IOC Report
zUKf62kgkm.exe

loading gifFilesProcessesURLsDomainsIPsMemdumps321010010Label

Files

File Path
Type
Category
Malicious
Download
zUKf62kgkm.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\ProgramData\AKEGHIJJEHJDGCBFHCGI
ASCII text, with very long lines (1809), with CRLF line terminators
dropped
C:\ProgramData\CAEHJEBKFCAKKFIEHDBFIEHDHI
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\EBKEHJJD
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\IJKJDAFHJDHIEBGCFIDB
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\KEHDBAEGIIIEBGCAAFHIDHDBFB
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\KFIDBAFH
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\KJDHCAFCGDAAKEBFIJDG
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm
data
dropped
Chrome Cache Entry: 74
Unicode text, UTF-8 text, with very long lines (1052)
downloaded
Chrome Cache Entry: 75
ASCII text, with very long lines (2410)
downloaded
Chrome Cache Entry: 76
ASCII text
downloaded
Chrome Cache Entry: 77
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 78
ASCII text, with very long lines (1395)
downloaded
Chrome Cache Entry: 79
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 80
SVG Scalable Vector Graphics image
downloaded
There are 20 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\zUKf62kgkm.exe
"C:\Users\user\Desktop\zUKf62kgkm.exe"
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=2528,i,2355188504449456598,833099339699259171,262144 /prefetch:8
malicious

URLs

Name
IP
Malicious
http://185.215.113.206/
185.215.113.206
malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
http://185.215.113.206/c4becf79229cb002.phpY
unknown
https://duckduckgo.com/ac/?q=
unknown
http://www.broofa.com
unknown
http://185.215.113.206/c4becf79229cb002.phpe
unknown
http://185.215.113.206/c4becf79229cb002.phpf
unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
unknown
http://185.215.113.206/c4becf79229cb002.phpi
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dll5
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dlll
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0
142.250.186.78
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
http://185.215.113.206/c4becf79229cb002.phprowser
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dll
185.215.113.206
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.186.132
https://apis.google.com
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dllg
unknown
https://domains.google.com/suggest/flow
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
unknown
http://www.sqlite.org/copyright.html.
unknown
185.215.113.206/c4becf79229cb002.php
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dllh
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dll
185.215.113.206
http://185.215.113.206/c4becf79229cb002.php
185.215.113.206
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
unknown
https://www.google.com/async/newtab_promos
142.250.186.132
http://185.215.113.206/68b591d6548ec281/nss3.dlll
unknown
http://185.215.113.206/c4becf79229cb002.phpser
unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
unknown
http://185.215.113.206/68b591d6548ec281/softokn3.dllS
unknown
https://www.ecosia.org/newtab/
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dllf
unknown
http://185.215.113.206/c4becf79229cb002.php5
unknown
https://plus.google.com
unknown
https://ac.ecosia.org/autocomplete?q=
unknown
https://www.google.com/async/ddljson?async=ntp:2
142.250.186.132
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll-
unknown
https://play.google.com/log?format=json&hasfast=true
172.217.16.206
http://185.215.113.206/c4becf79229cb002.php9
unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.250.186.132
http://185.215.113.206/68b591d6548ec281/mozglue.dllf
unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
unknown
http://185.215.113.206/c4becf79229cb002.phpD
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dllB
unknown
https://support.mozilla.org
unknown
http://185.215.113.206
unknown
http://185.215.113.206c4becf79229cb002.phpser
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
http://185.215.113.206/c4becf79229cb002.php3I
unknown
https://clients6.google.com
unknown
There are 58 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
plus.l.google.com
142.250.186.78
play.google.com
172.217.16.206
www.google.com
142.250.186.132
198.187.3.20.in-addr.arpa
unknown
apis.google.com
unknown

IPs

IP
Domain
Country
Malicious
192.168.2.4
unknown
unknown
malicious
185.215.113.206
unknown
Portugal
malicious
142.250.186.78
plus.l.google.com
United States
172.217.16.206
play.google.com
United States
239.255.255.250
unknown
Reserved
142.250.186.132
www.google.com
United States
127.0.0.1
unknown
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
FB1000
unkown
page execute and read and write
malicious
8BE000
heap
page read and write
malicious
4C20000
direct allocation
page read and write
malicious
55C4000
heap
page read and write
F90000
direct allocation
page read and write
4782000
heap
page read and write
55C9000
heap
page read and write
B670000
heap
page read and write
4F1E000
stack
page read and write
F90000
direct allocation
page read and write
4781000
heap
page read and write
425F000
stack
page read and write
55BB000
heap
page read and write
55BB000
heap
page read and write
55DC000
heap
page read and write
55C5000
heap
page read and write
4C5B000
stack
page read and write
1117000
unkown
page execute and read and write
55B7000
heap
page read and write
55CE000
heap
page read and write
55B9000
heap
page read and write
4781000
heap
page read and write
4781000
heap
page read and write
559B000
heap
page read and write
55BD000
heap
page read and write
4781000
heap
page read and write
4781000
heap
page read and write
4781000
heap
page read and write
4781000
heap
page read and write
55AF000
heap
page read and write
55B3000
heap
page read and write
55DC000
heap
page read and write
4781000
heap
page read and write
B6F2000
heap
page read and write
993000
heap
page read and write
11FA000
unkown
page write copy
4781000
heap
page read and write
B6FA000
heap
page read and write
740000
heap
page read and write
4781000
heap
page read and write
61ED3000
direct allocation
page read and write
55BD000
heap
page read and write
55C4000
heap
page read and write
55C1000
heap
page read and write
97E000
heap
page read and write
88E000
stack
page read and write
FAB000
heap
page read and write
55BB000
heap
page read and write
4781000
heap
page read and write
1492000
unkown
page execute and read and write
FB0000
unkown
page read and write
6C6D0000
unkown
page read and write
4781000
heap
page read and write
6C6CF000
unkown
page write copy
55DC000
heap
page read and write
349F000
stack
page read and write
4DAE000
stack
page read and write
3EDE000
stack
page read and write
F90000
direct allocation
page read and write
55BB000
heap
page read and write
4781000
heap
page read and write
55C4000
heap
page read and write
34DE000
stack
page read and write
371F000
stack
page read and write
3D9E000
stack
page read and write
164D000
unkown
page execute and write copy
55B9000
heap
page read and write
55DC000
heap
page read and write
2B5F000
stack
page read and write
B947000
heap
page read and write
55BA000
heap
page read and write
FB1000
unkown
page execute and write copy
415E000
stack
page read and write
630000
heap
page read and write
56C0000
trusted library allocation
page read and write
EBE000
stack
page read and write
4781000
heap
page read and write
55A7000
heap
page read and write
4781000
heap
page read and write
4781000
heap
page read and write
2CC000
stack
page read and write
4781000
heap
page read and write
6C450000
unkown
page readonly
61EB4000
direct allocation
page read and write
542D000
stack
page read and write
4781000
heap
page read and write
61E00000
direct allocation
page execute and read and write
35DF000
stack
page read and write
F80000
heap
page read and write
4781000
heap
page read and write
14A9000
unkown
page execute and write copy
47A0000
heap
page read and write
2FDE000
stack
page read and write
11FA000
unkown
page read and write
385F000
stack
page read and write
14AA000
unkown
page execute and write copy
4781000
heap
page read and write
4790000
heap
page read and write
515E000
stack
page read and write
6C4DE000
unkown
page read and write
55A7000
heap
page read and write
4D70000
direct allocation
page execute and read and write
710000
heap
page read and write
B650000
heap
page read and write
4781000
heap
page read and write
3C8000
stack
page read and write
4781000
heap
page read and write
902000
heap
page read and write
2E5F000
stack
page read and write
55C1000
heap
page read and write
55AF000
heap
page read and write
107C000
unkown
page execute and read and write
B946000
heap
page read and write
4781000
heap
page read and write
8BA000
heap
page read and write
389E000
stack
page read and write
529F000
stack
page read and write
F90000
direct allocation
page read and write
55A7000
heap
page read and write
906000
heap
page read and write
B630000
heap
page read and write
53EC000
stack
page read and write
B938000
heap
page read and write
465E000
stack
page read and write
55C1000
heap
page read and write
4781000
heap
page read and write
1383000
unkown
page execute and read and write
461F000
stack
page read and write
FB0000
unkown
page readonly
552D000
stack
page read and write
4781000
heap
page read and write
979000
heap
page read and write
3B1E000
stack
page read and write
4781000
heap
page read and write
98A000
heap
page read and write
AEE000
stack
page read and write
F7E000
stack
page read and write
39DE000
stack
page read and write
4781000
heap
page read and write
55D4000
heap
page read and write
475F000
stack
page read and write
B93F000
heap
page read and write
4880000
trusted library allocation
page read and write
55A9000
heap
page read and write
4C10000
direct allocation
page read and write
1469000
unkown
page execute and read and write
FAE000
heap
page read and write
F90000
direct allocation
page read and write
4781000
heap
page read and write
55DC000
heap
page read and write
3C1F000
stack
page read and write
55B3000
heap
page read and write
14A9000
unkown
page execute and read and write
55BC000
heap
page read and write
55DC000
heap
page read and write
4781000
heap
page read and write
4781000
heap
page read and write
55D9000
heap
page read and write
4D90000
direct allocation
page execute and read and write
4DA0000
direct allocation
page execute and read and write
3E9F000
stack
page read and write
55B3000
heap
page read and write
4781000
heap
page read and write
43DE000
stack
page read and write
55C9000
heap
page read and write
55DC000
heap
page read and write
55BF000
heap
page read and write
61EB7000
direct allocation
page readonly
55B9000
heap
page read and write
F90000
direct allocation
page read and write
55A7000
heap
page read and write
3C5E000
stack
page read and write
55BB000
heap
page read and write
47DA000
heap
page read and write
55C1000
heap
page read and write
934000
heap
page read and write
55C9000
heap
page read and write
F3E000
stack
page read and write
55BF000
heap
page read and write
61ED0000
direct allocation
page read and write
1065000
unkown
page execute and read and write
4781000
heap
page read and write
55BF000
heap
page read and write
4781000
heap
page read and write
3FDF000
stack
page read and write
6C4F0000
unkown
page readonly
55CE000
heap
page read and write
F90000
direct allocation
page read and write
55C1000
heap
page read and write
55D9000
heap
page read and write
4781000
heap
page read and write
2D5F000
stack
page read and write
2F9F000
stack
page read and write
4781000
heap
page read and write
4781000
heap
page read and write
311E000
stack
page read and write
4D80000
direct allocation
page execute and read and write
4781000
heap
page read and write
4781000
heap
page read and write
339E000
stack
page read and write
55DC000
heap
page read and write
55BD000
heap
page read and write
4781000
heap
page read and write
30DF000
stack
page read and write
55DC000
heap
page read and write
4781000
heap
page read and write
55CE000
heap
page read and write
11E8000
unkown
page execute and read and write
505E000
stack
page read and write
55DC000
heap
page read and write
4781000
heap
page read and write
4781000
heap
page read and write
55D5000
heap
page read and write
990000
heap
page read and write
55DC000
heap
page read and write
5592000
heap
page read and write
2C5F000
stack
page read and write
335F000
stack
page read and write
3C3000
stack
page read and write
55BD000
heap
page read and write
4781000
heap
page read and write
55A7000
heap
page read and write
4781000
heap
page read and write
439F000
stack
page read and write
4DC0000
direct allocation
page execute and read and write
8FD000
heap
page read and write
4DD0000
direct allocation
page execute and read and write
4781000
heap
page read and write
4C10000
direct allocation
page read and write
5590000
heap
page read and write
B8A0000
trusted library allocation
page read and write
55DC000
heap
page read and write
61ED4000
direct allocation
page readonly
6C4CD000
unkown
page readonly
4781000
heap
page read and write
F90000
direct allocation
page read and write
4781000
heap
page read and write
4781000
heap
page read and write
B630000
trusted library allocation
page read and write
325E000
stack
page read and write
B630000
trusted library allocation
page read and write
56C8000
heap
page read and write
55BE000
heap
page read and write
321F000
stack
page read and write
6C4F1000
unkown
page execute read
4781000
heap
page read and write
4781000
heap
page read and write
745000
heap
page read and write
55CE000
heap
page read and write
55CE000
heap
page read and write
4781000
heap
page read and write
411F000
stack
page read and write
F90000
direct allocation
page read and write
983000
heap
page read and write
78E000
stack
page read and write
4781000
heap
page read and write
3D5F000
stack
page read and write
4D5F000
stack
page read and write
4781000
heap
page read and write
4781000
heap
page read and write
918000
heap
page read and write
B691000
heap
page read and write
55BA000
heap
page read and write
4DA0000
direct allocation
page execute and read and write
55BD000
heap
page read and write
519E000
stack
page read and write
4781000
heap
page read and write
8B0000
heap
page read and write
4760000
heap
page read and write
4780000
heap
page read and write
44DF000
stack
page read and write
6C6D5000
unkown
page readonly
55C1000
heap
page read and write
55CE000
heap
page read and write
149C000
unkown
page execute and read and write
61E01000
direct allocation
page execute read
6C451000
unkown
page execute read
4781000
heap
page read and write
399F000
stack
page read and write
4781000
heap
page read and write
55C9000
heap
page read and write
6C6CE000
unkown
page read and write
429E000
stack
page read and write
401E000
stack
page read and write
F90000
direct allocation
page read and write
1034000
unkown
page execute and read and write
4781000
heap
page read and write
F90000
direct allocation
page read and write
B940000
heap
page read and write
55CE000
heap
page read and write
2E9E000
stack
page read and write
55CE000
heap
page read and write
61ECC000
direct allocation
page read and write
55C1000
heap
page read and write
F90000
direct allocation
page read and write
972000
heap
page read and write
55B5000
heap
page read and write
4DB0000
direct allocation
page execute and read and write
55BD000
heap
page read and write
361E000
stack
page read and write
4781000
heap
page read and write
B88E000
stack
page read and write
FA0000
heap
page read and write
55BC000
heap
page read and write
4781000
heap
page read and write
4781000
heap
page read and write
164C000
unkown
page execute and read and write
55BA000
heap
page read and write
B78E000
stack
page read and write
55BB000
heap
page read and write
F90000
direct allocation
page read and write
61ECD000
direct allocation
page readonly
4781000
heap
page read and write
55AF000
heap
page read and write
451E000
stack
page read and write
55C9000
heap
page read and write
6C4E2000
unkown
page readonly
55A7000
heap
page read and write
4C10000
direct allocation
page read and write
11FC000
unkown
page execute and read and write
501F000
stack
page read and write
4781000
heap
page read and write
55DC000
heap
page read and write
6C68F000
unkown
page readonly
F90000
direct allocation
page read and write
4EDF000
stack
page read and write
9ED000
stack
page read and write
EFC000
stack
page read and write
55BB000
heap
page read and write
4781000
heap
page read and write
55C4000
heap
page read and write
55C1000
heap
page read and write
4781000
heap
page read and write
4781000
heap
page read and write
375E000
stack
page read and write
55AF000
heap
page read and write
55C1000
heap
page read and write
55C1000
heap
page read and write
55C1000
heap
page read and write
3ADF000
stack
page read and write
55BB000
heap
page read and write
55C1000
heap
page read and write
52ED000
stack
page read and write
FA7000
heap
page read and write
There are 334 hidden memdumps, click here to show them.