IOC Report
Harbor Freight Department.png

loading gif

Processes

Path
Cmdline
Malicious
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe "C:\Users\user\Desktop\Harbor Freight Department.png"

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View
WindowPlacement
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View
ShowThumbnail
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View
BMPWidth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View
BMPHeight
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View
ThumbXPos
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View
ThumbYPos
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View
ThumbWidth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View
ThumbHeight
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View
UnitSetting
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View
ShowRulers
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View
ShowGrid
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View
ShowStatusBar
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View
NoStretching
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text
ShowTextTool
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text
PointSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text
PositionX
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text
PositionY
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text
Bold
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text
Underline
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text
Italic
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text
Strikeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text
TextPen
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text
TypeFaceName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text
CharSet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View
SnapToGrid
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View
GridExtent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Ribbon
QatItems
There are 17 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2FD4000
heap
page read and write
2E2000
heap
page read and write
2AC000
heap
page read and write
2899000
heap
page read and write
5C28000
trusted library allocation
page read and write
2A1000
heap
page read and write
5C20000
trusted library allocation
page read and write
2893000
heap
page read and write
2885000
heap
page read and write
28A3000
heap
page read and write
2892000
heap
page read and write
2C6000
heap
page read and write
295000
heap
page read and write
2880000
heap
page read and write
25E000
heap
page read and write
287C000
heap
page read and write
28BC000
heap
page read and write
5C26000
trusted library allocation
page read and write
2D1000
heap
page read and write
184000
stack
page read and write
2886000
heap
page read and write
26F0000
trusted library allocation
page execute and read and write
295000
heap
page read and write
23C4000
heap
page read and write
5480000
heap
page read and write
220000
heap
page read and write
2AC000
heap
page read and write
2880000
heap
page read and write
2FB000
heap
page read and write
2A7000
heap
page read and write
27C000
heap
page read and write
276000
heap
page read and write
288C000
heap
page read and write
2FD8000
heap
page read and write
2880000
heap
page read and write
2E7000
heap
page read and write
2D1000
heap
page read and write
21A4000
heap
page read and write
D5A000
heap
page read and write
2AA000
heap
page read and write
2AB000
heap
page read and write
28AF000
heap
page read and write
28F000
heap
page read and write
2BB000
heap
page read and write
2EA000
heap
page read and write
23BE000
stack
page read and write
2884000
heap
page read and write
2884000
heap
page read and write
5580000
heap
page read and write
288000
heap
page read and write
2AC000
heap
page read and write
5BE0000
heap
page read and write
2880000
heap
page read and write
28BE000
heap
page read and write
27DE000
stack
page read and write
2AE000
heap
page read and write
2AF000
heap
page read and write
2F2000
heap
page read and write
2C3000
heap
page read and write
289D000
heap
page read and write
28BC000
heap
page read and write
285000
heap
page read and write
2D4000
heap
page read and write
2D4000
heap
page read and write
5C23000
trusted library allocation
page read and write
5C25000
trusted library allocation
page read and write
2D4000
heap
page read and write
2400000
heap
page read and write
2A3F000
stack
page read and write
2E3000
heap
page read and write
3F91000
heap
page read and write
285F000
heap
page read and write
2881000
heap
page read and write
5C22000
trusted library allocation
page read and write
2FDB000
heap
page read and write
24F000
heap
page read and write
2E7000
heap
page read and write
1EC000
stack
page read and write
2898000
heap
page read and write
2BBE000
stack
page read and write
316000
heap
page read and write
29C000
heap
page read and write
2B8000
heap
page read and write
5C21000
trusted library allocation
page read and write
25A000
heap
page read and write
2CC000
heap
page read and write
291000
heap
page read and write
2C9000
heap
page read and write
2D7000
heap
page read and write
2899000
heap
page read and write
2863000
heap
page read and write
2899000
heap
page read and write
2EB000
heap
page read and write
288D000
heap
page read and write
2893000
heap
page read and write
2C6000
heap
page read and write
5C27000
trusted library allocation
page read and write
319000
heap
page read and write
2350000
trusted library allocation
page read and write
298000
heap
page read and write
3F91000
heap
page read and write
284000
heap
page read and write
28BC000
heap
page read and write
28A1000
heap
page read and write
27E000
heap
page read and write
59B0000
heap
page read and write
23E2000
heap
page read and write
287F000
heap
page read and write
28B4000
heap
page read and write
297000
heap
page read and write
B0000
heap
page read and write
2840000
heap
page read and write
23C0000
heap
page read and write
2882000
heap
page read and write
5C24000
trusted library allocation
page read and write
28B2000
heap
page read and write
2E2000
heap
page read and write
2F1000
heap
page read and write
2C2000
heap
page read and write
2E6000
heap
page read and write
285D000
heap
page read and write
2C3000
heap
page read and write
2C8000
heap
page read and write
2D1000
heap
page read and write
2FC000
heap
page read and write
276000
heap
page read and write
2E4000
heap
page read and write
5700000
heap
page read and write
318000
heap
page read and write
2FF000
heap
page read and write
2887000
heap
page read and write
227000
heap
page read and write
2E2000
heap
page read and write
2D0000
heap
page read and write
2899000
heap
page read and write
2D4000
heap
page read and write
2A9000
heap
page read and write
56A0000
heap
page read and write
3F84000
heap
page read and write
27D000
heap
page read and write
28BC000
heap
page read and write
28B4000
heap
page read and write
28BC000
heap
page read and write
2AC000
heap
page read and write
2E2000
heap
page read and write
21C1000
heap
page read and write
2CD000
heap
page read and write
296000
heap
page read and write
21A0000
heap
page read and write
2340000
heap
page read and write
27C000
heap
page read and write
2B1F000
stack
page read and write
2A0000
heap
page read and write
28A7000
heap
page read and write
2C1000
heap
page read and write
2F8000
heap
page read and write
28AA000
heap
page read and write
2D3000
heap
page read and write
303000
heap
page read and write
2D80000
heap
page read and write
28B1000
heap
page read and write
2899000
heap
page read and write
27B000
heap
page read and write
2E2000
heap
page read and write
2894000
heap
page read and write
5850000
heap
page read and write
28A6000
heap
page read and write
2AAE000
stack
page read and write
2C9000
heap
page read and write
283000
heap
page read and write
25D000
heap
page read and write
D56000
heap
page read and write
2A6000
heap
page read and write
2884000
heap
page read and write
10000
heap
page read and write
288C000
heap
page read and write
289E000
heap
page read and write
28B4000
heap
page read and write
3F91000
heap
page read and write
288B000
heap
page read and write
287C000
heap
page read and write
28AC000
heap
page read and write
3F82000
heap
page read and write
2C5000
heap
page read and write
27C000
heap
page read and write
2180000
trusted library allocation
page read and write
315000
heap
page read and write
2C6000
heap
page read and write
28B4000
heap
page read and write
2AC000
heap
page read and write
244000
heap
page read and write
2350000
trusted library allocation
page read and write
28F000
heap
page read and write
287E000
heap
page read and write
2EF000
heap
page read and write
28B4000
heap
page read and write
2C6000
heap
page read and write
558A000
heap
page read and write
2C0000
heap
page read and write
2AC000
heap
page read and write
3F70000
heap
page read and write
286000
heap
page read and write
300000
heap
page read and write
3F92000
heap
page read and write
2D2F000
stack
page read and write
2893000
heap
page read and write
2886000
heap
page read and write
29E000
heap
page read and write
276000
heap
page read and write
D50000
heap
page read and write
290000
heap
page read and write
2FD0000
heap
page read and write
2352000
trusted library allocation
page read and write
2863000
heap
page read and write
2D8000
heap
page read and write
29AF000
stack
page read and write
There are 206 hidden memdumps, click here to show them.