Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
25A1989E000
|
heap
|
page read and write
|
||
|
25A1989E000
|
heap
|
page read and write
|
||
|
25A197B2000
|
heap
|
page read and write
|
||
|
25A19849000
|
heap
|
page read and write
|
||
|
25A197C0000
|
heap
|
page read and write
|
||
|
25A1BED3000
|
heap
|
page read and write
|
||
|
25A1792B000
|
heap
|
page read and write
|
||
|
25A197B8000
|
heap
|
page read and write
|
||
|
25A1987F000
|
heap
|
page read and write
|
||
|
25A1790C000
|
heap
|
page read and write
|
||
|
25A1792E000
|
heap
|
page read and write
|
||
|
25A198A3000
|
heap
|
page read and write
|
||
|
25A197AF000
|
heap
|
page read and write
|
||
|
25A19892000
|
heap
|
page read and write
|
||
|
25A19896000
|
heap
|
page read and write
|
||
|
25A1989E000
|
heap
|
page read and write
|
||
|
25A1BE89000
|
heap
|
page read and write
|
||
|
25A19881000
|
heap
|
page read and write
|
||
|
25A19892000
|
heap
|
page read and write
|
||
|
25A177E0000
|
heap
|
page read and write
|
||
|
DBA69FB000
|
stack
|
page read and write
|
||
|
25A19849000
|
heap
|
page read and write
|
||
|
25A1792B000
|
heap
|
page read and write
|
||
|
25A17927000
|
heap
|
page read and write
|
||
|
25A19860000
|
heap
|
page read and write
|
||
|
25A19794000
|
heap
|
page read and write
|
||
|
25A19793000
|
heap
|
page read and write
|
||
|
25A198AA000
|
heap
|
page read and write
|
||
|
25A178C0000
|
heap
|
page read and write
|
||
|
25A19880000
|
heap
|
page read and write
|
||
|
25A1BE80000
|
heap
|
page read and write
|
||
|
25A1988A000
|
heap
|
page read and write
|
||
|
25A1987F000
|
heap
|
page read and write
|
||
|
25A1986B000
|
heap
|
page read and write
|
||
|
25A17950000
|
heap
|
page read and write
|
||
|
25A1BECF000
|
heap
|
page read and write
|
||
|
25A1794C000
|
heap
|
page read and write
|
||
|
25A19896000
|
heap
|
page read and write
|
||
|
25A17840000
|
heap
|
page read and write
|
||
|
25A17908000
|
heap
|
page read and write
|
||
|
25A1986B000
|
heap
|
page read and write
|
||
|
25A1981F000
|
heap
|
page read and write
|
||
|
25A1791B000
|
heap
|
page read and write
|
||
|
25A178D3000
|
heap
|
page read and write
|
||
|
25A1989A000
|
heap
|
page read and write
|
||
|
25A197B4000
|
heap
|
page read and write
|
||
|
25A1792B000
|
heap
|
page read and write
|
||
|
25A198A2000
|
heap
|
page read and write
|
||
|
25A17910000
|
heap
|
page read and write
|
||
|
25A197C0000
|
heap
|
page read and write
|
||
|
DBA697D000
|
stack
|
page read and write
|
||
|
25A19881000
|
heap
|
page read and write
|
||
|
25A1980A000
|
heap
|
page read and write
|
||
|
DBA655E000
|
stack
|
page read and write
|
||
|
7DF40F931000
|
trusted library allocation
|
page execute read
|
||
|
25A1BEC9000
|
heap
|
page read and write
|
||
|
25A19880000
|
heap
|
page read and write
|
||
|
25A197CC000
|
heap
|
page read and write
|
||
|
25A178F7000
|
heap
|
page read and write
|
||
|
25A197CC000
|
heap
|
page read and write
|
||
|
25A1989E000
|
heap
|
page read and write
|
||
|
25A1795A000
|
heap
|
page read and write
|
||
|
25A17925000
|
heap
|
page read and write
|
||
|
DBA68FC000
|
stack
|
page read and write
|
||
|
25A197AF000
|
heap
|
page read and write
|
||
|
25A1989E000
|
heap
|
page read and write
|
||
|
25A1BEDA000
|
heap
|
page read and write
|
||
|
25A1795E000
|
heap
|
page read and write
|
||
|
25A197CC000
|
heap
|
page read and write
|
||
|
25A1791E000
|
heap
|
page read and write
|
||
|
25A1988E000
|
heap
|
page read and write
|
||
|
25A19889000
|
heap
|
page read and write
|
||
|
25A19868000
|
heap
|
page read and write
|
||
|
25A19849000
|
heap
|
page read and write
|
||
|
25A19896000
|
heap
|
page read and write
|
||
|
25A17915000
|
heap
|
page read and write
|
||
|
25A17914000
|
heap
|
page read and write
|
||
|
25A17924000
|
heap
|
page read and write
|
||
|
25A1B9A0000
|
trusted library allocation
|
page read and write
|
||
|
25A19892000
|
heap
|
page read and write
|
||
|
25A197B6000
|
heap
|
page read and write
|
||
|
25A19875000
|
heap
|
page read and write
|
||
|
25A1BECF000
|
heap
|
page read and write
|
||
|
25A198A6000
|
heap
|
page read and write
|
||
|
25A198A2000
|
heap
|
page read and write
|
||
|
25A1987F000
|
heap
|
page read and write
|
||
|
25A1BEC0000
|
heap
|
page read and write
|
||
|
25A19861000
|
heap
|
page read and write
|
||
|
25A1BECF000
|
heap
|
page read and write
|
||
|
25A198A2000
|
heap
|
page read and write
|
||
|
25A1795E000
|
heap
|
page read and write
|
||
|
25A178D3000
|
heap
|
page read and write
|
||
|
25A19839000
|
heap
|
page read and write
|
||
|
25A197A8000
|
heap
|
page read and write
|
||
|
25A197C0000
|
heap
|
page read and write
|
||
|
25A178F7000
|
heap
|
page read and write
|
||
|
25A1791C000
|
heap
|
page read and write
|
||
|
25A19892000
|
heap
|
page read and write
|
||
|
25A19850000
|
heap
|
page read and write
|
||
|
25A1979D000
|
heap
|
page read and write
|
||
|
25A1792B000
|
heap
|
page read and write
|
||
|
25A19878000
|
heap
|
page read and write
|
||
|
25A197C7000
|
heap
|
page read and write
|
||
|
25A17901000
|
heap
|
page read and write
|
||
|
25A1988E000
|
heap
|
page read and write
|
||
|
25A17916000
|
heap
|
page read and write
|
||
|
25A197A5000
|
heap
|
page read and write
|
||
|
25A19884000
|
heap
|
page read and write
|
||
|
25A178F7000
|
heap
|
page read and write
|
||
|
25A1982E000
|
heap
|
page read and write
|
||
|
25A197B2000
|
heap
|
page read and write
|
||
|
25A1989B000
|
heap
|
page read and write
|
||
|
25A19896000
|
heap
|
page read and write
|
||
|
25A197C7000
|
heap
|
page read and write
|
||
|
DBA64D6000
|
stack
|
page read and write
|
||
|
25A1988D000
|
heap
|
page read and write
|
||
|
DBA65DE000
|
stack
|
page read and write
|
||
|
25A19873000
|
heap
|
page read and write
|
||
|
25A19892000
|
heap
|
page read and write
|
||
|
25A197B4000
|
heap
|
page read and write
|
||
|
25A17860000
|
heap
|
page read and write
|
||
|
25A1988D000
|
heap
|
page read and write
|
||
|
25A19884000
|
heap
|
page read and write
|
||
|
25A1989A000
|
heap
|
page read and write
|
||
|
25A19792000
|
heap
|
page read and write
|
||
|
25A17850000
|
heap
|
page read and write
|
||
|
25A1987F000
|
heap
|
page read and write
|
||
|
25A17910000
|
heap
|
page read and write
|
||
|
25A1BEB7000
|
heap
|
page read and write
|
||
|
25A1790C000
|
heap
|
page read and write
|
||
|
25A19884000
|
heap
|
page read and write
|
||
|
25A17820000
|
heap
|
page read and write
|
||
|
25A1988E000
|
heap
|
page read and write
|
||
|
25A19879000
|
heap
|
page read and write
|
||
|
25A1792B000
|
heap
|
page read and write
|
||
|
25A1BED6000
|
heap
|
page read and write
|
||
|
25A1988E000
|
heap
|
page read and write
|
||
|
25A1BE84000
|
heap
|
page read and write
|
||
|
25A19750000
|
heap
|
page read and write
|
||
|
25A19826000
|
heap
|
page read and write
|
||
|
25A19885000
|
heap
|
page read and write
|
||
|
25A17927000
|
heap
|
page read and write
|
||
|
25A1988D000
|
heap
|
page read and write
|
||
|
25A1BEA0000
|
heap
|
page read and write
|
||
|
DBA6BFB000
|
stack
|
page read and write
|
||
|
25A19869000
|
heap
|
page read and write
|
||
|
25A19896000
|
heap
|
page read and write
|
||
|
25A178F7000
|
heap
|
page read and write
|
||
|
25A1980E000
|
heap
|
page read and write
|
||
|
25A1987F000
|
heap
|
page read and write
|
||
|
25A1987B000
|
heap
|
page read and write
|
||
|
25A19849000
|
heap
|
page read and write
|
||
|
25A17922000
|
heap
|
page read and write
|
||
|
25A197B8000
|
heap
|
page read and write
|
||
|
25A1791F000
|
heap
|
page read and write
|
||
|
25A1989B000
|
heap
|
page read and write
|
||
|
DBA687F000
|
stack
|
page read and write
|
||
|
25A1982D000
|
heap
|
page read and write
|
||
|
25A17918000
|
heap
|
page read and write
|
||
|
25A1981F000
|
heap
|
page read and write
|
||
|
25A1791E000
|
heap
|
page read and write
|
||
|
25A1C370000
|
heap
|
page read and write
|
||
|
25A19884000
|
heap
|
page read and write
|
||
|
25A1BEC8000
|
heap
|
page read and write
|
||
|
25A1792B000
|
heap
|
page read and write
|
||
|
25A17928000
|
heap
|
page read and write
|
||
|
25A1791B000
|
heap
|
page read and write
|
||
|
25A19896000
|
heap
|
page read and write
|
||
|
25A17700000
|
heap
|
page read and write
|
||
|
25A178BE000
|
heap
|
page read and write
|
||
|
25A1BEC1000
|
heap
|
page read and write
|
||
|
25A19836000
|
heap
|
page read and write
|
||
|
25A19877000
|
heap
|
page read and write
|
||
|
25A198A2000
|
heap
|
page read and write
|
||
|
25A19865000
|
heap
|
page read and write
|
||
|
25A1BED0000
|
heap
|
page read and write
|
||
|
25A17908000
|
heap
|
page read and write
|
||
|
25A1989A000
|
heap
|
page read and write
|
||
|
25A197C7000
|
heap
|
page read and write
|
||
|
25A197CC000
|
heap
|
page read and write
|
||
|
25A17933000
|
heap
|
page read and write
|
||
|
25A1E260000
|
heap
|
page readonly
|
||
|
25A1C380000
|
trusted library allocation
|
page read and write
|
||
|
25A17933000
|
heap
|
page read and write
|
||
|
25A17926000
|
heap
|
page read and write
|
||
|
25A1792B000
|
heap
|
page read and write
|
||
|
25A1989E000
|
heap
|
page read and write
|
||
|
25A17909000
|
heap
|
page read and write
|
||
|
25A17935000
|
heap
|
page read and write
|
||
|
25A178ED000
|
heap
|
page read and write
|
||
|
25A1989F000
|
heap
|
page read and write
|
||
|
25A1BEB2000
|
heap
|
page read and write
|
||
|
25A17855000
|
heap
|
page read and write
|
||
|
25A1989A000
|
heap
|
page read and write
|
||
|
25A197C0000
|
heap
|
page read and write
|
||
|
25A17938000
|
heap
|
page read and write
|
||
|
25A19809000
|
heap
|
page read and write
|
||
|
25A1791C000
|
heap
|
page read and write
|
||
|
25A19884000
|
heap
|
page read and write
|
||
|
25A1791C000
|
heap
|
page read and write
|
||
|
25A17932000
|
heap
|
page read and write
|
||
|
25A1987A000
|
heap
|
page read and write
|
||
|
25A1987B000
|
heap
|
page read and write
|
||
|
25A197B6000
|
heap
|
page read and write
|
||
|
25A198A3000
|
heap
|
page read and write
|
||
|
25A1989A000
|
heap
|
page read and write
|
||
|
25A1980F000
|
heap
|
page read and write
|
||
|
25A1989A000
|
heap
|
page read and write
|
||
|
25A19872000
|
heap
|
page read and write
|
There are 199 hidden memdumps, click here to show them.