Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

N6jsQ3XNNX.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\ProgramData\ET Ammeter Side 10.7.45\ET Ammeter Side 10.7.45.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-0NOE7.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-19DMT.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-3L92A.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-8FEA4.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-8J8L1.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-8PPAH.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-CCK3H.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-D0HIN.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-DDT59.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-E27ND.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-FABCG.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-GR40U.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-I6MFQ.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-IR87B.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-KK58F.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-O680T.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-P1MHN.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-R14KT.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-R59QM.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-S9SIF.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter32_64.exe

PE32 executable (GUI) Intel 80386, for MS Windows

modified

C:\Users\user\AppData\Local\Jenny Video Converter\libgcc_s_dw2-1.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libgdk-win32-2.0-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libgdk_pixbuf-2.0-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libgdkmm-2.4-1.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libglibmm-2.4-1.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libgmodule-2.0-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libgobject-2.0-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libgomp-1.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libintl-8.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libjpeg-8.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\liblcms2-2.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libpango-1.0-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libpangocairo-1.0-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libpangoft2-1.0-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libpangomm-1.4-1.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libpangowin32-1.0-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libpixman-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\librsvg-2-2.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libsigc-2.0-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libtiff-5.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\uninstall\is-SAKD7.tmp

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\uninstall\unins000.exe (copy)

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\is-PNPJE.tmp\N6jsQ3XNNX.tmp

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\is-SQ448.tmp\_isetup\_RegDLL.tmp

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\is-SQ448.tmp\_isetup\_iscrypt.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\is-SQ448.tmp\_isetup\_setup64.tmp

PE32+ executable (console) x86-64, for MS Windows

dropped

C:\ProgramData\et107it45.dat

data

dropped

C:\ProgramData\et107rc45.dat

data

dropped

C:\ProgramData\et107resa.dat

ASCII text, with no line terminators

dropped

C:\ProgramData\et107resb.dat

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-73S5T.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-7MVDI.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-AUN77.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-CK3T2.tmp

data

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-G1ORK.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-MCN70.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-SBF1H.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\is-SPPOJ.tmp

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libgraphite2.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libharfbuzz-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\liblzma-5.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libpcre-1.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libpng16-16.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\libwinpthread-1.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\uninstall\unins000.dat

InnoSetup Log Jenny Video Converter, version 0x30, 6034 bytes, 760639\user, "C:\Users\user\AppData\Local\Jenny Video Converter"

dropped

C:\Users\user\AppData\Local\Jenny Video Converter\zlib1.dll (copy)

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\is-SQ448.tmp\_isetup\_shfoldr.dll

PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows

dropped

There are 60 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\N6jsQ3XNNX.exe

"C:\Users\user\Desktop\N6jsQ3XNNX.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5916
Target ID:	0
Parent PID:	4004
Name:	N6jsQ3XNNX.exe
Path:	C:\Users\user\Desktop\N6jsQ3XNNX.exe
Commandline:	"C:\Users\user\Desktop\N6jsQ3XNNX.exe"
Size:	4512180
MD5:	46D2E28BE5AD34097672B73BFA78E805
Time:	22:12:54
Date:	07/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	81920
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter32_64.exe

"C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter32_64.exe" -i

Details

Is windows:	false
Is dropped:	true
PID:	2760
Target ID:	3
Parent PID:	2324
Name:	jennyvideoconverter32_64.exe
Path:	C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter32_64.exe
Commandline:	"C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter32_64.exe" -i
Size:	3296256
MD5:	65FDD2B7C5D23EEF202604FCFEFD2FF4
Time:	22:12:57
Date:	07/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	3325952
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Detected unpacking (overwrites its own PE header)	Compliance, Data Obfuscation	Software Packing
Yara detected Socks5Systemz	Stealing of Sensitive Information, Remote Access Functionality
Drops PE files	Persistence and Installation Behavior
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Temp\is-PNPJE.tmp\N6jsQ3XNNX.tmp

"C:\Users\user\AppData\Local\Temp\is-PNPJE.tmp\N6jsQ3XNNX.tmp" /SL5="$203BE,4230882,54272,C:\Users\user\Desktop\N6jsQ3XNNX.exe"

Details

Is windows:	false
Is dropped:	true
PID:	2324
Target ID:	2
Parent PID:	5916
Name:	N6jsQ3XNNX.tmp
Path:	C:\Users\user\AppData\Local\Temp\is-PNPJE.tmp\N6jsQ3XNNX.tmp
Commandline:	"C:\Users\user\AppData\Local\Temp\is-PNPJE.tmp\N6jsQ3XNNX.tmp" /SL5="$203BE,4230882,54272,C:\Users\user\Desktop\N6jsQ3XNNX.exe"
Size:	709120
MD5:	16C9D19AB32C18671706CEFEE19B6949
Time:	22:12:55
Date:	07/10/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	774144
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Spawns processes	System Summary	Process Injection

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager

Details

Is windows:	true
Is dropped:	false
PID:	5276
Target ID:	6
Parent PID:	632
Name:	svchost.exe
Path:	C:\Windows\System32\svchost.exe
Commandline:	C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Size:	55320
MD5:	B7F884C1B74A263F746EE12A5F7C9F6A
Time:	22:13:40
Date:	07/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	true
Modulebase:	0x7ff7403e0000
Modulesize:	65536
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://diuzout.info/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978fe71ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf712c5ec93993c

185.208.158.248

http://diuzout.info/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86ec948344815a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d993ece699511

185.208.158.248

diuzout.info

http://www.innosetup.com/

unknown

http://185.208.158.248/s

unknown

http://tukaani.org/

unknown

http://185.208.158.248/search/?q=67e28dd83d5df22

unknown

http://31.214.157.226/rand

89.105.201.183

http://www.remobjects.com/psU

unknown

http://tukaani.org/xz/

unknown

http://185.208.158.248/search/?q=67e28dd83d5df220160

unknown

http://185.208.158.248/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12e

unknown

http://mingw-w64.sourceforge.net/X

unknown

http://185.208.158.248/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82d

unknown

http://185.208.158.248/search/?q=67e28dd83d5df2201606a51?a

unknown

http://185.208.158.248/search/?qbn1

unknown

http://www.remobjects.com/ps

unknown

http://fsf.org/

unknown

http://185.208.158.248/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5

unknown

http://185.208.158.248/search/?q

unknown

http://185.208.158.248/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86ec948

unknown

http://185.208.158.248/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd8Yo

unknown

http://185.208.1

unknown

http://www.gnu.org/licenses/

unknown

There are 14 hidden URLs, click here to show them.

Domains

Name

Malicious

diuzout.info

185.208.158.248

Details

Name:	diuzout.info
IP:	185.208.158.248
TargetID:	3
Current Path:	C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter32_64.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

212.20.149.52.in-addr.arpa

unknown

IPs

Domain

Country

Malicious

185.208.158.248

diuzout.info

Switzerland

Details

IP:	185.208.158.248
TargetID:	3
Current Path:	C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter32_64.exe
Country:	Switzerland
Countrycode:	CHE
ASN number:	34888
ASN name:	SIMPLECARRER2IT
Private:	false
Domain:	diuzout.info

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
URLs found in memory or binary data	Networking

31.214.157.226

unknown

Germany

Details

IP:	31.214.157.226
TargetID:	3
Current Path:	C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter32_64.exe
Country:	Germany
Countrycode:	DEU
ASN number:	58329
ASN name:	RACKPLACEDE
Private:	false

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

89.105.201.183

unknown

Netherlands

Details

IP:	89.105.201.183
TargetID:	3
Current Path:	C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter32_64.exe
Country:	Netherlands
Countrycode:	NLD
ASN number:	24875
ASN name:	NOVOSERVE-ASNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Owner

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

SessionHash

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Sequence

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFiles0000

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFilesHash

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1

Inno Setup: Setup Version

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1

Inno Setup: App Path

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1

InstallLocation

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1

Inno Setup: Icon Group

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1

Inno Setup: User

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1

Inno Setup: Language

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1

DisplayName

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1

UninstallString

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1

QuietUninstallString

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1

NoModify

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1

NoRepair

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1

InstallDate

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1

EstimatedSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BetaTour

et_ammeter_side_i45_11

There are 9 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

2CD9000

heap

page read and write

2D81000

direct allocation

page execute and read and write

DF3A7FE000

unkown

page readonly

49A000

unkown

page write copy

25F0000

direct allocation

page read and write

24B4A290000

heap

page read and write

24C0000

direct allocation

page read and write

58D0000

direct allocation

page read and write

307F000

stack

page read and write

639000

unkown

page readonly

760000

heap

page read and write

5B1000

unkown

page execute and write copy

411000

unkown

page readonly

430000

heap

page read and write

854000

heap

page read and write

DF3A8FE000

stack

page read and write

2770000

heap

page read and write

24B4A42F000

heap

page read and write

24A2000

direct allocation

page read and write

2300000

heap

page read and write

9B000

stack

page read and write

400000

unkown

page readonly

30EE000

stack

page read and write

2450000

heap

page read and write

340F000

stack

page read and write

5A80000

direct allocation

page read and write

56D0000

heap

page read and write

DF3A4FE000

stack

page read and write

5A8E000

direct allocation

page read and write

420000

heap

page read and write

4AB000

unkown

page readonly

DF3A6FC000

stack

page read and write

285C000

stack

page read and write

2170000

direct allocation

page read and write

218C000

direct allocation

page read and write

24F4000

heap

page read and write

5AB000

unkown

page execute and write copy

2094000

direct allocation

page read and write

57D1000

heap

page read and write

34CE000

stack

page read and write

57D0000

heap

page read and write

5B3000

unkown

page execute and write copy

710000

heap

page read and write

6BE000

heap

page read and write

5A90000

direct allocation

page read and write

3710000

heap

page read and write

3350000

heap

page read and write

24F0000

heap

page read and write

24B4A43F000

heap

page read and write

2158000

direct allocation

page read and write

24B4A422000

heap

page read and write

2088000

direct allocation

page read and write

24B4A370000

heap

page read and write

79D000

heap

page read and write

DF3A0FD000

stack

page read and write

716000

heap

page read and write

6BA000

heap

page read and write

2250000

heap

page read and write

2710000

heap

page read and write

3180000

direct allocation

page read and write

5A8A000

direct allocation

page read and write

32CF000

stack

page read and write

2305000

heap

page read and write

2F2B000

stack

page read and write

5A88000

direct allocation

page read and write

73E000

heap

page read and write

26F0000

heap

page read and write

2CCE000

stack

page read and write

2160000

direct allocation

page read and write

40D000

unkown

page write copy

24B4A402000

heap

page read and write

2074000

direct allocation

page read and write

24B4A455000

heap

page read and write

400000

unkown

page readonly

332E000

stack

page read and write

26AE000

stack

page read and write

714000

heap

page read and write

400000

unkown

page readonly

24B4A3A0000

trusted library allocation

page read and write

26EE000

stack

page read and write

795000

heap

page read and write

73E000

heap

page read and write

4D0000

heap

page read and write

2309000

heap

page read and write

401000

unkown

page execute read

590000

heap

page read and write

560000

heap

page read and write

5AD000

unkown

page execute and write copy

10002000

unkown

page readonly

2081000

direct allocation

page read and write

37D7000

heap

page read and write

596000

heap

page read and write

706000

heap

page read and write

4AB000

unkown

page readonly

5A86000

direct allocation

page read and write

7A8000

heap

page read and write

589000

unkown

page execute and write copy

217C000

direct allocation

page read and write

770000

heap

page read and write

696000

unkown

page readonly

5A7000

unkown

page execute and write copy

499000

unkown

page write copy

499000

unkown

page read and write

267C000

heap

page read and write

597000

heap

page read and write

632000

unkown

page write copy

2310000

direct allocation

page read and write

6D5000

heap

page read and write

18D000

stack

page read and write

73E000

heap

page read and write

87E000

heap

page read and write

2080000

direct allocation

page read and write

73F000

heap

page read and write

24B4AC02000

trusted library allocation

page read and write

401000

unkown

page execute and write copy

370F000

stack

page read and write

5A8C000

direct allocation

page read and write

40B000

unkown

page read and write

24B4A413000

heap

page read and write

31CE000

stack

page read and write

5AF000

unkown

page execute and write copy

2310000

direct allocation

page read and write

899000

heap

page read and write

5B6F000

direct allocation

page read and write

401000

unkown

page execute read

2840000

trusted library allocation

page read and write

401000

unkown

page execute read

5A92000

direct allocation

page read and write

7A0000

heap

page read and write

5A9000

unkown

page execute and write copy

24B0000

heap

page read and write

2168000

direct allocation

page read and write

10000000

unkown

page readonly

62D000

unkown

page readonly

766000

heap

page read and write

49D000

unkown

page write copy

19D000

stack

page read and write

409000

unkown

page execute and read and write

79D000

heap

page read and write

58E0000

direct allocation

page read and write

5A1000

unkown

page execute and write copy

4C0000

heap

page read and write

10001000

unkown

page execute read

2540000

direct allocation

page read and write

5B11000

direct allocation

page read and write

2157000

direct allocation

page read and write

35CF000

stack

page read and write

31EF000

stack

page read and write

23A1000

heap

page read and write

3752000

heap

page read and write

796000

heap

page read and write

2144000

direct allocation

page read and write

9C000

stack

page read and write

3340000

heap

page read and write

740000

heap

page read and write

2450000

direct allocation

page read and write

40B000

unkown

page write copy

730000

heap

page read and write

DF39B7B000

stack

page read and write

780000

heap

page read and write

218F000

direct allocation

page read and write

2579000

direct allocation

page read and write

530000

heap

page read and write

6B0000

heap

page read and write

795000

heap

page read and write

790000

direct allocation

page read and write

43A000

heap

page read and write

2490000

direct allocation

page read and write

795000

heap

page read and write

5A68000

direct allocation

page read and write

DF3A5FE000

unkown

page readonly

2714000

heap

page read and write

49B000

unkown

page read and write

330E000

stack

page read and write

3414000

heap

page read and write

318E000

direct allocation

page read and write

2150000

direct allocation

page read and write

3180000

trusted library allocation

page read and write

215C000

direct allocation

page read and write

43E000

heap

page read and write

78C000

heap

page read and write

2560000

heap

page read and write

85A000

heap

page read and write

400000

unkown

page execute and read and write

2880000

heap

page read and write

21C0000

heap

page read and write

341F000

heap

page read and write

24A0000

direct allocation

page read and write

DF3A9FE000

unkown

page readonly

DF3A3FE000

unkown

page readonly

24B4A42B000

heap

page read and write

400000

unkown

page readonly

DF3A1FE000

unkown

page readonly

73F000

heap

page read and write

DF3A2FE000

stack

page read and write

360E000

stack

page read and write

79D000

heap

page read and write

24B4A400000

heap

page read and write

2DBA000

direct allocation

page execute and read and write

79D000

heap

page read and write

680000

direct allocation

page execute and read and write

2F7E000

stack

page read and write

33CD000

heap

page read and write

400000

unkown

page readonly

19C000

stack

page read and write

2450000

direct allocation

page read and write

630000

unkown

page write copy

716000

heap

page read and write

2260000

heap

page read and write

411000

unkown

page readonly

2070000

direct allocation

page read and write

24B4A270000

heap

page read and write

24B4A502000

heap

page read and write

2570000

direct allocation

page read and write

401000

unkown

page execute read

281D000

stack

page read and write

96000

stack

page read and write

716000

heap

page read and write

3180000

direct allocation

page read and write

322E000

stack

page read and write

There are 210 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
N6jsQ3XNNX.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportN6jsQ3XNNX.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
N6jsQ3XNNX.exe