IOCReport

loading gif

Files

File Path
Type
Category
Malicious
Incaseformat.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\ProgramData\Mozilla\lvrslql.exe
PE32 executable (GUI) Intel 80386, for MS Windows
modified
malicious
C:\ProgramData\Mozilla\nnekebf.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
modified
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Incaseformat.exe
'C:\Users\user\Desktop\Incaseformat.exe'
malicious
C:\ProgramData\Mozilla\lvrslql.exe
C:\PROGRA~3\Mozilla\lvrslql.exe -ddeznal
malicious

Registry

Path
Value
Malicious
C:\ProgramData\Mozilla\lvrslql.exe
AppInit_DLLs
malicious
C:\ProgramData\Mozilla\lvrslql.exe
LoadAppInit_DLLs
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
1849B89A000
unkown
page read and write
clean
2B292D10000
unkown
page read and write
clean
28BEFE8F000
unkown
page read and write
clean
1DF71502000
unkown
page read and write
clean
7FF5A2001000
unkown
page readonly
clean
503AEFE000
unkown
page read and write
clean
7FF58D7C7000
unkown
page readonly
clean
2B12FE41000
unkown
page read and write
clean
1A77D656000
unkown
page read and write
clean
7FF5A1F8C000
unkown
page readonly
clean
7FF52E832000
unkown
page readonly
clean
7FF534DF1000
unkown
page readonly
clean
620000
unkown
page readonly
clean
12574B00000
unkown
page read and write
clean
1849B780000
heap private
page read and write
clean
7FF581E66000
unkown
page readonly
clean
7FF526E73000
unkown
page readonly
clean
26E645F5000
unkown
page read and write
clean
24115687000
unkown
page read and write
clean
7FF5270E8000
unkown
page readonly
clean
26E6453F000
unkown
page read and write
clean
26E63C98000
unkown
page read and write
clean
1DF71D3E000
unkown
page read and write
clean
21895ED0000
unkown
page readonly
clean
7FF52050E000
unkown
page readonly
clean
26E63D68000
unkown
page read and write
clean
FFDB9D8000
unkown
page read and write
clean
488000
heap default
page read and write
clean
26E63C81000
unkown
page read and write
clean
7FF5EB445000
unkown
page readonly
clean
26E63CFB000
unkown
page read and write
clean
1BCBA861000
unkown
page read and write
clean
7FF4F20DA000
unkown
page readonly
clean
26E645FB000
unkown
page read and write
clean
1DF71D6B000
unkown
page read and write
clean
7FF538E22000
unkown
page readonly
clean
7FF5D3BD5000
unkown
page readonly
clean
1CDE5550000
unkown
page read and write
clean
2B12581C000
unkown
page read and write
clean
7FF529DA7000
unkown
page readonly
clean
26E63D8B000
unkown
page read and write
clean
21DEED32000
unkown
page read and write
clean
1C21C510000
unkown
page read and write
clean
7FF520642000
unkown
page readonly
clean
7FF58D7D1000
unkown
page readonly
clean
1DF71DBF000
unkown
page read and write
clean
1DF71380000
unkown
page read and write
clean
7FF4F1F3F000
unkown
page readonly
clean
26E63D47000
unkown
page read and write
clean
21DEEE00000
unkown
page readonly
clean
1E6777C7000
unkown
page read and write
clean
22588C55000
unkown
page read and write
clean
26E63C5F000
unkown
page read and write
clean
26E63D79000
unkown
page read and write
clean
26E64574000
unkown
page read and write
clean
7FF5206E0000
unkown
page readonly
clean
7FF5EB4B1000
unkown
page readonly
clean
22588C2A000
unkown
page read and write
clean
26E63D16000
unkown
page read and write
clean
7FF541755000
unkown
page readonly
clean
26E6458F000
unkown
page read and write
clean
24238D13000
unkown
page read and write
clean
7FF5A1F76000
unkown
page readonly
clean
7FF58D855000
unkown
page readonly
clean
26E63D98000
unkown
page read and write
clean
26E63C5F000
unkown
page read and write