandler32 C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5AB4218-6AEB-3A4D-0539-DC41F7595296}\InProcHandler32\ = "C:\\Windows\\SysWOW64\\Windows.Devices.Printers.Extensions.dll" C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe

"C:\Users\Admin\AppData\Local\Temp\5212838b796f041056856765aa173efbe61fdf10b6371f6516c0ec735d701074.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 29.81.57.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 254.111.26.67.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp

Files

memory/4624-1-0x0000000004D00000-0x0000000004F0C000-memory.dmp

memory/4624-8-0x0000000004D00000-0x0000000004F0C000-memory.dmp

memory/4624-7-0x0000000004D00000-0x0000000004F0C000-memory.dmp

memory/4624-11-0x0000000000410000-0x000000000098A000-memory.dmp

memory/4624-13-0x0000000000410000-0x000000000098A000-memory.dmp

memory/4624-14-0x0000000000410000-0x000000000098A000-memory.dmp

memory/4624-15-0x0000000000410000-0x000000000098A000-memory.dmp

memory/4624-16-0x0000000000410000-0x000000000098A000-memory.dmp

memory/4624-17-0x0000000004D00000-0x0000000004F0C000-memory.dmp

memory/4624-18-0x0000000004D00000-0x0000000004F0C000-memory.dmp

memory/4624-19-0x0000000004D00000-0x0000000004F0C000-memory.dmp

memory/4624-20-0x0000000004D00000-0x0000000004F0C000-memory.dmp

memory/4624-21-0x0000000000410000-0x000000000098A000-memory.dmp