IOC Report
krampus.jsc

loading gif

Processes

Path
Cmdline
Malicious
C:\Windows\System32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding

Registry

Path
Value
Malicious
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\mspaint.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\mspaint.exe.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
There are 8 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1D7B6EB6000
heap
page read and write
1D7B8CD0000
heap
page read and write
1D7B6EEB000
heap
page read and write
1D7B8EA3000
heap
page read and write
1D7B8E71000
heap
page read and write
1D7B8E83000
heap
page read and write
1D7B8D1A000
heap
page read and write
1D7B8CEF000
heap
page read and write
1D7B8CE8000
heap
page read and write
1D7B8CD6000
heap
page read and write
1D7B8CFF000
heap
page read and write
1D7B8E63000
heap
page read and write
5C2B8FF000
stack
page read and write
1D7B8D0E000
heap
page read and write
1D7B8D13000
heap
page read and write
1D7B8CEF000
heap
page read and write
1D7B6EC5000
heap
page read and write
1D7B6EE4000
heap
page read and write
1D7B8E83000
heap
page read and write
1D7BB633000
heap
page read and write
1D7B8CD8000
heap
page read and write
1D7B8E41000
heap
page read and write
1D7BB631000
heap
page read and write
1D7B8D0A000
heap
page read and write
1D7B8CF0000
heap
page read and write
1D7B8DE9000
heap
page read and write
1D7B6F14000
heap
page read and write
1D7B8EBB000
heap
page read and write
1D7B6EF4000
heap
page read and write
1D7BB62F000
heap
page read and write
1D7B8755000
heap
page read and write
1D7B8EBB000
heap
page read and write
5C2B9FE000
stack
page read and write
1D7B6EDA000
heap
page read and write
1D7B8D1A000
heap
page read and write
1D7B8CFF000
heap
page read and write
1D7BD810000
heap
page readonly
1D7B8E71000
heap
page read and write
1D7B6EB6000
heap
page read and write
1D7B6D90000
heap
page read and write
1D7B8D0E000
heap
page read and write
1D7B8DD3000
heap
page read and write
1D7B8CEF000
heap
page read and write
1D7B8E89000
heap
page read and write
1D7B8E52000
heap
page read and write
1D7B8DC0000
heap
page read and write
1D7B8CFA000
heap
page read and write
1D7B6D50000
heap
page read and write
1D7B8DDF000
heap
page read and write
1D7B8CEF000
heap
page read and write
1D7B8CEA000
heap
page read and write
5C2BC7B000
stack
page read and write
1D7B6E20000
heap
page read and write
1D7B8DD8000
heap
page read and write
1D7B8CD9000
heap
page read and write
1D7B8D0A000
heap
page read and write
1D7B8E83000
heap
page read and write
1D7B8CEB000
heap
page read and write
1D7B6EC4000
heap
page read and write
1D7B8E87000
heap
page read and write
1D7BAF10000
trusted library allocation
page read and write
1D7B8CDC000
heap
page read and write
1D7B8E63000
heap
page read and write
1D7B8D0E000
heap
page read and write
1D7B8E63000
heap
page read and write
1D7B6EC8000
heap
page read and write
1D7B8EB9000
heap
page read and write
1D7B6F0C000
heap
page read and write
1D7B8D13000
heap
page read and write
1D7B6EC5000
heap
page read and write
1D7B6EC7000
heap
page read and write
1D7B8E68000
heap
page read and write
1D7B8E71000
heap
page read and write
1D7B8EB9000
heap
page read and write
1D7B8DE1000
heap
page read and write
1D7B6EDE000
heap
page read and write
1D7B6EAB000
heap
page read and write
1D7B6C70000
heap
page read and write
1D7B6EAF000
heap
page read and write
1D7BB613000
heap
page read and write
1D7B8CE7000
heap
page read and write
1D7B8D0A000
heap
page read and write
1D7B8CFF000
heap
page read and write
1D7B8CDC000
heap
page read and write
1D7B8E83000
heap
page read and write
1D7B8E48000
heap
page read and write
1D7B8CFA000
heap
page read and write
1D7BB616000
heap
page read and write
1D7B8CFF000
heap
page read and write
1D7B6EC8000
heap
page read and write
1D7B8D05000
heap
page read and write
1D7B8DE9000
heap
page read and write
1D7B8CC0000
heap
page read and write
1D7B8E85000
heap
page read and write
1D7B8D0B000
heap
page read and write
1D7B8CD0000
heap
page read and write
1D7B6EED000
heap
page read and write
1D7BB62B000
heap
page read and write
5C2B527000
stack
page read and write
1D7B8D05000
heap
page read and write
1D7B8CF5000
heap
page read and write
1D7B8E68000
heap
page read and write
1D7B6EDE000
heap
page read and write
1D7B8DFF000
heap
page read and write
1D7B8CF7000
heap
page read and write
1D7BB611000
heap
page read and write
1D7B8CF5000
heap
page read and write
1D7B8EBB000
heap
page read and write
1D7B6EC8000
heap
page read and write
1D7BB610000
heap
page read and write
1D7B8EA3000
heap
page read and write
1D7B8E48000
heap
page read and write
1D7B8DFF000
heap
page read and write
5C2BD7F000
stack
page read and write
1D7B8CEF000
heap
page read and write
1D7B6E92000
heap
page read and write
1D7B8E68000
heap
page read and write
1D7B8E52000
heap
page read and write
1D7B6EF0000
heap
page read and write
1D7B8DF2000
heap
page read and write
1D7B6EB6000
heap
page read and write
1D7B8CFA000
heap
page read and write
1D7B8D0A000
heap
page read and write
1D7B8D0E000
heap
page read and write
1D7B8E71000
heap
page read and write
1D7B6EDE000
heap
page read and write
1D7B6F14000
heap
page read and write
1D7B6EB0000
heap
page read and write
1D7B8E3E000
heap
page read and write
1D7BB61E000
heap
page read and write
1D7BB62C000
heap
page read and write
1D7BB646000
heap
page read and write
1D7B8CE8000
heap
page read and write
1D7B8CFF000
heap
page read and write
1D7B8E2C000
heap
page read and write
1D7BB62F000
heap
page read and write
1D7B6EB8000
heap
page read and write
1D7B8DFF000
heap
page read and write
1D7B8DEB000
heap
page read and write
1D7B6EC8000
heap
page read and write
1D7B6F14000
heap
page read and write
1D7B6F1D000
heap
page read and write
1D7BB62F000
heap
page read and write
1D7B8E68000
heap
page read and write
1D7B8DEB000
heap
page read and write
1D7B8E63000
heap
page read and write
1D7B6EE3000
heap
page read and write
1D7B875E000
heap
page read and write
1D7B8750000
heap
page read and write
1D7BB644000
heap
page read and write
1D7B6EC5000
heap
page read and write
1D7B8DFF000
heap
page read and write
1D7B6E00000
heap
page read and write
1D7B8CEB000
heap
page read and write
1D7B6EBC000
heap
page read and write
5C2B5AE000
stack
page read and write
1D7B6EC5000
heap
page read and write
1D7BB61D000
heap
page read and write
1D7B8D13000
heap
page read and write
1D7B8EBB000
heap
page read and write
1D7B8D0E000
heap
page read and write
1D7B8CF5000
heap
page read and write
1D7B8CFA000
heap
page read and write
1D7B8D0A000
heap
page read and write
1D7B8D05000
heap
page read and write
1D7B8D0E000
heap
page read and write
1D7B8E2E000
heap
page read and write
1D7B8CDC000
heap
page read and write
1D7B8D0F000
heap
page read and write
1D7B8D05000
heap
page read and write
1D7B8E48000
heap
page read and write
5C2B97C000
stack
page read and write
1D7B8D1A000
heap
page read and write
1D7B8CF5000
heap
page read and write
1D7B8E0A000
heap
page read and write
1D7B8CF2000
heap
page read and write
1D7B875D000
heap
page read and write
1D7B6EB6000
heap
page read and write
1D7B8E71000
heap
page read and write
1D7BB637000
heap
page read and write
1D7B8CF5000
heap
page read and write
1D7B8D05000
heap
page read and write
1D7B8EB9000
heap
page read and write
1D7B6E28000
heap
page read and write
1D7B8CFA000
heap
page read and write
5C2BA7B000
stack
page read and write
1D7B8E52000
heap
page read and write
1D7B8CEF000
heap
page read and write
1D7BB622000
heap
page read and write
1D7B8D05000
heap
page read and write
1D7B8EA3000
heap
page read and write
1D7B8D05000
heap
page read and write
1D7B8D0A000
heap
page read and write
1D7B6EE2000
heap
page read and write
1D7B8E52000
heap
page read and write
1D7B875E000
heap
page read and write
1D7B8CEF000
heap
page read and write
1D7B8CDC000
heap
page read and write
1D7B8D06000
heap
page read and write
1D7B8CE9000
heap
page read and write
1D7BB930000
trusted library allocation
page read and write
1D7B8CEF000
heap
page read and write
7DF452D01000
trusted library allocation
page execute read
1D7B8D0A000
heap
page read and write
1D7B6EC8000
heap
page read and write
1D7B8E83000
heap
page read and write
1D7B6EF0000
heap
page read and write
1D7B8D05000
heap
page read and write
1D7B8E48000
heap
page read and write
1D7B8E8C000
heap
page read and write
1D7B8D0E000
heap
page read and write
1D7B6F1D000
heap
page read and write
1D7BB638000
heap
page read and write
1D7B6EDD000
heap
page read and write
1D7B6EDA000
heap
page read and write
1D7B8CF1000
heap
page read and write
1D7B6EB0000
heap
page read and write
1D7B8E68000
heap
page read and write
1D7B8E52000
heap
page read and write
1D7B8CFF000
heap
page read and write
1D7B8DF2000
heap
page read and write
5C2B87E000
stack
page read and write
1D7BB616000
heap
page read and write
1D7B8CFF000
heap
page read and write
1D7B6ED7000
heap
page read and write
1D7BB613000
heap
page read and write
1D7B8E48000
heap
page read and write
1D7B6EC8000
heap
page read and write
1D7B8E09000
heap
page read and write
1D7B8D1A000
heap
page read and write
1D7B8DF2000
heap
page read and write
1D7B8CF5000
heap
page read and write
1D7B8EB9000
heap
page read and write
1D7B8D13000
heap
page read and write
1D7B8DE7000
heap
page read and write
1D7B8E63000
heap
page read and write
1D7B6EC5000
heap
page read and write
1D7B8EA3000
heap
page read and write
1D7B8DF2000
heap
page read and write
1D7B8D0A000
heap
page read and write
1D7BBA30000
heap
page read and write
1D7B8DC9000
heap
page read and write
1D7B6F14000
heap
page read and write
1D7B8DDF000
heap
page read and write
1D7B8CFF000
heap
page read and write
1D7B8D1C000
heap
page read and write
1D7B6F07000
heap
page read and write
There are 237 hidden memdumps, click here to show them.