Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\windows\system32\cmd.exe" /c "C:\Windows\explorer.exe %cd%.DataStorage & attrib -s -h %cd%dBuXlYk.exe & xcopy /F /S /Q
/H /R /Y %cd%dBuXlYk.exe C:\Users\user\AppData\Local\Temp\zHyIh\ & attrib +s +h %cd%dBuXlYk.exe & start C:\Users\user\AppData\Local\Temp\zHyIh\dBuXlYk.exe
& exit
|
 |
|
|
C:\Windows\System32\attrib.exe
|
attrib -s -h C:\Users\user\DesktopdBuXlYk.exe
|
|
|
|
C:\Windows\System32\attrib.exe
|
attrib +s +h C:\Users\user\DesktopdBuXlYk.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\explorer.exe
|
C:\Windows\explorer.exe C:\Users\user\Desktop.DataStorage
|
||
|
C:\Windows\explorer.exe
|
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
|
||
|
C:\Windows\System32\xcopy.exe
|
xcopy /F /S /Q /H /R /Y C:\Users\user\DesktopdBuXlYk.exe C:\Users\user\AppData\Local\Temp\zHyIh\
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\ndfapi.dll,-40001
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2
|
3
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\3
|
NodeSlot
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\3
|
MRUListEx
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell
|
SniffedFolderType
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\f1\52C64B7E
|
@C:\Program Files\Common Files\Microsoft Shared\Office16\oregres.dll,-123
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\f1\52C64B7E
|
@C:\Program Files\Common Files\Microsoft Shared\Office16\oregres.dll,-101
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Windows.Photos_2018.18011.15918.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d3d24082732a3\55e3c056
|
LanguageList
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.ZuneMusic_10.17112.19011.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d3d23fc5a2b9a7\55e3c056
|
LanguageList
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Windows.Photos_2018.18011.15918.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d3d24082732a3\55e3c056
|
@{microsoft.windows.photos_2018.18011.15918.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/files/assets/photoslogoextensions.png}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.ZuneMusic_10.17112.19011.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d3d23fc5a2b9a7\55e3c056
|
@{microsoft.zunemusic_10.17112.19011.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/files/assets/fileextension.png}
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore
|
Count
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore
|
Time
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2
|
MRUListEx
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
|
NodeSlots
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2539F0A0000
|
trusted library allocation
|
page read and write
|
||
|
C74537A000
|
stack
|
page read and write
|
||
|
42F000
|
heap
|
page read and write
|
||
|
232E000
|
stack
|
page read and write
|
||
|
118000
|
stack
|
page read and write
|
||
|
C7452FE000
|
stack
|
page read and write
|
||
|
3B59000
|
heap
|
page read and write
|
||
|
62F1000
|
heap
|
page read and write
|
||
|
5D2C000
|
stack
|
page read and write
|
||
|
6330000
|
heap
|
page read and write
|
||
|
79D5000
|
unkown
|
page readonly
|
||
|
7FF883957000
|
unkown
|
page readonly
|
||
|
445000
|
heap
|
page read and write
|
||
|
7FF883750000
|
unkown
|
page readonly
|
||
|
7AB7000
|
unkown
|
page readonly
|
||
|
1EDB0065000
|
heap
|
page read and write
|
||
|
7FF8838E5000
|
unkown
|
page read and write
|
||
|
7AB9000
|
unkown
|
page readonly
|
||
|
2C04000
|
heap
|
page read and write
|
||
|
7B30000
|
heap
|
page read and write
|
||
|
79AC000
|
unkown
|
page readonly
|
||
|
2539F310000
|
trusted library allocation
|
page read and write
|
||
|
62D4000
|
heap
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
C744F9B000
|
stack
|
page read and write
|
||
|
5330000
|
heap
|
page read and write
|
||
|
3B8A000
|
heap
|
page read and write
|
||
|
539A000
|
heap
|
page read and write
|
||
|
1EDAFE6B000
|
heap
|
page read and write
|
||
|
531E000
|
heap
|
page read and write
|
||
|
626B000
|
heap
|
page read and write
|
||
|
1EDAFD20000
|
heap
|
page read and write
|
||
|
62DE000
|
heap
|
page read and write
|
||
|
1335000
|
heap
|
page read and write
|
||
|
DE05EFF000
|
stack
|
page read and write
|
||
|
448000
|
heap
|
page read and write
|
||
|
448000
|
heap
|
page read and write
|
||
|
7852000
|
unkown
|
page readonly
|
||
|
7A13000
|
unkown
|
page readonly
|
||
|
52E8000
|
heap
|
page read and write
|
||
|
5378000
|
heap
|
page read and write
|
||
|
7A65000
|
unkown
|
page readonly
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
DE05BCC000
|
stack
|
page read and write
|
||
|
7FF8838F3000
|
unkown
|
page readonly
|
||
|
5246000
|
heap
|
page read and write
|
||
|
61B2000
|
heap
|
page read and write
|
||
|
2539F030000
|
trusted library allocation
|
page read and write
|
||
|
1EDAFE69000
|
heap
|
page read and write
|
||
|
FB2000
|
heap
|
page read and write
|
||
|
3047000
|
stack
|
page read and write
|
||
|
72DB000
|
unkown
|
page readonly
|
||
|
F92000
|
heap
|
page read and write
|
||
|
2539F040000
|
trusted library allocation
|
page read and write
|
||
|
DE05E7F000
|
stack
|
page read and write
|
||
|
2539F0B0000
|
trusted library allocation
|
page read and write
|
||
|
791C000
|
unkown
|
page readonly
|
||
|
507A000
|
heap
|
page read and write
|
||
|
79A5000
|
unkown
|
page readonly
|
||
|
61FE000
|
heap
|
page read and write
|
||
|
6AB0000
|
trusted library allocation
|
page read and write
|
||
|
64E000
|
stack
|
page read and write
|
||
|
7ACC000
|
unkown
|
page readonly
|
||
|
7AA3000
|
unkown
|
page readonly
|
||
|
448000
|
heap
|
page read and write
|
||
|
2BD8000
|
stack
|
page read and write
|
||
|
2539E270000
|
trusted library allocation
|
page read and write
|
||
|
79E3000
|
unkown
|
page readonly
|
||
|
5336000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
3B20000
|
heap
|
page read and write
|
||
|
2539F320000
|
trusted library allocation
|
page read and write
|
||
|
4FF0000
|
heap
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
2539E370000
|
heap
|
page read and write
|
||
|
408000
|
heap
|
page read and write
|
||
|
2539E540000
|
trusted library allocation
|
page read and write
|
||
|
30C3000
|
stack
|
page read and write
|
||
|
2539F2F0000
|
trusted library allocation
|
page read and write
|
||
|
2539E339000
|
heap
|
page read and write
|
||
|
62F7000
|
heap
|
page read and write
|
||
|
60000
|
heap
|
page read and write
|
||
|
F28000
|
heap
|
page read and write
|
||
|
7788000
|
unkown
|
page readonly
|
||
|
78BA000
|
unkown
|
page readonly
|
||
|
1EDB0060000
|
heap
|
page read and write
|
||
|
77CF000
|
unkown
|
page readonly
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
61E0000
|
heap
|
page read and write
|
||
|
6CD000
|
stack
|
page read and write
|
||
|
FDB000
|
heap
|
page read and write
|
||
|
2539E3C7000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
4FA0000
|
heap
|
page read and write
|
||
|
80AC000
|
stack
|
page read and write
|
||
|
521C000
|
heap
|
page read and write
|
||
|
7A8E000
|
unkown
|
page readonly
|
||
|
6324000
|
heap
|
page read and write
|
||
|
81EB000
|
stack
|
page read and write
|
||
|
522E000
|
heap
|
page read and write
|
||
|
812B000
|
stack
|
page read and write
|
||
|
2539E2F0000
|
heap
|
page read and write
|
||
|
51A0000
|
heap
|
page read and write
|
||
|
2539E3C7000
|
heap
|
page read and write
|
||
|
6250000
|
heap
|
page read and write
|
||
|
5B4B000
|
stack
|
page read and write
|
||
|
76E7000
|
unkown
|
page readonly
|
||
|
2539E260000
|
heap
|
page read and write
|
||
|
761D000
|
unkown
|
page readonly
|
||
|
C7453F9000
|
stack
|
page read and write
|
||
|
1CC000
|
stack
|
page read and write
|
||
|
1EDAFE70000
|
heap
|
page read and write
|
||
|
4FF3000
|
heap
|
page read and write
|
||
|
23DE000
|
stack
|
page read and write
|
||
|
7A52000
|
unkown
|
page readonly
|
||
|
3CA0000
|
heap
|
page read and write
|
||
|
2FCF000
|
stack
|
page read and write
|
||
|
7A3C000
|
unkown
|
page readonly
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
72F3000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
2539E3B7000
|
heap
|
page read and write
|
||
|
5AC7000
|
stack
|
page read and write
|
||
|
3B81000
|
heap
|
page read and write
|
||
|
61CB000
|
heap
|
page read and write
|
||
|
6950000
|
heap
|
page read and write
|
||
|
6226000
|
heap
|
page read and write
|
||
|
FD2000
|
heap
|
page read and write
|
||
|
7983000
|
unkown
|
page readonly
|
||
|
5A47000
|
stack
|
page read and write
|
||
|
7FF8838E3000
|
unkown
|
page read and write
|
||
|
69A7000
|
heap
|
page read and write
|
||
|
7844000
|
unkown
|
page readonly
|
||
|
7AB0000
|
unkown
|
page readonly
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
2539E378000
|
heap
|
page read and write
|
||
|
2539E2D0000
|
heap
|
page read and write
|
||
|
C74527E000
|
stack
|
page read and write
|
||
|
7FF8838EA000
|
unkown
|
page read and write
|
||
|
2539F300000
|
heap
|
page readonly
|
||
|
2539E3C7000
|
heap
|
page read and write
|
||
|
7FF8838EE000
|
unkown
|
page read and write
|
||
|
2539E330000
|
heap
|
page read and write
|
||
|
69A0000
|
heap
|
page read and write
|
||
|
1F3E000
|
stack
|
page read and write
|
||
|
444000
|
heap
|
page read and write
|
||
|
6230000
|
heap
|
page read and write
|
||
|
7945000
|
unkown
|
page readonly
|
||
|
7FF883839000
|
unkown
|
page readonly
|
||
|
EB7000
|
stack
|
page read and write
|
||
|
61BC000
|
heap
|
page read and write
|
||
|
7AE2000
|
unkown
|
page readonly
|
||
|
79FE000
|
unkown
|
page readonly
|
||
|
633A000
|
heap
|
page read and write
|
||
|
77B7000
|
unkown
|
page readonly
|
||
|
7AD9000
|
unkown
|
page readonly
|
||
|
7761000
|
unkown
|
page readonly
|
||
|
589D000
|
stack
|
page read and write
|
||
|
FAD000
|
heap
|
page read and write
|
||
|
C74557F000
|
stack
|
page read and write
|
||
|
1004000
|
heap
|
page read and write
|
||
|
629A000
|
heap
|
page read and write
|
||
|
72B0000
|
unkown
|
page readonly
|
||
|
796E000
|
unkown
|
page readonly
|
||
|
FE2000
|
heap
|
page read and write
|
||
|
34CF000
|
stack
|
page read and write
|
||
|
535A000
|
heap
|
page read and write
|
||
|
621C000
|
heap
|
page read and write
|
||
|
632D000
|
heap
|
page read and write
|
||
|
779E000
|
unkown
|
page readonly
|
||
|
42B000
|
heap
|
page read and write
|
||
|
521A000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
C7454F9000
|
stack
|
page read and write
|
||
|
C74547F000
|
stack
|
page read and write
|
||
|
7FF8838EC000
|
unkown
|
page read and write
|
||
|
2B58000
|
stack
|
page read and write
|
||
|
100F000
|
heap
|
page read and write
|
||
|
1F60000
|
heap
|
page read and write
|
||
|
7FF8838ED000
|
unkown
|
page write copy
|
||
|
7FF88394F000
|
unkown
|
page readonly
|
||
|
77A5000
|
unkown
|
page readonly
|
||
|
624E000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
1EDAFF80000
|
heap
|
page read and write
|
||
|
2539E335000
|
heap
|
page read and write
|
||
|
7FF883751000
|
unkown
|
page execute read
|
||
|
5314000
|
heap
|
page read and write
|
||
|
50A0000
|
heap
|
page read and write
|
||
|
624C000
|
heap
|
page read and write
|
||
|
50A8000
|
heap
|
page read and write
|
||
|
7A9C000
|
unkown
|
page readonly
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
72DE000
|
unkown
|
page readonly
|
||
|
2539E3BF000
|
heap
|
page read and write
|
||
|
77BF000
|
unkown
|
page readonly
|
||
|
2539F370000
|
trusted library allocation
|
page read and write
|
||
|
7AC5000
|
unkown
|
page readonly
|
||
|
3320000
|
heap
|
page read and write
|
||
|
1EDAFF60000
|
heap
|
page read and write
|
||
|
1EDAFE60000
|
heap
|
page read and write
|
||
|
7FF88390A000
|
unkown
|
page readonly
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
72E2000
|
unkown
|
page readonly
|
There are 195 hidden memdumps, click here to show them.