Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Statement from QNB.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\~DF9449C0319C5371E6.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
 |
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Statement from QNB.exe
|
"C:\Users\user\Desktop\Statement from QNB.exe"
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
21F0000
|
unkown
|
page execute and read and write
|
|
|
|
2230000
|
heap private
|
page read and write
|
|
|
|
7FF5D09A2000
|
unkown image
|
page readonly
|
|
|
|
1FC3A5C0000
|
unkown
|
page read and write
|
|
|
|
1FC3A840000
|
unkown
|
page read and write
|
|
|
|
1FC34FF3000
|
unkown
|
page read and write
|
|
|
|
48A000
|
heap default
|
page read and write
|
|
|
|
7FF5D0D34000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0B39000
|
unkown image
|
page readonly
|
|
|
|
7FF5D09C9000
|
unkown image
|
page readonly
|
|
|
|
1FC3A4E8000
|
unkown
|
page read and write
|
|
|
|
7FF5D0D29000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0BEF000
|
unkown image
|
page readonly
|
|
|
|
1FC3A6D5000
|
unkown
|
page read and write
|
|
|
|
5D204FA000
|
stack
|
page read and write
|
|
|
|
1FC35000000
|
unkown
|
page read and write
|
|
|
|
1FC3A6A1000
|
unkown
|
page read and write
|
|
|
|
7FFB2000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0E04000
|
unkown image
|
page readonly
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
1FC3A6F4000
|
unkown
|
page read and write
|
|
|
|
7FEB0000
|
unkown image
|
page readonly
|
|
|
|
1FC3A661000
|
unkown
|
page read and write
|
|
|
|
1FC3A646000
|
unkown
|
page read and write
|
|
|
|
7DF5DAC00000
|
unkown image
|
page readonly
|
|
|
|
D52B07F000
|
stack
|
page read and write
|
|
|
|
1FC36370000
|
unkown
|
page read and write
|
|
|
|
7FF5D0E33000
|
unkown image
|
page readonly
|
|
|
|
7FF521DF4000
|
unkown image
|
page readonly
|
|
|
|
214FA010000
|
heap default
|
page read and write
|
|
|
|
1FC35918000
|
unkown
|
page read and write
|
|
|
|
5D203F7000
|
stack
|
page read and write
|
|
|
|
7FF5D0D3F000
|
unkown image
|
page readonly
|
|
|
|
214F9FF0000
|
unkown
|
page read and write
|
|
|
|
1FC3A520000
|
unkown
|
page read and write
|
|
|
|
214F9FE0000
|
unkown
|
page read and write
|
|
|
|
1FC3A64D000
|
unkown
|
page read and write
|
|
|
|
D52B0F9000
|
stack
|
page read and write
|
|
|
|
5D20E7F000
|
stack
|
page read and write
|
|
|
|
7FF5D0B32000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0B46000
|
unkown image
|
page readonly
|
|
|
|
1FC3A6FB000
|
unkown
|
page read and write
|
|
|
|
421000
|
unkown image
|
page readonly
|
|
|
|
2410000
|
unkown
|
page read and write
|
|
|
|
D80000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0E07000
|
unkown image
|
page readonly
|
|
|
|
1FC3A700000
|
unkown
|
page read and write
|
|
|
|
7FFD0000
|
unkown image
|
page readonly
|
|
|
|
7FF521E37000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0DF7000
|
unkown image
|
page readonly
|
|
|
|
214FA2E9000
|
heap private
|
page read and write
|
|
|
|
5D207FA000
|
stack
|
page read and write
|
|
|
|
1FC3A640000
|
unkown
|
page read and write
|
|
|
|
1FC3A3C0000
|
unkown
|
page read and write
|
|
|
|
1FC35200000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0D97000
|
unkown image
|
page readonly
|
|
|
|
1FC34E60000
|
unkown image
|
page readonly
|
|
|
|
7FF521D87000
|
unkown image
|
page readonly
|
|
|
|
1FC3A3E0000
|
unkown
|
page read and write
|
|
|
|
421000
|
unkown image
|
page readonly
|
|
|
|
1FC3A6F6000
|
unkown
|
page read and write
|
|
|
|
D52AFF9000
|
stack
|
page read and write
|
|
|
|
1FC3A840000
|
unkown
|
page read and write
|
|
|
|
7FF5D0D8D000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0DFD000
|
unkown image
|
page readonly
|
|
|
|
1FC3A640000
|
unkown
|
page read and write
|
|
|
|
7FF521DE4000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0D53000
|
unkown image
|
page readonly
|
|
|
|
1FC34E30000
|
unkown image
|
page readonly
|
|
|
|
7FF521D89000
|
unkown image
|
page readonly
|
|
|
|
1FC35904000
|
unkown
|
page read and write
|
|
|
|
7FF5D0D9E000
|
unkown image
|
page readonly
|
|
|
|
214FA2E5000
|
heap private
|
page read and write
|
|
|
|
41F000
|
unkown image
|
page read and write
|
|
|
|
1FC35102000
|
unkown
|
page read and write
|
|
|
|
1FC3A6DB000
|
unkown
|
page read and write
|
|
|
|
1FC3A5F0000
|
unkown
|
page read and write
|
|
|
|
214FAD80000
|
unkown
|
page read and write
|
|
|
|
1FC34E10000
|
unkown image
|
page read and write
|
|
|
|
7DF52BBD0000
|
unkown image
|
page readonly
|
|
|
|
7FF506CDB000
|
unkown image
|
page readonly
|
|
|
|
1FC3508F000
|
unkown
|
page read and write
|
|
|
|
470000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0B15000
|
unkown image
|
page readonly
|
|
|
|
7FFC2000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0B80000
|
unkown image
|
page readonly
|
|
|
|
5D206FE000
|
stack
|
page read and write
|
|
|
|
7FF521E37000
|
unkown image
|
page readonly
|
|
|
|
7DF5DABF2000
|
unkown image
|
page readonly
|
|
|
|
480000
|
heap default
|
page read and write
|
|
|
|
214FA062000
|
unkown
|
page read and write
|
|
|
|
7FF5D0BED000
|
unkown image
|
page readonly
|
|
|
|
7DF5DABF0000
|
unkown image
|
page readonly
|
|
|
|
1FC35077000
|
unkown
|
page read and write
|
|
|
|
23F0000
|
heap private
|
page read and write
|
|
|
|
19C000
|
unkown
|
page read and write
|
|
|
|
214F9E50000
|
unkown image
|
page readonly
|
|
|
|
5D1FFAC000
|
unkown
|
page read and write
|
|
|
|
1FC35913000
|
unkown
|
page read and write
|
|
|
|
7FF5D0AFA000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0D4F000
|
unkown image
|
page readonly
|
|
|
|
214F9E10000
|
unkown
|
page read and write
|
|
|
|
7DF52BBD0000
|
unkown image
|
page readonly
|
|
|
|
1FC3A501000
|
unkown
|
page read and write
|
|
|
|
7FF5D0CBE000
|
unkown image
|
page readonly
|
|
|
|
7FFC0000
|
unkown image
|
page readonly
|
|
|
|
1FC35079000
|
unkown
|
page read and write
|
|
|
|
7FF5D0D17000
|
unkown image
|
page readonly
|
|
|
|
214FAB60000
|
unkown
|
page read and write
|
|
|
|
7FF5D0BE7000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0C17000
|
unkown image
|
page readonly
|
|
|
|
214F9F40000
|
unkown
|
page read and write
|
|
|
|
214FA110000
|
unkown image
|
page readonly
|
|
|
|
1FC3A5B0000
|
unkown
|
page read and write
|
|
|
|
1FC34E80000
|
heap default
|
page read and write
|
|
|
|
7FF5D0CC5000
|
unkown image
|
page readonly
|
|
|
|
1FC3A5B0000
|
unkown
|
page read and write
|
|
|
|
1FC3A810000
|
unkown
|
page read and write
|
|
|
|
7FF5D0B08000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0DF1000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page read and write
|
|
|
|
7FF5D0BDA000
|
unkown image
|
page readonly
|
|
|
|
1FC3A3D0000
|
unkown
|
page read and write
|
|
|
|
214FA290000
|
unkown image
|
page readonly
|
|
|
|
7FF521C48000
|
unkown image
|
page readonly
|
|
|
|
1FC3A970000
|
unkown
|
page read and write
|
|
|
|
580000
|
unkown
|
page read and write
|
|
|
|
2B50000
|
unkown
|
page read and write
|
|
|
|
214F9E20000
|
unkown image
|
page readonly
|
|
|
|
7FFB0000
|
unkown image
|
page readonly
|
|
|
|
7FF5217EA000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0E36000
|
unkown image
|
page readonly
|
|
|
|
1FC35029000
|
unkown
|
page read and write
|
|
|
|
1FC3A524000
|
unkown
|
page read and write
|
|
|
|
214FA2C0000
|
unkown
|
page read and write
|
|
|
|
A00000
|
unkown image
|
page readonly
|
|
|
|
1FC35071000
|
unkown
|
page read and write
|
|
|
|
7FF5D0AED000
|
unkown image
|
page readonly
|
|
|
|
1FC34F80000
|
unkown
|
page read and write
|
|
|
|
5A0000
|
heap default
|
page read and write
|
|
|
|
214FA062000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
1FC350A3000
|
unkown
|
page read and write
|
|
|
|
214F9E20000
|
unkown image
|
page readonly
|
|
|
|
1FC35802000
|
unkown
|
page read and write
|
|
|
|
1FC357F0000
|
unkown
|
page read and write
|
|
|
|
1FC34F60000
|
unkown image
|
page readonly
|
|
|
|
7DF429AA0000
|
unkown image
|
page readonly
|
|
|
|
7DF52BBD2000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0CF5000
|
unkown image
|
page readonly
|
|
|
|
1FC35580000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0D86000
|
unkown image
|
page readonly
|
|
|
|
1FC357E0000
|
unkown
|
page read and write
|
|
|
|
2330000
|
unkown
|
page read and write
|
|
|
|
7FF5D0972000
|
unkown image
|
page readonly
|
|
|
|
7FFC0000
|
unkown image
|
page readonly
|
|
|
|
7FF521D44000
|
unkown image
|
page readonly
|
|
|
|
1FC35900000
|
unkown
|
page read and write
|
|
|
|
1FC3A702000
|
unkown
|
page read and write
|
|
|
|
7FF5D0D72000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0E1A000
|
unkown image
|
page readonly
|
|
|
|
7FF521BBC000
|
unkown image
|
page readonly
|
|
|
|
1FC35107000
|
unkown
|
page read and write
|
|
|
|
2400000
|
heap private
|
page read and write
|
|
|
|
590000
|
unkown
|
page execute read
|
|
|
|
2C60000
|
unkown image
|
page read and write
|
|
|
|
2320000
|
heap private
|
page read and write
|
|
|
|
7FF5D0C88000
|
unkown image
|
page readonly
|
|
|
|
D52ABFC000
|
unkown
|
page read and write
|
|
|
|
7DF5DABE0000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0B50000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0D6A000
|
unkown image
|
page readonly
|
|
|
|
1FC3A820000
|
unkown
|
page read and write
|
|
|
|
7FF5217EF000
|
unkown image
|
page readonly
|
|
|
|
1FC3A600000
|
unkown
|
page read and write
|
|
|
|
7FF5D0B7E000
|
unkown image
|
page readonly
|
|
|
|
1FC350FF000
|
unkown
|
page read and write
|
|
|
|
7FF521E23000
|
unkown image
|
page readonly
|
|
|
|
7FFD0000
|
unkown image
|
page readonly
|
|
|
|
1FC3A520000
|
unkown
|
page read and write
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
7FF5D06AE000
|
unkown image
|
page readonly
|
|
|
|
7FF521AF2000
|
unkown image
|
page readonly
|
|
|
|
1FC35095000
|
unkown
|
page read and write
|
|
|
|
7FF5D0AB8000
|
unkown image
|
page readonly
|
|
|
|
1FC3A6EC000
|
unkown
|
page read and write
|
|
|
|
7FF521D76000
|
unkown image
|
page readonly
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
7FF521D2F000
|
unkown image
|
page readonly
|
|
|
|
1FC3A500000
|
unkown
|
page read and write
|
|
|
|
1FC35815000
|
unkown
|
page read and write
|
|
|
|
21D0000
|
unkown image
|
page readonly
|
|
|
|
1FC34E20000
|
heap private
|
page read and write
|
|
|
|
7DF5DABF0000
|
unkown image
|
page readonly
|
|
|
|
1FC34E50000
|
unkown image
|
page readonly
|
|
|
|
1FC3A510000
|
unkown
|
page read and write
|
|
|
|
214F9FD0000
|
unkown
|
page read and write
|
|
|
|
D90000
|
unkown image
|
page readonly
|
|
|
|
214FA018000
|
heap default
|
page read and write
|
|
|
|
D52AF79000
|
stack
|
page read and write
|
|
|
|
2C50000
|
heap private
|
page read and write
|
|
|
|
214FA05B000
|
unkown
|
page read and write
|
|
|
|
214FA500000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0C81000
|
unkown image
|
page readonly
|
|
|
|
7DF5DABE2000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0DF4000
|
unkown image
|
page readonly
|
|
|
|
214FA2D0000
|
unkown
|
page readonly
|
|
|
|
1FC35400000
|
unkown image
|
page readonly
|
|
|
|
7FF521DFB000
|
unkown image
|
page readonly
|
|
|
|
7FF521671000
|
unkown image
|
page readonly
|
|
|
|
1FC34FF0000
|
unkown
|
page read and write
|
|
|
|
7FF5216B1000
|
unkown image
|
page readonly
|
|
|
|
7FF521C61000
|
unkown image
|
page readonly
|
|
|
|
7FF5D09BC000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0D99000
|
unkown image
|
page readonly
|
|
|
|
7DF5DABF2000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0CB1000
|
unkown image
|
page readonly
|
|
|
|
214FA020000
|
heap default
|
page read and write
|
|
|
|
7FF5D0BEA000
|
unkown image
|
page readonly
|
|
|
|
1FC3A69E000
|
unkown
|
page read and write
|
|
|
|
5D205F9000
|
stack
|
page read and write
|
|
|
|
D52B17F000
|
stack
|
page read and write
|
|
|
|
214F9F60000
|
unkown
|
page read and write
|
|
|
|
7FF521E26000
|
unkown image
|
page readonly
|
|
|
|
7FF5217E8000
|
unkown image
|
page readonly
|
|
|
|
1FC35091000
|
unkown
|
page read and write
|
|
|
|
214FADD0000
|
unkown
|
page read and write
|
|
|
|
7DF52BBD2000
|
unkown image
|
page readonly
|
|
|
|
214FA2E0000
|
heap private
|
page read and write
|
|
|
|
1FC35959000
|
unkown
|
page read and write
|
|
|
|
214F9E00000
|
unkown image
|
page read and write
|
|
|
|
1FC35902000
|
unkown
|
page read and write
|
|
|
|
5D208FB000
|
stack
|
page read and write
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
1FC35114000
|
unkown
|
page read and write
|
|
|
|
214F9E40000
|
unkown image
|
page readonly
|
|
|
|
4A1000
|
heap default
|
page read and write
|
|
|
|
7FF521E0A000
|
unkown image
|
page readonly
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
1FC3A800000
|
unkown
|
page read and write
|
|
|
|
1FC3A504000
|
unkown
|
page read and write
|
|
|
|
7FF5D0D41000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0657000
|
unkown image
|
page readonly
|
|
|
|
1FC35918000
|
unkown
|
page read and write
|
|
|
|
7FF5D0629000
|
unkown image
|
page readonly
|
|
|
|
2C0000
|
unkown
|
page read and write
|
|
|
|
7FF521678000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0E42000
|
unkown image
|
page readonly
|
|
|
|
1FC3A840000
|
unkown
|
page read and write
|
|
|
|
7FF5D0BA4000
|
unkown image
|
page readonly
|
|
|
|
1FC3503D000
|
unkown
|
page read and write
|
|
|
|
214FA035000
|
heap default
|
page read and write
|
|
|
|
7DF52BBE0000
|
unkown image
|
page readonly
|
|
|
|
7FF521DE7000
|
unkown image
|
page readonly
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
214FAD70000
|
unkown
|
page read and write
|
|
|
|
7FF5D0B8B000
|
unkown image
|
page readonly
|
|
|
|
1FC350B2000
|
unkown
|
page read and write
|
|
|
|
1FC35102000
|
unkown
|
page read and write
|
|
|
|
214FA062000
|
unkown
|
page read and write
|
|
|
|
1FC34E30000
|
unkown image
|
page readonly
|
|
|
|
1FC35800000
|
unkown
|
page read and write
|
|
|
|
1FC3A4E0000
|
unkown
|
page read and write
|
|
|
|
7FF5D0C03000
|
unkown image
|
page readonly
|
|
|
|
7DF5DABE2000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0D5D000
|
unkown image
|
page readonly
|
|
|
|
1FC3507B000
|
unkown
|
page read and write
|
|
|
|
1FC3A510000
|
unkown
|
page read and write
|
|
|
|
7FF521AA5000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0D20000
|
unkown image
|
page readonly
|
|
|
|
1FC35058000
|
unkown
|
page read and write
|
|
|
|
1FC35013000
|
unkown
|
page read and write
|
|
|
|
23F9000
|
heap private
|
page read and write
|
|
|
|
1FC3A5B0000
|
unkown
|
page read and write
|
|
|
|
7FFC2000
|
unkown image
|
page readonly
|
|
|
|
9B000
|
unkown
|
page read and write
|
|
|
|
7DF5DAC00000
|
unkown image
|
page readonly
|
|
|
|
1FC3A623000
|
unkown
|
page read and write
|
|
|
|
1FC35EF0000
|
unkown
|
page read and write
|
|
|
|
7FF5D0BF3000
|
unkown image
|
page readonly
|
|
|
|
214F9F80000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0B1F000
|
unkown image
|
page readonly
|
|
|
|
214FA700000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0D66000
|
unkown image
|
page readonly
|
|
|
|
7FF521D56000
|
unkown image
|
page readonly
|
|
|
|
7DF52BBF0000
|
unkown image
|
page readonly
|
|
|
|
1FC3A630000
|
unkown
|
page read and write
|
|
|
|
7FF521DE1000
|
unkown image
|
page readonly
|
|
|
|
7DF52BBE0000
|
unkown image
|
page readonly
|
|
|
|
7FF506CDB000
|
unkown image
|
page readonly
|
|
|
|
7FF521DF7000
|
unkown image
|
page readonly
|
|
|
|
7DF5DABE0000
|
unkown image
|
page readonly
|
|
|
|
21C0000
|
unkown
|
page read and write
|
|
|
|
7DF52BBF0000
|
unkown image
|
page readonly
|
|
|
|
7FF521DED000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0ABA000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0D14000
|
unkown image
|
page readonly
|
|
|
|
1FC3A616000
|
unkown
|
page read and write
|
|
|
|
1FC3A930000
|
unkown
|
page read and write
|
|
|
|
7FFB2000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0D24000
|
unkown image
|
page readonly
|
|
|
|
1F0000
|
unkown
|
page read and write
|
|
|
|
7DF52BBE2000
|
unkown image
|
page readonly
|
|
|
|
7DF52BBE2000
|
unkown image
|
page readonly
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
2240000
|
unkown image
|
page read and write
|
|
|
|
1FC3A4EE000
|
unkown
|
page read and write
|
|
|
|
1FC350A1000
|
unkown
|
page read and write
|
|
|
|
7DF4D8AB0000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0D08000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0AF3000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0E47000
|
unkown image
|
page readonly
|
|
|
|
214FA2F0000
|
unkown
|
page read and write
|
|
|
|
7FF5D0B4A000
|
unkown image
|
page readonly
|
|
|
|
C00000
|
unkown image
|
page readonly
|
|
|
|
3060000
|
unkown image
|
page readonly
|
|
|
|
7FF521C78000
|
unkown image
|
page readonly
|
|
|
|
2BC000
|
unkown
|
page read and write
|
|
|
|
1FC3A630000
|
unkown
|
page read and write
|
|
|
|
7FF5D0B44000
|
unkown image
|
page readonly
|
|
|
|
1FC350FF000
|
unkown
|
page read and write
|
|
|
|
7FF521D7D000
|
unkown image
|
page readonly
|
|
|
|
1FC35959000
|
unkown
|
page read and write
|
|
|
|
1FC3A4E0000
|
unkown
|
page read and write
|
|
|
|
7FFB0000
|
unkown image
|
page readonly
|
|
|
|
7FF521C71000
|
unkown image
|
page readonly
|
|
There are 316 hidden memdumps, click here to show them.