IOC Report
QMassAutoQContours81.exe

loading gif

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\QMassAutoQContours81.exe
"C:\Users\user\Desktop\QMassAutoQContours81.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
http://exslt.org/strings
unknown
http://exslt.org/setsdifferenceintersectiondistincthas-same-nodeleadingtrailingexsltFuncRegisterFunc
unknown
http://icl.com/saxonFound
unknown
http://exslt.org/cryptomd4md5sha1rc4_encryptrc4_decryptmath:min:
unknown
http://exslt.org/stringstokenizesplitencode-uridecode-uripaddingJanuaryFebruaryMarchAprilMayJuneJuly
unknown
http://exslt.org/common
unknown
http://exslt.org/dates-and-times
unknown
http://exslt.org/crypto
unknown
http://xmlsoft.org/XSLT/
unknown
http://xmlsoft.org/XSLT/namespace
unknown
http://exslt.org/math
unknown
http://xmlsoft.org/XSLT/test10132
unknown
http://www.jclark.com/xt
unknown
http://dicom.offis.de/dcmtk
unknown
http://icl.com/saxon
unknown
http://www.winimage.com/zLibDllqiodevice_seek_file_func()
unknown
http://exslt.org/dynamic
unknown
http://www.winimage.com/zLibDll
unknown
http://www.winimage.com/zLibDll1.2.11
unknown
http://relaxng.org/ns/structure/1.0
unknown
http://exslt.org/functions
unknown
http://exslt.org/sets
unknown
http://xmlsoft.org/XSLT/namespacenode-setdebugFile
unknown
http://dicom.nema.org/PS3.19/models/NativeDICOM
unknown
http://exslt.org/commonhttp://www.jclark.com/xtxsltSortComp:
unknown
http://exslt.org/dates-and-timesaddadd-durationdate-timeday-abbreviationday-in-monthday-in-weekday-i
unknown
There are 16 hidden URLs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7FF64B717000
unkown
page write copy
5462D7C000
stack
page read and write
7FF64B23F000
unkown
page readonly
7FF64A150000
unkown
page readonly
7FF64B706000
unkown
page write copy
7FF64A150000
unkown
page readonly
1A8B9A20000
heap
page read and write
7FF64B245000
unkown
page readonly
7FF64B7A9000
unkown
page readonly
7FF64A151000
unkown
page execute read
54630FE000
stack
page read and write
7FF64AB51000
unkown
page execute read
54632FE000
stack
page read and write
7FF64B706000
unkown
page write copy
7FF64B23F000
unkown
page read and write
1A8B9830000
heap
page read and write
7FF64AB51000
unkown
page execute read
7FF64B7A9000
unkown
page readonly
7FF64B716000
unkown
page read and write
1A8B9940000
heap
page read and write
1A8B983C000
heap
page read and write
7FF64A151000
unkown
page execute read
54631FF000
stack
page read and write
There are 13 hidden memdumps, click here to show them.