Malware Analysis Report

2024-07-11 08:09

Sample ID 240530-wcxz1sgf22
Target d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2
SHA256 d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2
Tags
amadey 49e482 evasion trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2

Threat Level: Known bad

The file d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2 was found to be: Known bad.

Malicious Activity Summary

amadey 49e482 evasion trojan

Amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Executes dropped EXE

Identifies Wine through registry keys

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-05-30 17:47

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 17:47

Reported

2024-05-30 18:05

Platform

win11-20240508-en

Max time kernel

1043s

Max time network

971s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe"

Signatures

Amadey

trojan amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\axplont.job C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe

"C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe"

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

"C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe"

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
RU 147.45.47.70:80 147.45.47.70 tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
RU 147.45.47.70:80 147.45.47.70 tcp
RU 147.45.47.70:80 147.45.47.70 tcp
RU 147.45.47.70:80 147.45.47.70 tcp
RU 147.45.47.70:80 147.45.47.70 tcp
RU 147.45.47.70:80 147.45.47.70 tcp

Files

memory/828-0-0x0000000000EF0000-0x00000000013B7000-memory.dmp

memory/828-1-0x0000000077C26000-0x0000000077C28000-memory.dmp

memory/828-2-0x0000000000EF1000-0x0000000000F1F000-memory.dmp

memory/828-3-0x0000000000EF0000-0x00000000013B7000-memory.dmp

memory/828-5-0x0000000000EF0000-0x00000000013B7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

MD5 7ed56e09edb6badc89bf9c17c5ffeb75
SHA1 d4b80e6c219a63aaaf7f9d3dc3e216944cc2b7c7
SHA256 d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2
SHA512 6f3a3c3555a05ad68479134ddeba61dff98767c0a9598501112fed553e84a0c4a1db66d709da64f5ca52af59acaf390949d94ebf9b136a97a941770db6e7e7c2

memory/828-17-0x0000000000EF0000-0x00000000013B7000-memory.dmp

memory/3120-18-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-19-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-20-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-21-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-22-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-23-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-24-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-25-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-26-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/4440-28-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/4440-29-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/4440-30-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/4440-31-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-32-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-33-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-34-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-35-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-36-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-37-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3484-39-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3484-40-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-41-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-42-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-43-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-44-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-45-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-46-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/1096-48-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-49-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-50-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-51-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-52-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-53-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-54-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/2260-56-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/2260-57-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-58-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-59-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-60-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-61-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-62-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-63-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3548-65-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3548-66-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-67-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-68-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-69-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-70-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-71-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-72-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3916-74-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3916-75-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-76-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-77-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-78-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-79-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-80-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-81-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/2112-83-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/2112-84-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-85-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-86-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-87-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-88-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-89-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-90-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/240-92-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/240-93-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-94-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-95-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-96-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-97-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-98-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-99-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/5064-101-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-102-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-103-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-104-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3120-105-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/1412-110-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/4344-118-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/4344-120-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/5024-128-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/5024-130-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/5060-139-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3376-147-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/3376-149-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/940-157-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/940-159-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/2588-167-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/2588-169-0x0000000000E30000-0x00000000012F7000-memory.dmp

memory/4584-178-0x0000000000E30000-0x00000000012F7000-memory.dmp