Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2613B907000
|
heap
|
page read and write
|
||
|
2613B93F000
|
heap
|
page read and write
|
||
|
2613B8FE000
|
heap
|
page read and write
|
||
|
26137219000
|
heap
|
page read and write
|
||
|
26139240000
|
heap
|
page read and write
|
||
|
2613B91E000
|
heap
|
page read and write
|
||
|
26139259000
|
heap
|
page read and write
|
||
|
261391C5000
|
heap
|
page read and write
|
||
|
261371F8000
|
heap
|
page read and write
|
||
|
26137208000
|
heap
|
page read and write
|
||
|
26139280000
|
heap
|
page read and write
|
||
|
26139267000
|
heap
|
page read and write
|
||
|
2613721F000
|
heap
|
page read and write
|
||
|
26137208000
|
heap
|
page read and write
|
||
|
26137219000
|
heap
|
page read and write
|
||
|
261391CF000
|
heap
|
page read and write
|
||
|
26137207000
|
heap
|
page read and write
|
||
|
2613920F000
|
heap
|
page read and write
|
||
|
2613926F000
|
heap
|
page read and write
|
||
|
2613B907000
|
heap
|
page read and write
|
||
|
261371F7000
|
heap
|
page read and write
|
||
|
6154C7F000
|
stack
|
page read and write
|
||
|
2613B932000
|
heap
|
page read and write
|
||
|
261371DC000
|
heap
|
page read and write
|
||
|
261371F1000
|
heap
|
page read and write
|
||
|
26137100000
|
heap
|
page read and write
|
||
|
6154DFB000
|
stack
|
page read and write
|
||
|
2613920D000
|
heap
|
page read and write
|
||
|
26137238000
|
heap
|
page read and write
|
||
|
2613721A000
|
heap
|
page read and write
|
||
|
26138B85000
|
heap
|
page read and write
|
||
|
26139280000
|
heap
|
page read and write
|
||
|
26139295000
|
heap
|
page read and write
|
||
|
2613925C000
|
heap
|
page read and write
|
||
|
26139295000
|
heap
|
page read and write
|
||
|
2613724E000
|
heap
|
page read and write
|
||
|
2613724B000
|
heap
|
page read and write
|
||
|
2613926B000
|
heap
|
page read and write
|
||
|
261370F0000
|
heap
|
page read and write
|
||
|
261391D3000
|
heap
|
page read and write
|
||
|
26139275000
|
heap
|
page read and write
|
||
|
26137201000
|
heap
|
page read and write
|
||
|
261391D3000
|
heap
|
page read and write
|
||
|
26139284000
|
heap
|
page read and write
|
||
|
26139250000
|
heap
|
page read and write
|
||
|
26137203000
|
heap
|
page read and write
|
||
|
2613920F000
|
heap
|
page read and write
|
||
|
26139235000
|
heap
|
page read and write
|
||
|
26139289000
|
heap
|
page read and write
|
||
|
26137233000
|
heap
|
page read and write
|
||
|
261371C7000
|
heap
|
page read and write
|
||
|
2613920D000
|
heap
|
page read and write
|
||
|
26138B8E000
|
heap
|
page read and write
|
||
|
26137208000
|
heap
|
page read and write
|
||
|
26139226000
|
heap
|
page read and write
|
||
|
26139276000
|
heap
|
page read and write
|
||
|
26139288000
|
heap
|
page read and write
|
||
|
26139250000
|
heap
|
page read and write
|
||
|
261391FD000
|
heap
|
page read and write
|
||
|
26139288000
|
heap
|
page read and write
|
||
|
2613926F000
|
heap
|
page read and write
|
||
|
26138D40000
|
heap
|
page read and write
|
||
|
26139284000
|
heap
|
page read and write
|
||
|
2613BE80000
|
heap
|
page read and write
|
||
|
261391BA000
|
heap
|
page read and write
|
||
|
26139223000
|
heap
|
page read and write
|
||
|
26139291000
|
heap
|
page read and write
|
||
|
2613B935000
|
heap
|
page read and write
|
||
|
2613724D000
|
heap
|
page read and write
|
||
|
261391D3000
|
heap
|
page read and write
|
||
|
6154CFD000
|
stack
|
page read and write
|
||
|
2613928D000
|
heap
|
page read and write
|
||
|
261371E6000
|
heap
|
page read and write
|
||
|
61549DE000
|
stack
|
page read and write
|
||
|
26139141000
|
heap
|
page read and write
|
||
|
6154D7B000
|
stack
|
page read and write
|
||
|
26139218000
|
heap
|
page read and write
|
||
|
2613721F000
|
heap
|
page read and write
|
||
|
26137219000
|
heap
|
page read and write
|
||
|
2613928D000
|
heap
|
page read and write
|
||
|
26139272000
|
heap
|
page read and write
|
||
|
26139148000
|
heap
|
page read and write
|
||
|
261391B3000
|
heap
|
page read and write
|
||
|
26138AC0000
|
heap
|
page read and write
|
||
|
26137201000
|
heap
|
page read and write
|
||
|
2613928D000
|
heap
|
page read and write
|
||
|
2613B8E8000
|
heap
|
page read and write
|
||
|
261391D3000
|
heap
|
page read and write
|
||
|
26139298000
|
heap
|
page read and write
|
||
|
26138B8E000
|
heap
|
page read and write
|
||
|
26139276000
|
heap
|
page read and write
|
||
|
26137226000
|
heap
|
page read and write
|
||
|
2613928D000
|
heap
|
page read and write
|
||
|
2613B91A000
|
heap
|
page read and write
|
||
|
261391B8000
|
heap
|
page read and write
|
||
|
261371ED000
|
heap
|
page read and write
|
||
|
26139291000
|
heap
|
page read and write
|
||
|
26139223000
|
heap
|
page read and write
|
||
|
2613B932000
|
heap
|
page read and write
|
||
|
26137208000
|
heap
|
page read and write
|
||
|
261391BC000
|
heap
|
page read and write
|
||
|
26139272000
|
heap
|
page read and write
|
||
|
26137213000
|
heap
|
page read and write
|
||
|
2613926A000
|
heap
|
page read and write
|
||
|
2613928D000
|
heap
|
page read and write
|
||
|
26137214000
|
heap
|
page read and write
|
||
|
261371EF000
|
heap
|
page read and write
|
||
|
261391BE000
|
heap
|
page read and write
|
||
|
26137208000
|
heap
|
page read and write
|
||
|
26137201000
|
heap
|
page read and write
|
||
|
2613927B000
|
heap
|
page read and write
|
||
|
261371FB000
|
heap
|
page read and write
|
||
|
2613B8FF000
|
heap
|
page read and write
|
||
|
2613926F000
|
heap
|
page read and write
|
||
|
26137201000
|
heap
|
page read and write
|
||
|
261391A6000
|
heap
|
page read and write
|
||
|
26139275000
|
heap
|
page read and write
|
||
|
2613B936000
|
heap
|
page read and write
|
||
|
2613722C000
|
heap
|
page read and write
|
||
|
2613926B000
|
heap
|
page read and write
|
||
|
26139236000
|
heap
|
page read and write
|
||
|
2613927A000
|
heap
|
page read and write
|
||
|
26139289000
|
heap
|
page read and write
|
||
|
261371E6000
|
heap
|
page read and write
|
||
|
26137204000
|
heap
|
page read and write
|
||
|
261391C5000
|
heap
|
page read and write
|
||
|
2613929D000
|
heap
|
page read and write
|
||
|
26139295000
|
heap
|
page read and write
|
||
|
26139193000
|
heap
|
page read and write
|
||
|
61548D7000
|
stack
|
page read and write
|
||
|
261391C5000
|
heap
|
page read and write
|
||
|
261391FC000
|
heap
|
page read and write
|
||
|
26139258000
|
heap
|
page read and write
|
||
|
261391CF000
|
heap
|
page read and write
|
||
|
26137219000
|
heap
|
page read and write
|
||
|
2613920F000
|
heap
|
page read and write
|
||
|
26137212000
|
heap
|
page read and write
|
||
|
6154FFD000
|
stack
|
page read and write
|
||
|
26139280000
|
heap
|
page read and write
|
||
|
2613927D000
|
heap
|
page read and write
|
||
|
261371ED000
|
heap
|
page read and write
|
||
|
261371E3000
|
heap
|
page read and write
|
||
|
261391CF000
|
heap
|
page read and write
|
||
|
261371ED000
|
heap
|
page read and write
|
||
|
261371FE000
|
heap
|
page read and write
|
||
|
2613926F000
|
heap
|
page read and write
|
||
|
26139288000
|
heap
|
page read and write
|
||
|
26139295000
|
heap
|
page read and write
|
||
|
26139279000
|
heap
|
page read and write
|
||
|
26139226000
|
heap
|
page read and write
|
||
|
2613926F000
|
heap
|
page read and write
|
||
|
26137150000
|
heap
|
page read and write
|
||
|
26137233000
|
heap
|
page read and write
|
||
|
26138B80000
|
heap
|
page read and write
|
||
|
261391A8000
|
heap
|
page read and write
|
||
|
26139256000
|
heap
|
page read and write
|
||
|
261371FD000
|
heap
|
page read and write
|
||
|
261371FE000
|
heap
|
page read and write
|
||
|
261391E8000
|
heap
|
page read and write
|
||
|
26138B8D000
|
heap
|
page read and write
|
||
|
261371F1000
|
heap
|
page read and write
|
||
|
615507B000
|
stack
|
page read and write
|
||
|
261371F6000
|
heap
|
page read and write
|
||
|
261371F5000
|
heap
|
page read and write
|
||
|
2613925C000
|
heap
|
page read and write
|
||
|
26139295000
|
heap
|
page read and write
|
||
|
2613925C000
|
heap
|
page read and write
|
||
|
261371E6000
|
heap
|
page read and write
|
||
|
615517E000
|
stack
|
page read and write
|
||
|
2613925C000
|
heap
|
page read and write
|
||
|
2613B390000
|
trusted library allocation
|
page read and write
|
||
|
2613B92F000
|
heap
|
page read and write
|
||
|
2613919D000
|
heap
|
page read and write
|
||
|
2613B8E0000
|
heap
|
page read and write
|
||
|
261391B6000
|
heap
|
page read and write
|
||
|
26139268000
|
heap
|
page read and write
|
||
|
26139226000
|
heap
|
page read and write
|
||
|
2613918A000
|
heap
|
page read and write
|
||
|
2613919E000
|
heap
|
page read and write
|
||
|
26137233000
|
heap
|
page read and write
|
||
|
26139280000
|
heap
|
page read and write
|
||
|
26137217000
|
heap
|
page read and write
|
||
|
26139291000
|
heap
|
page read and write
|
||
|
26137219000
|
heap
|
page read and write
|
||
|
2613B8F1000
|
heap
|
page read and write
|
||
|
261391E5000
|
heap
|
page read and write
|
||
|
2613919E000
|
heap
|
page read and write
|
||
|
2613928D000
|
heap
|
page read and write
|
||
|
26139275000
|
heap
|
page read and write
|
||
|
261391CF000
|
heap
|
page read and write
|
||
|
26139271000
|
heap
|
page read and write
|
||
|
2613B918000
|
heap
|
page read and write
|
||
|
26139268000
|
heap
|
page read and write
|
||
|
26137207000
|
heap
|
page read and write
|
||
|
2613722F000
|
heap
|
page read and write
|
||
|
2613920D000
|
heap
|
page read and write
|
||
|
261391A6000
|
heap
|
page read and write
|
||
|
26139218000
|
heap
|
page read and write
|
||
|
2613B8C2000
|
heap
|
page read and write
|
||
|
615495E000
|
stack
|
page read and write
|
||
|
26139284000
|
heap
|
page read and write
|
||
|
26139144000
|
heap
|
page read and write
|
||
|
26139280000
|
heap
|
page read and write
|
||
|
26139223000
|
heap
|
page read and write
|
||
|
261371F0000
|
heap
|
page read and write
|
||
|
2613721F000
|
heap
|
page read and write
|
||
|
261391D3000
|
heap
|
page read and write
|
||
|
26139284000
|
heap
|
page read and write
|
||
|
26139288000
|
heap
|
page read and write
|
||
|
2613B8CD000
|
heap
|
page read and write
|
||
|
261371F1000
|
heap
|
page read and write
|
||
|
261371ED000
|
heap
|
page read and write
|
||
|
26139269000
|
heap
|
page read and write
|
||
|
2613928D000
|
heap
|
page read and write
|
||
|
2613B939000
|
heap
|
page read and write
|
||
|
26139140000
|
heap
|
page read and write
|
||
|
26139218000
|
heap
|
page read and write
|
||
|
261391AB000
|
heap
|
page read and write
|
||
|
2613B8C0000
|
heap
|
page read and write
|
||
|
261371F1000
|
heap
|
page read and write
|
There are 210 hidden memdumps, click here to show them.