Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

QSPC03PC230308097.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

C:\Program Files (x86)\AutoIt3\Au3Check.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\AutoIt3\Au3Info.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\AutoIt3\Uninstall.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Java\jre-1.8\bin\java.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrSanBroker.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\OSE.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\grv_icons.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\misc.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-0000-0000000FF1CE}\misc.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\chrome.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Windows\svchost.com

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QSPC03PC230308097.exe.log

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\3582-490\QSPC03PC230308097.exe

data

dropped

C:\Users\user\AppData\Local\Temp\tmp5023.tmp

OpenPGP Public Key

modified

C:\Windows\appcompat\Programs\Amcache.hve

MS Windows registry file, NT/2000 or above

dropped

There are 147 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\QSPC03PC230308097.exe

"C:\Users\user\Desktop\QSPC03PC230308097.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6900
Target ID:	0
Parent PID:	2580
Name:	QSPC03PC230308097.exe
Path:	C:\Users\user\Desktop\QSPC03PC230308097.exe
Commandline:	"C:\Users\user\Desktop\QSPC03PC230308097.exe"
Size:	878592
MD5:	A2242C1C19DF8B628A64165E062B03A3
Time:	11:21:51
Date:	29/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xde0000
Modulesize:	901120
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Detected unpacking (overwrites its own PE header)	Compliance, Data Obfuscation	Software Packing
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected Neshta	Spreading, Persistence and Installation Behavior, Boot Survival, Stealing of Sensitive Information
Yara detected PureLog Stealer	Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Yara detected Generic Downloader	Networking
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Classes Autorun Keys Modification	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\Desktop\QSPC03PC230308097.exe

"C:\Users\user\Desktop\QSPC03PC230308097.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6388
Target ID:	2
Parent PID:	6900
Name:	QSPC03PC230308097.exe
Path:	C:\Users\user\Desktop\QSPC03PC230308097.exe
Commandline:	"C:\Users\user\Desktop\QSPC03PC230308097.exe"
Size:	878592
MD5:	A2242C1C19DF8B628A64165E062B03A3
Time:	11:21:52
Date:	29/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x8d0000
Modulesize:	901120
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Detected unpacking (overwrites its own PE header)	Compliance, Data Obfuscation	Software Packing
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected Neshta	Spreading, Persistence and Installation Behavior, Boot Survival, Stealing of Sensitive Information
Yara detected PureLog Stealer	Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Yara detected Generic Downloader	Networking
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Classes Autorun Keys Modification	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

http://www.fontbureau.com/designersG

unknown

https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith

unknown

http://www.fontbureau.com/designers/?

unknown

http://aka.ms/sdxdebug

unknown

http://www.founder.com.cn/cn/bThe

unknown

http://www.fontbureau.com/designers?

unknown

https://crashpad.chromium.org/bug/new

unknown

http://schemas.datacontract.org/2004/07/Microsoft.Office.Web.Roaming.Service

unknown

http://tempuri.org/DataSet1.xsd

unknown

http://stackoverflow.com/a/15123777)

unknown

http://www.tiro.com

unknown

http://tempuri.org/

unknown

http://www.computerhope.com/forum/index.php?topic=76293.0

unknown

http://www.fontbureau.com/designers

unknown

http://www.goodfont.co.kr

unknown

https://www.autoitscript.com/autoit3/

unknown

http://xml.org/sax/properties/lexical-handlerhttp://xml.org/sax/features/namespace-prefixeshttp://xm

unknown

https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new

unknown

http://tempuri.org/IRoamingSettingsService/WriteSettingsResponse

unknown

http://www.sajatypeworks.com

unknown

http://tempuri.org/IRoamingSettingsService/ReadSettings

unknown

http://www.typography.netD

unknown

http://stackoverflow.com/a/1465386/4224163

unknown

http://www.founder.com.cn/cn/cThe

unknown

http://www.galapagosdesign.com/staff/dennis.htm

unknown

http://www.tutorialspoint.com/javascript/array_map.htm

unknown

https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ffDilithium2Dilith

unknown

http://SoftwareMicrosoft16.0CommonDebugHKEY_LOCAL_MACHINEHKEY_CURRENT_USER

unknown

http://tempuri.org/IRoamingSettingsService/GetConfigResponse

unknown

http://tempuri.org/IRoamingSettingsService/WriteSettingshttp://tempuri.org/IRoamingSettingsService/R

unknown

http://tempuri.org/IRoamingSettingsService/DisableUser

unknown

http://www.galapagosdesign.com/DPlease

unknown

http://www.autoitscript.com/autoit3/8

unknown

http://www.fonts.com

unknown

http://www.sandoll.co.kr

unknown

http://www.urwpp.deDPlease

unknown

http://www.zhongyicts.com.cn

unknown

http://www.sakkal.com

unknown

http://es5.github.io/#x15.4.4.21

unknown

http://tempuri.org/IRoamingSettingsService/EnableUserResponse

unknown

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWith

unknown

http://tempuri.org/IRoamingSettingsService/WriteSettings

unknown

http://www.apache.org/licenses/LICENSE-2.0

unknown

http://www.fontbureau.com

unknown

https://crashpad.chromium.org/

unknown

https://account.dyn.com/

unknown

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/filter

unknown

https://javadl-esd-secure.oracle.com/update/%s/map-m-%s.xmlhttps://javadl-esd-secure.oracle.com/upda

unknown

http://https://ftp://.htmlGot

unknown

http://tempuri.org/IRoamingSettingsService/DisableUserResponse

unknown

http://java.sun.comnot

unknown

http://nsis.sf.net/NSIS_ErrorError

unknown

http://www.autoitscript.com/autoit3/

unknown

https://javadl-esd-secure.oracle.com/update/%s/map-%s.xml

unknown

http://www.carterandcone.coml

unknown

https://login.windows.net/commonhttps://login.windows.netDBSFetcher::CreateRequestHeader

unknown

http://java.sun.com

unknown

http://www.fontbureau.com/designers/cabarga.htmlN

unknown

http://stackoverflow.com/questions/1026069/capitalize-the-first-letter-of-string-in-javascript

unknown

https://javadl-esd-secure.oracle.com/update/%s/map-m-%s.xml

unknown

http://www.founder.com.cn/cn

unknown

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/Reduce

unknown

http://www.fontbureau.com/designers/frere-user.html

unknown

http://schemas.datacontract.org/2004/07/Microsoft.Office.Web.Roaming.SoapObjectsItemsSortKeyArrayOfR

unknown

http://tempuri.org/IRoamingSettingsService/GetConfig

unknown

http://www.jiyu-kobo.co.jp/

unknown

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/Trim

unknown

http://www.fontbureau.com/designers8

unknown

http://stackoverflow.com/questions/1068834/object-comparison-in-javascript

unknown

http://tempuri.org/IRoamingSettingsService/ReadSettingsResponse

unknown

http://127.0.0.1:13556/InsiderSlabBehaviorReportedBuildInsiderSlabBehaviorInsiderSlabBehaviorReporte

unknown

http://schemas.datacontract.org/2004/07/Microsoft.Office.Web.Roaming.SoapObjects

unknown

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf

unknown

http://tempuri.org/IRoamingSettingsService/EnableUser

unknown

https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff

unknown

There are 65 hidden URLs, click here to show them.

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command

NULL

Details

TargetID:	2
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
Value name:	NULL
Value data:	C:\Windows\svchost.com "%1" %*

Signature Hits	Behavior Group	Mitre Attack
Creates an undocumented autostart registry key	Boot Survival	Registry Run Keys / Startup Folder
Sigma detected: Classes Autorun Keys Modification	System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

3465000

trusted library allocation

page read and write

400000

remote allocation

page execute and read and write

A040000

trusted library section

page read and write

317A000

trusted library allocation

page read and write

4B4E000

trusted library allocation

page read and write

DA0000

heap

page read and write

7C00000

trusted library allocation

page read and write

DF0000

heap

page read and write

1017000

heap

page read and write

7BA0000

trusted library allocation

page read and write

FA4000

heap

page read and write

898B000

heap

page read and write

13F2000

trusted library allocation

page read and write

F88000

heap

page read and write

13B3000

trusted library allocation

page execute and read and write

57FE000

stack

page read and write

7CD0000

trusted library allocation

page execute and read and write

4A15000

trusted library allocation

page read and write

1465000

heap

page read and write

418000

remote allocation

page execute and read and write

29FE000

stack

page read and write

100B000

heap

page read and write

13D2000

trusted library allocation

page read and write

7DEE000

stack

page read and write

33BF000

stack

page read and write

13BD000

trusted library allocation

page execute and read and write

FE0000

heap

page read and write

881B000

stack

page read and write

16EE000

stack

page read and write

9B40000

trusted library allocation

page read and write

13F7000

trusted library allocation

page execute and read and write

56F3000

heap

page read and write

811F000

stack

page read and write

A130000

trusted library allocation

page execute and read and write

13C0000

trusted library allocation

page read and write

FD8000

heap

page read and write

2A00000

heap

page read and write

DE2000

unkown

page readonly

13D6000

trusted library allocation

page execute and read and write

89A9000

heap

page read and write

DE0000

unkown

page readonly

1420000

heap

page read and write

A060000

trusted library allocation

page read and write

5140000

heap

page read and write

3010000

trusted library allocation

page execute and read and write

8920000

trusted library allocation

page read and write

9B30000

trusted library section

page read and write

31BE000

stack

page read and write

51D0000

heap

page read and write

1410000

trusted library allocation

page read and write

DEBE000

stack

page read and write

A080000

trusted library allocation

page read and write

13FB000

trusted library allocation

page execute and read and write

3171000

trusted library allocation

page read and write

FF2000

heap

page read and write

3160000

heap

page execute and read and write

A0D0000

trusted library allocation

page read and write

3020000

trusted library allocation

page read and write

568E000

stack

page read and write

56BD000

trusted library allocation

page read and write

30B0000

heap

page read and write

89B1000

heap

page read and write

DEE000

stack

page read and write

2C0F000

stack

page read and write

8120000

trusted library allocation

page execute and read and write

A0E0000

trusted library allocation

page read and write

13E8000

heap

page read and write

F2E000

stack

page read and write

302E000

stack

page read and write

9F40000

heap

page read and write

7D60000

heap

page read and write

49C7000

trusted library allocation

page read and write

3140000

trusted library allocation

page read and write

300C000

stack

page read and write

F9E000

heap

page read and write

8940000

trusted library allocation

page execute and read and write

FD5000

heap

page read and write

9B2E000

stack

page read and write

7DF0000

trusted library section

page readonly

FB0000

heap

page read and write

89AB000

heap

page read and write

8970000

heap

page read and write

56AE000

trusted library allocation

page read and write

7BF0000

heap

page read and write

4979000

trusted library allocation

page read and write

34FE000

stack

page read and write

12F7000

stack

page read and write

F80000

heap

page read and write

7E20000

heap

page execute and read and write

2A06000

heap

page read and write

7C10000

trusted library allocation

page read and write

E9C000

unkown

page execute and read and write

87DE000

stack

page read and write

A400000

trusted library section

page read and write

30AE000

stack

page read and write

7E00000

heap

page read and write

FFA000

heap

page read and write

8950000

heap

page read and write

E10000

heap

page read and write

117F000

stack

page read and write

313E000

stack

page read and write

5230000

trusted library allocation

page read and write

13E0000

heap

page read and write

1447000

heap

page read and write

A070000

trusted library allocation

page execute and read and write

3200000

trusted library allocation

page read and write

56B1000

trusted library allocation

page read and write

4A63000

trusted library allocation

page read and write

891E000

stack

page read and write

DE2000

unkown

page execute and read and write

35FF000

stack

page read and write

32BE000

stack

page read and write

D30000

stack

page read and write

7CE0000

trusted library allocation

page execute and read and write

56E5000

trusted library allocation

page read and write

1461000

heap

page read and write

4171000

trusted library allocation

page read and write

FC0000

heap

page read and write

9B62000

trusted library allocation

page read and write

379E000

stack

page read and write

7D3E000

stack

page read and write

A12E000

stack

page read and write

A790000

heap

page read and write

1454000

heap

page read and write

7B80000

trusted library allocation

page read and write

1428000

heap

page read and write

30B4000

heap

page read and write

137E000

stack

page read and write

3217000

trusted library allocation

page read and write

1380000

heap

page read and write

142E000

heap

page read and write

13B0000

trusted library allocation

page read and write

13B4000

trusted library allocation

page read and write

F95000

heap

page read and write

7D40000

trusted library allocation

page read and write

306E000

stack

page read and write

DE0000

unkown

page execute and read and write

7DAE000

stack

page read and write

13DA000

trusted library allocation

page execute and read and write

A0E5000

trusted library allocation

page read and write

3150000

trusted library allocation

page read and write

13A0000

trusted library allocation

page read and write

C3A000

stack

page read and write

8960000

heap

page read and write

5690000

trusted library allocation

page read and write

13D0000

trusted library allocation

page read and write

3030000

heap

page read and write

56E0000

trusted library allocation

page read and write

14E9000

heap

page read and write

17EE000

stack

page read and write

13F0000

trusted library allocation

page read and write

389F000

stack

page read and write

FDE000

heap

page read and write

56B6000

trusted library allocation

page read and write

4975000

trusted library allocation

page read and write

34BF000

stack

page read and write

801F000

stack

page read and write

133E000

stack

page read and write

56F0000

heap

page read and write

7BB0000

trusted library allocation

page execute and read and write

8955000

heap

page read and write

56D0000

trusted library allocation

page read and write

7E10000

heap

page read and write

530C000

stack

page read and write

A0C0000

trusted library allocation

page execute and read and write

2FCE000

stack

page read and write

13CD000

trusted library allocation

page execute and read and write

7CF0000

trusted library allocation

page read and write

EB7000

unkown

page execute and read and write

2A0B000

heap

page read and write

101B000

heap

page read and write

A78F000

stack

page read and write

F4A000

stack

page read and write

8930000

trusted library allocation

page read and write

There are 164 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
QSPC03PC230308097.exe

Files

Processes

URLs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportQSPC03PC230308097.exe

Files

Processes

URLs

Registry

Memdumps

IOC Report
QSPC03PC230308097.exe