IOC Report
hosts.tsv

loading gif

Processes

Path
Cmdline
Malicious
C:\Windows\System32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding

Registry

Path
Value
Malicious
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\mspaint.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\mspaint.exe.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
There are 8 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
187D9A0E000
heap
page read and write
187D98C5000
heap
page read and write
187DB820000
heap
page read and write
187DB950000
heap
page read and write
187DB820000
heap
page read and write
187DB7D0000
heap
page read and write
187DB7E0000
heap
page read and write
187DB7FA000
heap
page read and write
187DB962000
heap
page read and write
187DB7FE000
heap
page read and write
187D99C9000
heap
page read and write
187D99D2000
heap
page read and write
187DB95D000
heap
page read and write
187DB7F3000
heap
page read and write
187DB814000
heap
page read and write
187DB82B000
heap
page read and write
187DB7E3000
heap
page read and write
187D99D4000
heap
page read and write
187D99C1000
heap
page read and write
187DB96C000
heap
page read and write
187DB7EF000
heap
page read and write
187DB825000
heap
page read and write
187DB997000
heap
page read and write
187D99B0000
heap
page read and write
187DE04A000
heap
page read and write
187D99D4000
heap
page read and write
187DB80D000
heap
page read and write
187DB7FE000
heap
page read and write
187D99CC000
heap
page read and write
187DB814000
heap
page read and write
187DE04F000
heap
page read and write
187DB82B000
heap
page read and write
187DB9A3000
heap
page read and write
187DB805000
heap
page read and write
187DB8EC000
heap
page read and write
187DB818000
heap
page read and write
187DB814000
heap
page read and write
187DE430000
trusted library allocation
page read and write
187DB814000
heap
page read and write
187D9760000
heap
page read and write
187DB80D000
heap
page read and write
187DB997000
heap
page read and write
187DB820000
heap
page read and write
187DB819000
heap
page read and write
C4B4FE000
stack
page read and write
187DB95D000
heap
page read and write
187D99A1000
heap
page read and write
187DB977000
heap
page read and write
187DB7E9000
heap
page read and write
187DB954000
heap
page read and write
187D99DA000
heap
page read and write
187DB820000
heap
page read and write
187DB7FE000
heap
page read and write
187DB82F000
heap
page read and write
187DB965000
heap
page read and write
187D99A7000
heap
page read and write
187E03B0000
heap
page readonly
187DB820000
heap
page read and write
187DB8F5000
heap
page read and write
187DB805000
heap
page read and write
187DB80E000
heap
page read and write
C4B477000
stack
page read and write
187DB834000
heap
page read and write
187D99B1000
heap
page read and write
187D9A0E000
heap
page read and write
187DB7D0000
heap
page read and write
187DB8C9000
heap
page read and write
187DB7EB000
heap
page read and write
187D99CD000
heap
page read and write
187DB7FE000
heap
page read and write
187D99D1000
heap
page read and write
187DB81A000
heap
page read and write
187DB827000
heap
page read and write
187DB96C000
heap
page read and write
187DB99C000
heap
page read and write
187D9A0E000
heap
page read and write
187DB8E8000
heap
page read and write
187DB7D4000
heap
page read and write
187D999D000
heap
page read and write
187D99C7000
heap
page read and write
187DB7DA000
heap
page read and write
C4B57E000
stack
page read and write
187DB8EA000
heap
page read and write
187DB80A000
heap
page read and write
187DB997000
heap
page read and write
187DB8DE000
heap
page read and write
187DB826000
heap
page read and write
187DB819000
heap
page read and write
187DE02F000
heap
page read and write
187D99CA000
heap
page read and write
187DB825000
heap
page read and write
187DB91D000
heap
page read and write
187DB903000
heap
page read and write
187DB7F0000
heap
page read and write
187DB954000
heap
page read and write
187DE010000
heap
page read and write
187DB97C000
heap
page read and write
187DB97C000
heap
page read and write
187DB82B000
heap
page read and write
187DB825000
heap
page read and write
187DB826000
heap
page read and write
187DB80D000
heap
page read and write
187DB80A000
heap
page read and write
187DB820000
heap
page read and write
187DB80D000
heap
page read and write
187DB82F000
heap
page read and write
187D9A08000
heap
page read and write
187DB821000
heap
page read and write
187DB919000
heap
page read and write
C4B7FB000
stack
page read and write
187DB819000
heap
page read and write
187DB819000
heap
page read and write
187DB950000
heap
page read and write
187DB961000
heap
page read and write
187DE030000
heap
page read and write
187DB7E1000
heap
page read and write
187DB81D000
heap
page read and write
187DB8FD000
heap
page read and write
187DB82F000
heap
page read and write
187DB8F5000
heap
page read and write
187DB826000
heap
page read and write
187DB954000
heap
page read and write
187DB80D000
heap
page read and write
187DB7DC000
heap
page read and write
187D9A07000
heap
page read and write
187D99AF000
heap
page read and write
187DB8C0000
heap
page read and write
187DB99F000
heap
page read and write
187DE025000
heap
page read and write
187DB825000
heap
page read and write
187DB9A3000
heap
page read and write
187DB805000
heap
page read and write
187DB7EF000
heap
page read and write
187DB7FA000
heap
page read and write
187DB8E5000
heap
page read and write
187D99A7000
heap
page read and write
187DB8FD000
heap
page read and write
187DB903000
heap
page read and write
187DB91C000
heap
page read and write
187DB8F5000
heap
page read and write
187DB814000
heap
page read and write
187DB8EA000
heap
page read and write
187DB819000
heap
page read and write
C4B5FF000
stack
page read and write
187DB806000
heap
page read and write
187DB8F5000
heap
page read and write
187DE042000
heap
page read and write
187DB7FE000
heap
page read and write
C4B9FE000
stack
page read and write
187DB903000
heap
page read and write
187DB8FD000
heap
page read and write
187D9A07000
heap
page read and write
187DB825000
heap
page read and write
187DB8EE000
heap
page read and write
187D99A7000
heap
page read and write
187D9880000
heap
page read and write
187DB825000
heap
page read and write
187D9A07000
heap
page read and write
187D99AD000
heap
page read and write
187DB7DC000
heap
page read and write
187DB8EC000
heap
page read and write
187D9840000
heap
page read and write
187DB7EF000
heap
page read and write
187DE5D0000
heap
page read and write
187DB825000
heap
page read and write
187DB7FA000
heap
page read and write
187D99B7000
heap
page read and write
187DB7EA000
heap
page read and write
187DB816000
heap
page read and write
187DB8CA000
heap
page read and write
187D98C0000
heap
page read and write
187DB95D000
heap
page read and write
187DB826000
heap
page read and write
187DB815000
heap
page read and write
187DE049000
heap
page read and write
187DE051000
heap
page read and write
187DB950000
heap
page read and write
187DB96C000
heap
page read and write
187DB950000
heap
page read and write
187DB814000
heap
page read and write
187D99B0000
heap
page read and write
187DB7F3000
heap
page read and write
187DB809000
heap
page read and write
187DB820000
heap
page read and write
187DB822000
heap
page read and write
187DE03D000
heap
page read and write
187DB7EB000
heap
page read and write
187DB81A000
heap
page read and write
187DB80E000
heap
page read and write
187D9910000
heap
page read and write
187D99BB000
heap
page read and write
187DB814000
heap
page read and write
187DB954000
heap
page read and write
187DB814000
heap
page read and write
187D99A1000
heap
page read and write
187DB7F3000
heap
page read and write
187DB96C000
heap
page read and write
187DB825000
heap
page read and write
187DB91C000
heap
page read and write
187D99DD000
heap
page read and write
187DB821000
heap
page read and write
187DB977000
heap
page read and write
187DB818000
heap
page read and write
187DB9A3000
heap
page read and write
187DB7EB000
heap
page read and write
187DB7DC000
heap
page read and write
187DB80A000
heap
page read and write
187DB814000
heap
page read and write
187DB9A3000
heap
page read and write
187DB82F000
heap
page read and write
187DB7FA000
heap
page read and write
187DB91B000
heap
page read and write
187DB820000
heap
page read and write
187DB7FE000
heap
page read and write
187DB820000
heap
page read and write
187DB814000
heap
page read and write
187DB99F000
heap
page read and write
187D99F8000
heap
page read and write
C4B6FF000
stack
page read and write
187DB950000
heap
page read and write
187D99F0000
heap
page read and write
C4BA7B000
stack
page read and write
187D99AB000
heap
page read and write
187DE03F000
heap
page read and write
187D99B8000
heap
page read and write
187DB7F3000
heap
page read and write
187DB99F000
heap
page read and write
187DB7F3000
heap
page read and write
187DB801000
heap
page read and write
187DB80D000
heap
page read and write
187DB822000
heap
page read and write
187DB903000
heap
page read and write
187D99B0000
heap
page read and write
187DB7EF000
heap
page read and write
187DB7E6000
heap
page read and write
187D9A04000
heap
page read and write
187DB977000
heap
page read and write
187DB805000
heap
page read and write
187DB7F3000
heap
page read and write
187DB977000
heap
page read and write
187DB80A000
heap
page read and write
187DB82F000
heap
page read and write
187DB835000
heap
page read and write
187D99A7000
heap
page read and write
187DB7DC000
heap
page read and write
187DB8E5000
heap
page read and write
187DB80A000
heap
page read and write
187DE035000
heap
page read and write
187DB825000
heap
page read and write
187DDA10000
trusted library allocation
page read and write
187DB80A000
heap
page read and write
187DB825000
heap
page read and write
187DE022000
heap
page read and write
187DB7D8000
heap
page read and write
187DB82F000
heap
page read and write
187DB7E0000
heap
page read and write
187DB954000
heap
page read and write
187D99BA000
heap
page read and write
187DB80D000
heap
page read and write
187DB826000
heap
page read and write
187D99B9000
heap
page read and write
187DB8EE000
heap
page read and write
187DB7DF000
heap
page read and write
187DB9A3000
heap
page read and write
187DB8E8000
heap
page read and write
187DB7FE000
heap
page read and write
187DB95D000
heap
page read and write
C4B67D000
stack
page read and write
187D99C8000
heap
page read and write
C4B77B000
stack
page read and write
187D9A0E000
heap
page read and write
187DB95D000
heap
page read and write
187DB805000
heap
page read and write
187DB805000
heap
page read and write
187DB7E0000
heap
page read and write
187D99E1000
heap
page read and write
187DB967000
heap
page read and write
187D99B6000
heap
page read and write
187DB820000
heap
page read and write
187DB814000
heap
page read and write
187DB7FE000
heap
page read and write
187DB7FE000
heap
page read and write
7DF4C8F41000
trusted library allocation
page execute read
187DB81A000
heap
page read and write
187DB805000
heap
page read and write
187D996B000
heap
page read and write
187DB7EF000
heap
page read and write
187D9A0D000
heap
page read and write
187DB950000
heap
page read and write
187DB7EF000
heap
page read and write
187DB805000
heap
page read and write
187DB80A000
heap
page read and write
187D99A1000
heap
page read and write
187DB80A000
heap
page read and write
187DB7E4000
heap
page read and write
187D9A09000
heap
page read and write
187DB819000
heap
page read and write
187DB97C000
heap
page read and write
187DB7F5000
heap
page read and write
187DB82B000
heap
page read and write
187D99BF000
heap
page read and write
187DB820000
heap
page read and write
187DE023000
heap
page read and write
187DB7FA000
heap
page read and write
187DB99F000
heap
page read and write
187DB80E000
heap
page read and write
187DB8D4000
heap
page read and write
187DB1F0000
heap
page read and write
187DB97C000
heap
page read and write
187DB819000
heap
page read and write
187DB81A000
heap
page read and write
187DB7D6000
heap
page read and write
187DB954000
heap
page read and write
187DB815000
heap
page read and write
187DB80E000
heap
page read and write
187DB826000
heap
page read and write
187DB80D000
heap
page read and write
187DB825000
heap
page read and write
187D99CB000
heap
page read and write
187DB821000
heap
page read and write
187DB825000
heap
page read and write
187DB95D000
heap
page read and write
187DB826000
heap
page read and write
187DB7C0000
heap
page read and write
187DB997000
heap
page read and write
187DB8DB000
heap
page read and write
There are 316 hidden memdumps, click here to show them.