Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://outlook.office365.com/mapi/nspi/?MailboxId=23007297-057d-4fbe-8942-10d7a78ee01f
|
unknown
|
||
|
https://outlook.office.com/api/v2.0/Me/ActivitiesW
|
unknown
|
||
|
https://outlook.office.com/api/v2.0/Me/Activities
|
unknown
|
||
|
https://outlook.office365.com/mapi/emsmdb/?MailboxId=c02ffe65-ec5d-4c32-8c23-00450e456bf7
|
unknown
|
||
|
https://outlook.office365.com/mapi/emsmdb/?MailboxId=23007297-057d-4fbe-8942-10d7a78ee01f
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
23947470000
|
heap
|
page read and write
|
||
|
23947570000
|
heap
|
page read and write
|
||
|
23947578000
|
heap
|
page read and write
|
||
|
2394952E000
|
heap
|
page read and write
|
||
|
2394BC31000
|
heap
|
page read and write
|
||
|
239495D8000
|
heap
|
page read and write
|
||
|
239475A8000
|
heap
|
page read and write
|
||
|
239475CB000
|
heap
|
page read and write
|
||
|
2394959F000
|
heap
|
page read and write
|
||
|
2394757F000
|
heap
|
page read and write
|
||
|
2394755C000
|
heap
|
page read and write
|
||
|
239475A4000
|
heap
|
page read and write
|
||
|
2394BC4D000
|
heap
|
page read and write
|
||
|
23947554000
|
heap
|
page read and write
|
||
|
239495EB000
|
heap
|
page read and write
|
||
|
239495F9000
|
heap
|
page read and write
|
||
|
82ABAFE000
|
stack
|
page read and write
|
||
|
23949602000
|
heap
|
page read and write
|
||
|
2394953A000
|
heap
|
page read and write
|
||
|
2394758F000
|
heap
|
page read and write
|
||
|
23949606000
|
heap
|
page read and write
|
||
|
23947578000
|
heap
|
page read and write
|
||
|
239495D0000
|
heap
|
page read and write
|
||
|
239495FE000
|
heap
|
page read and write
|
||
|
2394BC10000
|
heap
|
page read and write
|
||
|
23947580000
|
heap
|
page read and write
|
||
|
239495DB000
|
heap
|
page read and write
|
||
|
23949606000
|
heap
|
page read and write
|
||
|
239495E9000
|
heap
|
page read and write
|
||
|
2394756B000
|
heap
|
page read and write
|
||
|
2394758A000
|
heap
|
page read and write
|
||
|
239475A3000
|
heap
|
page read and write
|
||
|
23947559000
|
heap
|
page read and write
|
||
|
2394953A000
|
heap
|
page read and write
|
||
|
2394751B000
|
heap
|
page read and write
|
||
|
23949536000
|
heap
|
page read and write
|
||
|
2394758A000
|
heap
|
page read and write
|
||
|
82ABE7B000
|
stack
|
page read and write
|
||
|
23947588000
|
heap
|
page read and write
|
||
|
239495F4000
|
heap
|
page read and write
|
||
|
23949590000
|
heap
|
page read and write
|
||
|
23947577000
|
heap
|
page read and write
|
||
|
23947599000
|
heap
|
page read and write
|
||
|
23949602000
|
heap
|
page read and write
|
||
|
23947567000
|
heap
|
page read and write
|
||
|
239475C6000
|
heap
|
page read and write
|
||
|
239495AC000
|
heap
|
page read and write
|
||
|
2394952E000
|
heap
|
page read and write
|
||
|
2394BC16000
|
heap
|
page read and write
|
||
|
2394956F000
|
heap
|
page read and write
|
||
|
2394757A000
|
heap
|
page read and write
|
||
|
23947588000
|
heap
|
page read and write
|
||
|
2394960E000
|
heap
|
page read and write
|
||
|
2394757C000
|
heap
|
page read and write
|
||
|
239475CD000
|
heap
|
page read and write
|
||
|
239495F5000
|
heap
|
page read and write
|
||
|
23947586000
|
heap
|
page read and write
|
||
|
23949613000
|
heap
|
page read and write
|
||
|
23949596000
|
heap
|
page read and write
|
||
|
239495EA000
|
heap
|
page read and write
|
||
|
2394960A000
|
heap
|
page read and write
|
||
|
239495F4000
|
heap
|
page read and write
|
||
|
2394758A000
|
heap
|
page read and write
|
||
|
239495FD000
|
heap
|
page read and write
|
||
|
23947566000
|
heap
|
page read and write
|
||
|
239494C0000
|
heap
|
page read and write
|
||
|
239495EF000
|
heap
|
page read and write
|
||
|
82AB79E000
|
stack
|
page read and write
|
||
|
239475C7000
|
heap
|
page read and write
|
||
|
23947559000
|
heap
|
page read and write
|
||
|
23947504000
|
heap
|
page read and write
|
||
|
239495DB000
|
heap
|
page read and write
|
||
|
239495A3000
|
heap
|
page read and write
|
||
|
23947578000
|
heap
|
page read and write
|
||
|
239495F4000
|
heap
|
page read and write
|
||
|
23947566000
|
heap
|
page read and write
|
||
|
239475AF000
|
heap
|
page read and write
|
||
|
23949602000
|
heap
|
page read and write
|
||
|
2394BC58000
|
heap
|
page read and write
|
||
|
239475CB000
|
heap
|
page read and write
|
||
|
23949583000
|
heap
|
page read and write
|
||
|
239495A8000
|
heap
|
page read and write
|
||
|
23947599000
|
heap
|
page read and write
|
||
|
23947578000
|
heap
|
page read and write
|
||
|
23947585000
|
heap
|
page read and write
|
||
|
239475BF000
|
heap
|
page read and write
|
||
|
239495D5000
|
heap
|
page read and write
|
||
|
2394955D000
|
heap
|
page read and write
|
||
|
239475A4000
|
heap
|
page read and write
|
||
|
23949597000
|
heap
|
page read and write
|
||
|
239495F0000
|
heap
|
page read and write
|
||
|
239495A2000
|
heap
|
page read and write
|
||
|
23947580000
|
heap
|
page read and write
|
||
|
23947545000
|
heap
|
page read and write
|
||
|
239495F1000
|
heap
|
page read and write
|
||
|
2394951A000
|
heap
|
page read and write
|
||
|
239495FD000
|
heap
|
page read and write
|
||
|
23947580000
|
heap
|
page read and write
|
||
|
239475A6000
|
heap
|
page read and write
|
||
|
23947580000
|
heap
|
page read and write
|
||
|
239474D0000
|
heap
|
page read and write
|
||
|
239495FE000
|
heap
|
page read and write
|
||
|
23949516000
|
heap
|
page read and write
|
||
|
23949613000
|
heap
|
page read and write
|
||
|
23947566000
|
heap
|
page read and write
|
||
|
23947580000
|
heap
|
page read and write
|
||
|
23949606000
|
heap
|
page read and write
|
||
|
23948ED0000
|
heap
|
page read and write
|
||
|
239495AC000
|
heap
|
page read and write
|
||
|
23947571000
|
heap
|
page read and write
|
||
|
23949602000
|
heap
|
page read and write
|
||
|
23949616000
|
heap
|
page read and write
|
||
|
2394753E000
|
heap
|
page read and write
|
||
|
2394BC44000
|
heap
|
page read and write
|
||
|
2394B710000
|
trusted library allocation
|
page read and write
|
||
|
23949612000
|
heap
|
page read and write
|
||
|
23947559000
|
heap
|
page read and write
|
||
|
239495E2000
|
heap
|
page read and write
|
||
|
2394960E000
|
heap
|
page read and write
|
||
|
23949606000
|
heap
|
page read and write
|
||
|
2394753E000
|
heap
|
page read and write
|
||
|
2394757C000
|
heap
|
page read and write
|
||
|
23947577000
|
heap
|
page read and write
|
||
|
239475BF000
|
heap
|
page read and write
|
||
|
23949503000
|
heap
|
page read and write
|
||
|
239495A4000
|
heap
|
page read and write
|
||
|
239495A8000
|
heap
|
page read and write
|
||
|
2394953A000
|
heap
|
page read and write
|
||
|
239495A8000
|
heap
|
page read and write
|
||
|
2394961A000
|
heap
|
page read and write
|
||
|
2394960A000
|
heap
|
page read and write
|
||
|
2394BC5A000
|
heap
|
page read and write
|
||
|
23949518000
|
heap
|
page read and write
|
||
|
2394BC56000
|
heap
|
page read and write
|
||
|
23947559000
|
heap
|
page read and write
|
||
|
23947480000
|
heap
|
page read and write
|
||
|
239495F4000
|
heap
|
page read and write
|
||
|
239495FE000
|
heap
|
page read and write
|
||
|
23949602000
|
heap
|
page read and write
|
||
|
23949606000
|
heap
|
page read and write
|
||
|
239495F0000
|
heap
|
page read and write
|
||
|
2394BC41000
|
heap
|
page read and write
|
||
|
23947571000
|
heap
|
page read and write
|
||
|
82ABB7E000
|
stack
|
page read and write
|
||
|
239495FA000
|
heap
|
page read and write
|
||
|
2394759D000
|
heap
|
page read and write
|
||
|
2394960A000
|
heap
|
page read and write
|
||
|
239495E5000
|
heap
|
page read and write
|
||
|
239495AC000
|
heap
|
page read and write
|
||
|
2394953B000
|
heap
|
page read and write
|
||
|
2394960E000
|
heap
|
page read and write
|
||
|
23947571000
|
heap
|
page read and write
|
||
|
2394757B000
|
heap
|
page read and write
|
||
|
2394BC5F000
|
heap
|
page read and write
|
||
|
239495EF000
|
heap
|
page read and write
|
||
|
239495E7000
|
heap
|
page read and write
|
||
|
239495A5000
|
heap
|
page read and write
|
||
|
2394757C000
|
heap
|
page read and write
|
||
|
239495EF000
|
heap
|
page read and write
|
||
|
23949526000
|
heap
|
page read and write
|
||
|
2394960E000
|
heap
|
page read and write
|
||
|
2394C0F0000
|
trusted library allocation
|
page read and write
|
||
|
2394959E000
|
heap
|
page read and write
|
||
|
82ABC7B000
|
stack
|
page read and write
|
||
|
239495E3000
|
heap
|
page read and write
|
||
|
23949524000
|
heap
|
page read and write
|
||
|
239475C9000
|
heap
|
page read and write
|
||
|
2394960B000
|
heap
|
page read and write
|
||
|
23947570000
|
heap
|
page read and write
|
||
|
239495EF000
|
heap
|
page read and write
|
||
|
23947566000
|
heap
|
page read and write
|
||
|
23949583000
|
heap
|
page read and write
|
||
|
2394BC60000
|
heap
|
page read and write
|
||
|
239495E8000
|
heap
|
page read and write
|
||
|
2394955E000
|
heap
|
page read and write
|
||
|
239495A8000
|
heap
|
page read and write
|
||
|
239495FD000
|
heap
|
page read and write
|
||
|
7DF468361000
|
trusted library allocation
|
page execute read
|
||
|
23947595000
|
heap
|
page read and write
|
||
|
82ABA7E000
|
stack
|
page read and write
|
||
|
2394960F000
|
heap
|
page read and write
|
||
|
82AB716000
|
stack
|
page read and write
|
||
|
23949583000
|
heap
|
page read and write
|
||
|
2394756F000
|
heap
|
page read and write
|
||
|
23949583000
|
heap
|
page read and write
|
||
|
239475CD000
|
heap
|
page read and write
|
||
|
82ABBFC000
|
stack
|
page read and write
|
||
|
2394960A000
|
heap
|
page read and write
|
||
|
23949571000
|
heap
|
page read and write
|
||
|
2394950D000
|
heap
|
page read and write
|
||
|
239495A8000
|
heap
|
page read and write
|
||
|
23947595000
|
heap
|
page read and write
|
||
|
239495D9000
|
heap
|
page read and write
|
||
|
239495D1000
|
heap
|
page read and write
|
||
|
2394960A000
|
heap
|
page read and write
|
||
|
23948E40000
|
heap
|
page read and write
|
||
|
239495FE000
|
heap
|
page read and write
|
||
|
23948F75000
|
heap
|
page read and write
|
||
|
23949524000
|
heap
|
page read and write
|
||
|
2394952E000
|
heap
|
page read and write
|
||
|
23947587000
|
heap
|
page read and write
|
||
|
23947544000
|
heap
|
page read and write
|
||
|
2394BC4E000
|
heap
|
page read and write
|
||
|
23947566000
|
heap
|
page read and write
|
||
|
239475C8000
|
heap
|
page read and write
|
||
|
239495A1000
|
heap
|
page read and write
|
||
|
2394755C000
|
heap
|
page read and write
|
||
|
2394953A000
|
heap
|
page read and write
|
||
|
2394BC5A000
|
heap
|
page read and write
|
||
|
239495AC000
|
heap
|
page read and write
|
||
|
2394958C000
|
heap
|
page read and write
|
||
|
23949583000
|
heap
|
page read and write
|
||
|
2394755C000
|
heap
|
page read and write
|
||
|
23949536000
|
heap
|
page read and write
|
||
|
23949612000
|
heap
|
page read and write
|
||
|
2394950E000
|
heap
|
page read and write
|
||
|
23949502000
|
heap
|
page read and write
|
||
|
23947599000
|
heap
|
page read and write
|
||
|
23949612000
|
heap
|
page read and write
|
||
|
23949520000
|
heap
|
page read and write
|
||
|
239495F4000
|
heap
|
page read and write
|
||
|
23949520000
|
heap
|
page read and write
|
||
|
23947587000
|
heap
|
page read and write
|
||
|
2394960A000
|
heap
|
page read and write
|
||
|
2394753E000
|
heap
|
page read and write
|
||
|
239475C6000
|
heap
|
page read and write
|
||
|
2394960E000
|
heap
|
page read and write
|
||
|
23949612000
|
heap
|
page read and write
|
||
|
239495AD000
|
heap
|
page read and write
|
||
|
2394751C000
|
heap
|
page read and write
|
||
|
23949583000
|
heap
|
page read and write
|
||
|
239495C0000
|
heap
|
page read and write
|
||
|
2394757B000
|
heap
|
page read and write
|
||
|
23947559000
|
heap
|
page read and write
|
||
|
23949606000
|
heap
|
page read and write
|
||
|
239495EB000
|
heap
|
page read and write
|
||
|
23947571000
|
heap
|
page read and write
|
||
|
239495AC000
|
heap
|
page read and write
|
||
|
2394960B000
|
heap
|
page read and write
|
||
|
239495F1000
|
heap
|
page read and write
|
||
|
239495EF000
|
heap
|
page read and write
|
||
|
2394DFD0000
|
heap
|
page readonly
|
||
|
2394C1E0000
|
heap
|
page read and write
|
||
|
2394960E000
|
heap
|
page read and write
|
||
|
23948F70000
|
heap
|
page read and write
|
||
|
2394757C000
|
heap
|
page read and write
|
||
|
2394751C000
|
heap
|
page read and write
|
||
|
23947590000
|
heap
|
page read and write
|
||
|
23949526000
|
heap
|
page read and write
|
||
|
2394BC1D000
|
heap
|
page read and write
|
There are 240 hidden memdumps, click here to show them.