Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1BB9BDDE000
|
heap
|
page read and write
|
||
|
1BB9BD34000
|
heap
|
page read and write
|
||
|
1BB9BDB2000
|
heap
|
page read and write
|
||
|
1BB9BD39000
|
heap
|
page read and write
|
||
|
1BB9BC3B000
|
heap
|
page read and write
|
||
|
1BB9BC39000
|
heap
|
page read and write
|
||
|
1BB9BDC2000
|
heap
|
page read and write
|
||
|
1BB9BC4F000
|
heap
|
page read and write
|
||
|
1BB9BC64000
|
heap
|
page read and write
|
||
|
1BB9BC3B000
|
heap
|
page read and write
|
||
|
1BB9BC5F000
|
heap
|
page read and write
|
||
|
1BB99BC0000
|
heap
|
page read and write
|
||
|
1BB9BC3F000
|
heap
|
page read and write
|
||
|
737ED7E000
|
stack
|
page read and write
|
||
|
1BB9BC64000
|
heap
|
page read and write
|
||
|
1BB9BC3B000
|
heap
|
page read and write
|
||
|
1BB99DD9000
|
heap
|
page read and write
|
||
|
1BB99DB8000
|
heap
|
page read and write
|
||
|
1BB9BC64000
|
heap
|
page read and write
|
||
|
1BB9BD43000
|
heap
|
page read and write
|
||
|
1BB99DF6000
|
heap
|
page read and write
|
||
|
1BB9BC20000
|
heap
|
page read and write
|
||
|
1BB9BD41000
|
heap
|
page read and write
|
||
|
1BB99DB0000
|
heap
|
page read and write
|
||
|
1BB9BC5A000
|
heap
|
page read and write
|
||
|
1BB9BC5F000
|
heap
|
page read and write
|
||
|
1BB99DDE000
|
heap
|
page read and write
|
||
|
1BB9BC45000
|
heap
|
page read and write
|
||
|
1BB9BC4B000
|
heap
|
page read and write
|
||
|
1BB9BC2C000
|
heap
|
page read and write
|
||
|
1BB99DD9000
|
heap
|
page read and write
|
||
|
1BB9BC4C000
|
heap
|
page read and write
|
||
|
1BB9DE60000
|
trusted library allocation
|
page read and write
|
||
|
1BB9E48A000
|
heap
|
page read and write
|
||
|
1BB9BC38000
|
heap
|
page read and write
|
||
|
1BB9BC64000
|
heap
|
page read and write
|
||
|
1BB9BD95000
|
heap
|
page read and write
|
||
|
1BB9BD10000
|
heap
|
page read and write
|
||
|
1BB9BDC6000
|
heap
|
page read and write
|
||
|
1BB9BDCD000
|
heap
|
page read and write
|
||
|
1BB9BC26000
|
heap
|
page read and write
|
||
|
737EEFD000
|
stack
|
page read and write
|
||
|
1BB9BC55000
|
heap
|
page read and write
|
||
|
1BB9BDE0000
|
heap
|
page read and write
|
||
|
1BB99DE5000
|
heap
|
page read and write
|
||
|
1BB9BC45000
|
heap
|
page read and write
|
||
|
737ECFE000
|
stack
|
page read and write
|
||
|
1BB9BC5A000
|
heap
|
page read and write
|
||
|
1BB99DEC000
|
heap
|
page read and write
|
||
|
1BB9BC4F000
|
heap
|
page read and write
|
||
|
1BB9BD15000
|
heap
|
page read and write
|
||
|
1BB9BDE2000
|
heap
|
page read and write
|
||
|
1BB9BDE2000
|
heap
|
page read and write
|
||
|
1BB9BC55000
|
heap
|
page read and write
|
||
|
1BB9BC4F000
|
heap
|
page read and write
|
||
|
1BB99D20000
|
heap
|
page read and write
|
||
|
1BB9E4A8000
|
heap
|
page read and write
|
||
|
1BB9BC4F000
|
heap
|
page read and write
|
||
|
1BB9BE07000
|
heap
|
page read and write
|
||
|
1BB9BE01000
|
heap
|
page read and write
|
||
|
1BB9B635000
|
heap
|
page read and write
|
||
|
1BB9BDB2000
|
heap
|
page read and write
|
||
|
737EDFE000
|
stack
|
page read and write
|
||
|
1BB9BDAC000
|
heap
|
page read and write
|
||
|
1BB9BC5C000
|
heap
|
page read and write
|
||
|
1BB9BD39000
|
heap
|
page read and write
|
||
|
1BB9BC2C000
|
heap
|
page read and write
|
||
|
1BB99DDC000
|
heap
|
page read and write
|
||
|
1BB9BD3D000
|
heap
|
page read and write
|
||
|
1BB9BE07000
|
heap
|
page read and write
|
||
|
1BB9E488000
|
heap
|
page read and write
|
||
|
1BB9E493000
|
heap
|
page read and write
|
||
|
1BB9B63E000
|
heap
|
page read and write
|
||
|
1BB9BC60000
|
heap
|
page read and write
|
||
|
1BB9BD33000
|
heap
|
page read and write
|
||
|
1BB9BC55000
|
heap
|
page read and write
|
||
|
1BB99E02000
|
heap
|
page read and write
|
||
|
1BB99DAC000
|
heap
|
page read and write
|
||
|
1BB9BD49000
|
heap
|
page read and write
|
||
|
1BB9BC3F000
|
heap
|
page read and write
|
||
|
1BB9E4B7000
|
heap
|
page read and write
|
||
|
1BB9BC3F000
|
heap
|
page read and write
|
||
|
1BB9BC6C000
|
heap
|
page read and write
|
||
|
1BB9BD55000
|
heap
|
page read and write
|
||
|
1BB9BD55000
|
heap
|
page read and write
|
||
|
1BB9BC5A000
|
heap
|
page read and write
|
||
|
1BB9BC5F000
|
heap
|
page read and write
|
||
|
1BB9BDDF000
|
heap
|
page read and write
|
||
|
1BB9BD51000
|
heap
|
page read and write
|
||
|
737EF7B000
|
stack
|
page read and write
|
||
|
1BB9BC5A000
|
heap
|
page read and write
|
||
|
1BB9BDDE000
|
heap
|
page read and write
|
||
|
1BB9BD34000
|
heap
|
page read and write
|
||
|
1BB9BC42000
|
heap
|
page read and write
|
||
|
1BB9BC5A000
|
heap
|
page read and write
|
||
|
1BB9BDE2000
|
heap
|
page read and write
|
||
|
1BB9BC4F000
|
heap
|
page read and write
|
||
|
1BB99D92000
|
heap
|
page read and write
|
||
|
1BB9BC56000
|
heap
|
page read and write
|
||
|
1BB9BDBD000
|
heap
|
page read and write
|
||
|
1BB9BE07000
|
heap
|
page read and write
|
||
|
1BB99E19000
|
heap
|
page read and write
|
||
|
1BB9BC42000
|
heap
|
page read and write
|
||
|
1BB9BDC2000
|
heap
|
page read and write
|
||
|
1BB9BDDE000
|
heap
|
page read and write
|
||
|
1BB9BE07000
|
heap
|
page read and write
|
||
|
1BB9BC5A000
|
heap
|
page read and write
|
||
|
1BB9BC20000
|
heap
|
page read and write
|
||
|
1BB9BC5A000
|
heap
|
page read and write
|
||
|
1BB9BD98000
|
heap
|
page read and write
|
||
|
737F17C000
|
stack
|
page read and write
|
||
|
1BB9BD2C000
|
heap
|
page read and write
|
||
|
1BB9BD61000
|
heap
|
page read and write
|
||
|
1BB9BDE2000
|
heap
|
page read and write
|
||
|
1BB9BC6B000
|
heap
|
page read and write
|
||
|
1BB9BDB2000
|
heap
|
page read and write
|
||
|
1BB9BC5F000
|
heap
|
page read and write
|
||
|
1BB9BC5F000
|
heap
|
page read and write
|
||
|
1BB9BD5F000
|
heap
|
page read and write
|
||
|
1BB9BD41000
|
heap
|
page read and write
|
||
|
1BB9BD3D000
|
heap
|
page read and write
|
||
|
1BB99DFF000
|
heap
|
page read and write
|
||
|
1BB9BC29000
|
heap
|
page read and write
|
||
|
1BB9BC10000
|
heap
|
page read and write
|
||
|
1BB9BC46000
|
heap
|
page read and write
|
||
|
1BB9BD98000
|
heap
|
page read and write
|
||
|
1BB9BC6C000
|
heap
|
page read and write
|
||
|
1BB9BC64000
|
heap
|
page read and write
|
||
|
1BB9BC55000
|
heap
|
page read and write
|
||
|
737F2FE000
|
stack
|
page read and write
|
||
|
1BB9B63D000
|
heap
|
page read and write
|
||
|
1BB9BDC2000
|
heap
|
page read and write
|
||
|
1BB9BDE2000
|
heap
|
page read and write
|
||
|
1BB9BD95000
|
heap
|
page read and write
|
||
|
737EE7C000
|
stack
|
page read and write
|
||
|
1BB9BC5F000
|
heap
|
page read and write
|
||
|
1BB9BC4F000
|
heap
|
page read and write
|
||
|
1BB99CA0000
|
heap
|
page read and write
|
||
|
1BB9BD39000
|
heap
|
page read and write
|
||
|
1BB9BD49000
|
heap
|
page read and write
|
||
|
1BB9BD1F000
|
heap
|
page read and write
|
||
|
1BB9BC4F000
|
heap
|
page read and write
|
||
|
1BB9BC41000
|
heap
|
page read and write
|
||
|
1BB99CE0000
|
heap
|
page read and write
|
||
|
1BB9BC3A000
|
heap
|
page read and write
|
||
|
1BB9BDAC000
|
heap
|
page read and write
|
||
|
1BB9BC4B000
|
heap
|
page read and write
|
||
|
1BB9BD55000
|
heap
|
page read and write
|
||
|
1BB99DD4000
|
heap
|
page read and write
|
||
|
1BB9BD3B000
|
heap
|
page read and write
|
||
|
1BB99DB8000
|
heap
|
page read and write
|
||
|
1BB9E483000
|
heap
|
page read and write
|
||
|
1BB99DF1000
|
heap
|
page read and write
|
||
|
1BB99DFF000
|
heap
|
page read and write
|
||
|
1BB9E4AB000
|
heap
|
page read and write
|
||
|
1BB9BC5A000
|
heap
|
page read and write
|
||
|
1BB9BDC6000
|
heap
|
page read and write
|
||
|
1BB99DD7000
|
heap
|
page read and write
|
||
|
1BB9BC3F000
|
heap
|
page read and write
|
||
|
1BB9BC64000
|
heap
|
page read and write
|
||
|
1BB9BD27000
|
heap
|
page read and write
|
||
|
1BB9BC6B000
|
heap
|
page read and write
|
||
|
1BB9BC37000
|
heap
|
page read and write
|
||
|
1BB9BC3F000
|
heap
|
page read and write
|
||
|
1BB9BC2C000
|
heap
|
page read and write
|
||
|
737EC77000
|
stack
|
page read and write
|
||
|
1BB9BDC6000
|
heap
|
page read and write
|
||
|
1BB99DFF000
|
heap
|
page read and write
|
||
|
1BB9BC5C000
|
heap
|
page read and write
|
||
|
1BB9BD3F000
|
heap
|
page read and write
|
||
|
1BB9BDBD000
|
heap
|
page read and write
|
||
|
1BB9BDAC000
|
heap
|
page read and write
|
||
|
1BB9BC38000
|
heap
|
page read and write
|
||
|
1BB9BC3F000
|
heap
|
page read and write
|
||
|
1BB9BC52000
|
heap
|
page read and write
|
||
|
1BB9BC64000
|
heap
|
page read and write
|
||
|
1BB9BC55000
|
heap
|
page read and write
|
||
|
1BB9BC5F000
|
heap
|
page read and write
|
||
|
1BB9BC2C000
|
heap
|
page read and write
|
||
|
1BB9BD98000
|
heap
|
page read and write
|
||
|
1BB9BDC6000
|
heap
|
page read and write
|
||
|
1BB9BD95000
|
heap
|
page read and write
|
||
|
1BB9BC64000
|
heap
|
page read and write
|
||
|
1BB99DB8000
|
heap
|
page read and write
|
||
|
1BB99DDB000
|
heap
|
page read and write
|
||
|
1BB9BC5A000
|
heap
|
page read and write
|
||
|
1BB9BDC2000
|
heap
|
page read and write
|
||
|
737F1FB000
|
stack
|
page read and write
|
||
|
1BB9BDBD000
|
heap
|
page read and write
|
||
|
1BB9BE01000
|
heap
|
page read and write
|
||
|
1BB9BC55000
|
heap
|
page read and write
|
||
|
1BB9BD1E000
|
heap
|
page read and write
|
||
|
1BB9BD95000
|
heap
|
page read and write
|
||
|
1BB9BC5F000
|
heap
|
page read and write
|
||
|
1BB9B630000
|
heap
|
page read and write
|
||
|
1BB9BDAC000
|
heap
|
page read and write
|
||
|
1BB9BDE5000
|
heap
|
page read and write
|
||
|
1BB9BD51000
|
heap
|
page read and write
|
||
|
1BB9BD3B000
|
heap
|
page read and write
|
||
|
1BB9BD55000
|
heap
|
page read and write
|
||
|
1BB9BD41000
|
heap
|
page read and write
|
||
|
1BB9BC3F000
|
heap
|
page read and write
|
||
|
1BB9BD37000
|
heap
|
page read and write
|
||
|
1BB9BC45000
|
heap
|
page read and write
|
||
|
1BB9BD3F000
|
heap
|
page read and write
|
||
|
1BB99DB0000
|
heap
|
page read and write
|
||
|
1BB9E488000
|
heap
|
page read and write
|
||
|
1BB9BD98000
|
heap
|
page read and write
|
||
|
1BB9BC4B000
|
heap
|
page read and write
|
||
|
1BB9BDCD000
|
heap
|
page read and write
|
||
|
1BB9BDDE000
|
heap
|
page read and write
|
||
|
1BB9BC55000
|
heap
|
page read and write
|
||
|
1BB9E970000
|
heap
|
page read and write
|
||
|
1BB99DFF000
|
heap
|
page read and write
|
||
|
1BB9E460000
|
heap
|
page read and write
|
||
|
1BB9BD49000
|
heap
|
page read and write
|
||
|
1BB9BD3F000
|
heap
|
page read and write
|
||
|
1BB9BD51000
|
heap
|
page read and write
|
||
|
1BB9BC45000
|
heap
|
page read and write
|
||
|
1BB9B760000
|
heap
|
page read and write
|
||
|
1BB9BE01000
|
heap
|
page read and write
|
||
|
1BB99DD3000
|
heap
|
page read and write
|
||
|
1BB9BD3B000
|
heap
|
page read and write
|
||
|
1BB9BC55000
|
heap
|
page read and write
|
||
|
1BB9BDCD000
|
heap
|
page read and write
|
||
|
1BB9BC5A000
|
heap
|
page read and write
|
||
|
1BB9BC64000
|
heap
|
page read and write
|
||
|
1BB9BD49000
|
heap
|
page read and write
|
||
|
1BB9BC3F000
|
heap
|
page read and write
|
||
|
1BB9E48A000
|
heap
|
page read and write
|
||
|
1BB99DD8000
|
heap
|
page read and write
|
||
|
1BB9BE01000
|
heap
|
page read and write
|
||
|
1BB9BD3D000
|
heap
|
page read and write
|
||
|
1BB9BC28000
|
heap
|
page read and write
|
||
|
1BB9BDCD000
|
heap
|
page read and write
|
||
|
1BB9BC5A000
|
heap
|
page read and write
|
||
|
1BB99DEF000
|
heap
|
page read and write
|
||
|
1BB99DDD000
|
heap
|
page read and write
|
||
|
1BB9BC4F000
|
heap
|
page read and write
|
||
|
1BB9BDE8000
|
heap
|
page read and write
|
||
|
1BB9E482000
|
heap
|
page read and write
|
||
|
1BB9B63E000
|
heap
|
page read and write
|
||
|
1BB9BC67000
|
heap
|
page read and write
|
||
|
1BB9BDB2000
|
heap
|
page read and write
|
||
|
1BB9BC4B000
|
heap
|
page read and write
|
||
|
1BB9E497000
|
heap
|
page read and write
|
||
|
1BB9BD49000
|
heap
|
page read and write
|
||
|
1BB9BDBD000
|
heap
|
page read and write
|
There are 238 hidden memdumps, click here to show them.