Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

q3oUuJIXkc.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.8779499305543865
Filename:	q3oUuJIXkc.exe
Filesize:	7732440
MD5:	2239a58cc93fd94dc2806ce7f6af0a0b
SHA1:	f09eb7d69bc7440d3d45e14267236a78ac789fcb
SHA256:	682abd62b6e3c0e8ca57f079cd96f2d3848752eaf7002bdf57bfb512bd242811
SHA512:	f77c16626a0e17ff79b95f9fded6a365f913896c89baf76d16bcc8706f3ad10a9476c7cbd3f235250b936171c6e958e145c402952506dc0e434a4f911c99fe02
SSDEEP:	196608:U+rNR2F7EU+iE09OKsRk3PdM+i+8lHFL9AYS:/RWEU+1OP6+X+oYS
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........XH..6...6...6...5...6...3.a.6...2...6.(.2...6.(.5...6.(.3...6...7...6...7.\.6.f.?...6.f.....6.f.4...6.Rich..6.........PE..L..

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Hides threads from debuggers	Anti Debugging	Security Software Discovery
Overwrites code with unconditional jumps - possibly settings hooks in foreign process	Hooking and other Techniques for Hiding and Protection	Credential API Hooking
Tries to evade analysis by execution special instruction (VM detection)	Malware Analysis System Evasion
Tries to detect virtualization through RDTSC time measurements	Malware Analysis System Evasion	System Information Discovery
PE file contains section with special chars	System Summary
Uses 32bit PE files	Compliance, System Summary	Masquerading
PE file contains sections with non-standard names	Data Obfuscation
Creates a DirectInput object (often for capturing keystrokes)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Sample file is different than original file name gathered from version info	System Summary
Drops PE files	Persistence and Installation Behavior
Checks if the current process is being debugged	Anti Debugging
PE / OLE file has an invalid certificate	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Reads software policies	System Summary
Uses an in-process (OLE) Automation server	System Summary
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Reads ini files	System Summary	File and Directory Discovery
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cred64[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cred64[1].dll
Category:	dropped
Dump:	cred64[1].dll.1.dr
ID:	dr_3
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\03bd543fce\gntuud.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	7.9708080300718365
Encrypted:	false
Ssdeep:	196608:ZQoqS56OZEssxxpKIIue41Cf7sgZz6kmAZQ/9RWB0:dMOevKiB1CfQgplmz/9a0
Size:	7705824
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

C:\Users\user\AppData\Local\Temp\03bd543fce\gntuud.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\03bd543fce\gntuud.exe
Category:	dropped
Dump:	gntuud.exe.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\q3oUuJIXkc.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.8779499305543865
Encrypted:	false
Ssdeep:	196608:U+rNR2F7EU+iE09OKsRk3PdM+i+8lHFL9AYS:/RWEU+1OP6+X+oYS
Size:	7732440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Creates an undocumented autostart registry key	Boot Survival	Registry Run Keys / Startup Folder
Hides threads from debuggers	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Overwrites code with unconditional jumps - possibly settings hooks in foreign process	Hooking and other Techniques for Hiding and Protection	Credential API Hooking
Uses schtasks.exe or at.exe to add and modify task schedules	Boot Survival	Scheduled Task/Job
Abnormal high CPU Usage	System Summary
Checks if the current process is being debugged	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample execution stops while process was sleeping (likely an evasion)	Malware Analysis System Evasion
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Temp\03bd543fce\gntuud.exe:Zone.Identifier

ASCII text, with CRLF line terminators

modified

Details

File:	C:\Users\user\AppData\Local\Temp\03bd543fce\gntuud.exe:Zone.Identifier
Category:	modified
Dump:	gntuud.exe_Zone.Identifier.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\q3oUuJIXkc.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	3.95006375643621
Encrypted:	false
Ssdeep:	3:ggPYV:rPYV
Size:	26
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Creates an undocumented autostart registry key	Boot Survival	Registry Run Keys / Startup Folder
Hides threads from debuggers	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Overwrites code with unconditional jumps - possibly settings hooks in foreign process	Hooking and other Techniques for Hiding and Protection	Credential API Hooking
Uses schtasks.exe or at.exe to add and modify task schedules	Boot Survival	Scheduled Task/Job
Abnormal high CPU Usage	System Summary
Checks if the current process is being debugged	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample execution stops while process was sleeping (likely an evasion)	Malware Analysis System Evasion
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Roaming\c33e9ad058e5d3\cred64.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Roaming\c33e9ad058e5d3\cred64.dll
Category:	dropped
Dump:	cred64.dll.1.dr
ID:	dr_4
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\03bd543fce\gntuud.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	7.9708080300718365
Encrypted:	false
Ssdeep:	196608:ZQoqS56OZEssxxpKIIue41Cf7sgZz6kmAZQ/9RWB0:dMOevKiB1CfQgplmz/9a0
Size:	7705824
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Temp\853321935212

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\853321935212
Category:	dropped
Dump:	853321935212.1.dr
ID:	dr_2
Target ID:	1
Process:	C:\Users\user\AppData\Local\Temp\03bd543fce\gntuud.exe
Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
Entropy:	7.930938749687084
Encrypted:	false
Ssdeep:	1536:C+HaFexHpq4LV97q5wQq23vv5C4bndDT4vSxJu0VdNjEfYcnF4MXRWNt9bsdjogU:xt/q4xlnQqF0VrX5XrMXWAksu6rGu01
Size:	106755
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

\Device\ConDrv

ASCII text, with no line terminators

dropped

Details

File:	\Device\ConDrv
Category:	dropped
Dump:	ConDrv.11.dr
ID:	dr_8
Target ID:	11
Process:	C:\Windows\SysWOW64\cacls.exe
Type:	ASCII text, with no line terminators
Entropy:	3.240223928941852
Encrypted:	false
Ssdeep:	3:o3F:o1
Size:	15
Whitelisted:	false
Reputation:	timeout

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\q3oUuJIXkc.exe

C:\Users\user\AppData\Local\Temp\03bd543fce\gntuud.exe

"C:\Users\user\AppData\Local\Temp\03bd543fce\gntuud.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN gntuud.exe /TR "C:\Users\user\AppData\Local\Temp\03bd543fce\gntuud.exe" /F

C:\Users\user\AppData\Local\Temp\03bd543fce\gntuud.exe

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c33e9ad058e5d3\cred64.dll, Main

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "gntuud.exe" /P "user:N"&&CACLS "gntuud.exe" /P "user:R" /E&&echo Y|CACLS "..\03bd543fce" /P "user:N"&&CACLS "..\03bd543fce" /P "user:R" /E&&Exit

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo Y"

C:\Windows\SysWOW64\cacls.exe

CACLS "gntuud.exe" /P "user:N"

C:\Windows\SysWOW64\cacls.exe

CACLS "gntuud.exe" /P "user:R" /E

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo Y"

C:\Windows\SysWOW64\cacls.exe

CACLS "..\03bd543fce" /P "user:N"

C:\Windows\SysWOW64\cacls.exe

CACLS "..\03bd543fce" /P "user:R" /E

There are 4 hidden processes, click here to show them.

URLs

Name

Malicious

85.209.135.109/jg94cVd30f/index.php

http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t

unknown

http://85.209.135.109/jg94cVd30f/index.phpj

unknown

https://sectigo.com/CPS0

unknown

http://85.209.135.109/jg94cVd30f/index.php

unknown

http://ocsp.sectigo.com0

unknown

http://85.209.135.109/jg94cVd30f/index.phpF

unknown

http://85.209.135.109/jg94cVd30f/index.php?scr=1

unknown

http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#

unknown

http://85.209.135.109/jg94cVd30f/index.phpb

unknown

http://85.209.135.109/jg94cVd30f/index.php58e5d3

unknown

http://85.209.135.109/jg94cVd30f/index.phpd3

unknown

http://85.209.135.109/jg94cVd30f/index.phpz

unknown

http://85.209.135.109/jg94cVd30f/index.phpv

unknown

http://85.209.135.109/jg94cVd30f/index.phpR

unknown

http://85.209.135.109/jg94cVd30f/index.php0

unknown

There are 6 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

85.209.135.109

unknown

Germany

Details

IP:	85.209.135.109
TargetID:	1
Current Path:	C:\Users\user\AppData\Local\Temp\03bd543fce\gntuud.exe
Country:	Germany
Countrycode:	DEU
ASN number:	33657
ASN name:	CMCSUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Found malware configuration	AV Detection
URLs found in memory or binary data	Networking

192.168.2.4

unknown

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

Startup

Memdumps

Base Address

Regiontype

Protect

Malicious

71000

unkown

page execute read

1281000

unkown

page execute read

EAD000

heap

page read and write

34D0000

trusted library allocation

page read and write

CD4000

heap

page read and write

857000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

C01000

heap

page read and write

C01000

heap

page read and write

C01000

heap

page read and write

CB7000

heap

page read and write

11C4000

heap

page read and write

52E5000

trusted library allocation

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

794000

heap

page read and write

C01000

heap

page read and write

52E0000

trusted library allocation

page read and write

1EFF000

stack

page read and write

1ED92A38000

heap

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

CD4000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

EEA000

heap

page read and write

CD4000

heap

page read and write

FF0000

heap

page read and write

C01000

heap

page read and write

9F0000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

51D1000

trusted library allocation

page read and write

C01000

heap

page read and write

2D00000

heap

page read and write

740000

trusted library allocation

page read and write

33A1000

heap

page read and write

3346000

heap

page read and write

11C4000

heap

page read and write

12AF000

unkown

page readonly

33A1000

heap

page read and write

CD4000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

374F000

stack

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

D90000

heap

page read and write

11C4000

heap

page read and write

52E2000

trusted library allocation

page read and write

D8F000

stack

page read and write

C01000

heap

page read and write

453A000

heap

page read and write

1ED92C10000

trusted library allocation

page read and write

4930000

trusted library allocation

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

857000

heap

page read and write

138E000

heap

page read and write

CD4000

heap

page read and write

C01000

heap

page read and write

324E000

stack

page read and write

11C4000

heap

page read and write

D3A000

heap

page read and write

CD4000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

F3E000

stack

page read and write

33A1000

heap

page read and write

52E1000

trusted library allocation

page read and write

388F000

stack

page read and write

AF98079000

stack

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

11C5000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

4ACA000

heap

page read and write

334E000

stack

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

790000

heap

page read and write

11C4000

heap

page read and write

107F000

stack

page read and write

C01000

heap

page read and write

BE0000

trusted library allocation

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

F20000

heap

page read and write

C01000

heap

page read and write

4A80000

heap

page read and write

F7E000

stack

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

2EC0000

heap

page read and write

4B10000

heap

page read and write

51D1000

trusted library allocation

page read and write

857000

heap

page read and write

378E000

stack

page read and write

33A1000

heap

page read and write

63A000

stack

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

CD4000

heap

page read and write

431A000

heap

page read and write

1170000

trusted library allocation

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

379F000

stack

page read and write

52E0000

trusted library allocation

page read and write

9CB000

stack

page read and write

11C4000

heap

page read and write

360000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

4240000

heap

page read and write

F27000

heap

page read and write

CD0000

heap

page read and write

DDF000

stack

page read and write

51D1000

trusted library allocation

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C5000

heap

page read and write

169D000

unkown

page execute read

9E0000

trusted library allocation

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

DC0000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

1ED92CC0000

trusted library allocation

page read and write

11C4000

heap

page read and write

1280000

unkown

page readonly

11C4000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

BF0000

trusted library allocation

page read and write

CD4000

heap

page read and write

CE0000

trusted library allocation

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

CD6000

heap

page read and write

11C4000

heap

page read and write

11C5000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C0000

heap

page read and write

33A1000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

169D000

unkown

page execute read

11C4000

heap

page read and write

11C4000

heap

page read and write

52E3000

trusted library allocation

page read and write

11C4000

heap

page read and write

5140000

heap

page read and write

11C5000

heap

page read and write

CD4000

heap

page read and write

33A1000

heap

page read and write

1ED92D70000

heap

page read and write

51D1000

trusted library allocation

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

9AE000

stack

page read and write

33A1000

heap

page read and write

11C5000

heap

page read and write

CD4000

heap

page read and write

4A8A000

heap

page read and write

11C4000

heap

page read and write

794000

heap

page read and write

1ED92C80000

trusted library allocation

page read and write

794000

heap

page read and write

841000

heap

page read and write

11C4000

heap

page read and write

10D0000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

FBE000

stack

page read and write

4B20000

heap

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

CD4000

heap

page read and write

51D1000

trusted library allocation

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

360F000

stack

page read and write

C01000

heap

page read and write

4B2A000

heap

page read and write

FF0000

trusted library allocation

page read and write

AF9817E000

stack

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

33A1000

heap

page read and write

39CC000

stack

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

D6A000

heap

page read and write

FF6000

heap

page read and write

51D1000

trusted library allocation

page read and write

11C4000

heap

page read and write

11C5000

heap

page read and write

EBE000

heap

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

51D1000

trusted library allocation

page read and write

11C4000

heap

page read and write

105E000

stack

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

F0E000

stack

page read and write

D76000

heap

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

E0A000

heap

page read and write

1ED92CD0000

heap

page readonly

51D1000

trusted library allocation

page read and write

33A1000

heap

page read and write

51D1000

trusted library allocation

page read and write

51D1000

trusted library allocation

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

4B8B000

trusted library allocation

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

11C5000

heap

page read and write

11C4000

heap

page read and write

48D000

unkown

page execute read

33A1000

heap

page read and write

9F0000

trusted library allocation

page read and write

C01000

heap

page read and write

9DE000

stack

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

9F000

unkown

page readonly

3820000

heap

page read and write

51D1000

trusted library allocation

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

1ED92D80000

trusted library allocation

page read and write

C01000

heap

page read and write

1160000

heap

page read and write

33A1000

heap

page read and write

33A1000

heap

page read and write

CB0000

heap

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

C01000

heap

page read and write

C01000

heap

page read and write

B3D000

stack

page read and write

8FD000

stack

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

424A000

heap

page read and write

1ED92A7D000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

9EF000

stack

page read and write

BF0000

heap

page read and write

11C5000

heap

page read and write

C01000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

C01000

heap

page read and write

9A0000

trusted library allocation

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

D9A000

heap

page read and write

CD4000

heap

page read and write

820000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

EFE000

stack

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

F5C000

stack

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

11C5000

heap

page read and write

4310000

heap

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

48D000

unkown

page execute read

11C5000

heap

page read and write

41D0000

heap

page read and write

11C4000

heap

page read and write

1ED92940000

heap

page read and write

C00000

heap

page read and write

858000

heap

page read and write

CD4000

heap

page read and write

A9000

unkown

page read and write

493F000

trusted library allocation

page read and write

3831000

heap

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

33A1000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

48D000

unkown

page execute read

C01000

heap

page read and write

70000

unkown

page readonly

858000

heap

page read and write

11C5000

heap

page read and write

CD4000

heap

page read and write

4240000

heap

page read and write

33A1000

heap

page read and write

1ED93870000

trusted library allocation

page read and write

CD4000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

C40000

trusted library allocation

page read and write

51D1000

trusted library allocation

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

70000

unkown

page readonly

4F10000

trusted library allocation

page read and write

33A1000

heap

page read and write

52E3000

trusted library allocation

page read and write

AF98279000

stack

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

3340000

heap

page read and write

10FE000

stack

page read and write

11C5000

heap

page read and write

D0F000

stack

page read and write

11C4000

heap

page read and write

51D1000

trusted library allocation

page read and write

11C4000

heap

page read and write

920000

heap

page read and write

33A1000

heap

page read and write

C01000

heap

page read and write

C01000

heap

page read and write

D30000

heap

page read and write

9D0000

trusted library allocation

page read and write

33A1000

heap

page read and write

13C1000

heap

page read and write

1280000

unkown

page readonly

1ED92CF0000

trusted library allocation

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

51D1000

trusted library allocation

page read and write

11C4000

heap

page read and write

1280000

unkown

page readonly

1ED92D40000

trusted library allocation

page read and write

C01000

heap

page read and write

2D01000

heap

page read and write

1067000

heap

page read and write

4F50000

direct allocation

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

890000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

169D000

unkown

page execute read

33A1000

heap

page read and write

8CD000

stack

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

52E6000

trusted library allocation

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

1ED92A7D000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

1ED92A76000

heap

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

81F000

stack

page read and write

C01000

heap

page read and write

33A1000

heap

page read and write

33A1000

heap

page read and write

1060000

heap

page read and write

D70000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

4F40000

heap

page read and write

2D01000

heap

page read and write

11C5000

heap

page read and write

C01000

heap

page read and write

C01000

heap

page read and write

AF97C8C000

stack

page read and write

4EF0000

heap

page read and write

33A1000

heap

page read and write

11C5000

heap

page read and write

C01000

heap

page read and write

33A1000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

12DC000

trusted library allocation

page read and write

E30000

heap

page read and write

CD4000

heap

page read and write

33A1000

heap

page read and write

10E1000

heap

page read and write

11C5000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

CD4000

heap

page read and write

364E000

stack

page read and write

12BE000

unkown

page execute read

C01000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

33A1000

heap

page read and write

136A000

heap

page read and write

33A1000

heap

page read and write

33A1000

heap

page read and write

10B0000

trusted library allocation

page read and write

11C4000

heap

page read and write

F30000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

EBE000

stack

page read and write

AF981F9000

stack

page read and write

11C4000

heap

page read and write

11C5000

heap

page read and write

90C000

stack

page read and write

4AC0000

heap

page read and write

2D01000

heap

page read and write

33A1000

heap

page read and write

4AD0000

heap

page read and write

33A1000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

33A1000

heap

page read and write

1014000

heap

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

C01000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

12E5000

unkown

page read and write

11C4000

heap

page read and write

52E2000

trusted library allocation

page read and write

34CE000

stack

page read and write

10D7000

heap

page read and write

AF980F9000

stack

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

E86000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

1ED92AA0000

heap

page read and write

93C000

stack

page read and write

C01000

heap

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

11C5000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

4530000

heap

page read and write

C01000

heap

page read and write

CD4000

heap

page read and write

99E000

stack

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C5000

heap

page read and write

B85000

unkown

page readonly

1D95000

unkown

page readonly

CAE000

stack

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

103E000

stack

page read and write

D4E000

stack

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

C01000

heap

page read and write

CD4000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

1ED92D79000

heap

page read and write

33A1000

heap

page read and write

C01000

heap

page read and write

175E000

stack

page read and write

B7C000

stack

page read and write

1ED929D0000

heap

page read and write

1D95000

unkown

page readonly

52E9000

trusted library allocation

page read and write

11C4000

heap

page read and write

C30000

trusted library allocation

page read and write

33A1000

heap

page read and write

424A000

heap

page read and write

C60000

heap

page read and write

CD4000

heap

page read and write

41DA000

heap

page read and write

B85000

unkown

page readonly

794000

heap

page read and write

9F7000

heap

page read and write

33A1000

heap

page read and write

EE6000

heap

page read and write

11C4000

heap

page read and write

82A000

heap

page read and write

CD4000

heap

page read and write

98D000

stack

page read and write

1ED92CE0000

trusted library allocation

page read and write

11C4000

heap

page read and write

1ED92A77000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

C01000

heap

page read and write

AE000

unkown

page execute read

DB000

unkown

page execute read

11C4000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

BE0000

heap

page read and write

CD4000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

95E000

stack

page read and write

C01000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

AD0000

heap

page read and write

FFE000

stack

page read and write

33A1000

heap

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

51D1000

trusted library allocation

page read and write

E5D000

stack

page read and write

33A1000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

F7F000

stack

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

4B20000

heap

page read and write

11C4000

heap

page read and write

11C5000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

33A1000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

4ADA000

heap

page read and write

11C5000

heap

page read and write

33A1000

heap

page read and write

33A1000

heap

page read and write

52E0000

trusted library allocation

page read and write

D90000

heap

page read and write

11C4000

heap

page read and write

1D95000

unkown

page readonly

C01000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

41DA000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

350E000

stack

page read and write

D4E000

stack

page read and write

CD4000

heap

page read and write

33CD000

stack

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

794000

heap

page read and write

12B9000

unkown

page read and write

11C4000

heap

page read and write

794000

heap

page read and write

D00000

heap

page read and write

11C5000

heap

page read and write

51D1000

trusted library allocation

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

1230000

trusted library allocation

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

51D1000

trusted library allocation

page read and write

C01000

heap

page read and write

4B2A000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

12EB000

unkown

page execute read

CD4000

heap

page read and write

C01000

heap

page read and write

33A1000

heap

page read and write

E00000

heap

page read and write

4F50000

trusted library allocation

page read and write

CD4000

heap

page read and write

C01000

heap

page read and write

E7C000

stack

page read and write

52E4000

trusted library allocation

page read and write

3CC000

stack

page read and write

3831000

heap

page read and write

CD4000

heap

page read and write

CD4000

heap

page read and write

33A1000

heap

page read and write

C01000

heap

page read and write

33A1000

heap

page read and write

11C5000

heap

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

12CE000

stack

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

1ED92A7E000

heap

page read and write

33A1000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

794000

heap

page read and write

1ED92C20000

trusted library allocation

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

CD4000

heap

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

1ED92D75000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

1ED92A30000

heap

page read and write

33A1000

heap

page read and write

33A1000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

33A1000

heap

page read and write

DCA000

heap

page read and write

11C4000

heap

page read and write

FEE000

stack

page read and write

33A1000

heap

page read and write

860000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

41D0000

heap

page read and write

3800000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

51D1000

trusted library allocation

page read and write

33A1000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

7DE000

stack

page read and write

C01000

heap

page read and write

4F45000

heap

page read and write

CD4000

heap

page read and write

1014000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

D5000

unkown

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

C01000

heap

page read and write

11C5000

heap

page read and write

D60000

heap

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

1ED92950000

trusted library allocation

page read and write

CD4000

heap

page read and write

9F0000

trusted library allocation

page read and write

1360000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

3830000

heap

page read and write

FBF000

stack

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

33A1000

heap

page read and write

CD4000

heap

page read and write

52EB000

trusted library allocation

page read and write

52EC000

trusted library allocation

page read and write

114E000

stack

page read and write

3380000

heap

page read and write

1ED92A96000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

1ED929B0000

heap

page read and write

33A1000

heap

page read and write

33A1000

heap

page read and write

CD4000

heap

page read and write

52E4000

trusted library allocation

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

CD4000

heap

page read and write

EC8000

heap

page read and write

F79000

stack

page read and write

33A1000

heap

page read and write

4B1A000

heap

page read and write

CD4000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

38CE000

stack

page read and write

C01000

heap

page read and write

11C4000

heap

page read and write

1ED92A40000

heap

page read and write

CD4000

heap

page read and write

EE5000

heap

page read and write

1010000

heap

page read and write

E37000

heap

page read and write

CD4000

heap

page read and write

33A1000

heap

page read and write

11C4000

heap

page read and write

794000

heap

page read and write

There are 820 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
q3oUuJIXkc.exe

Files

Processes

URLs

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportq3oUuJIXkc.exe

Files

Processes

URLs

IPs

Registry

Memdumps

IOC Report
q3oUuJIXkc.exe