Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SetupSteadyMouse1.3_ObsoleteFreeVersionRepackaged.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Program Files (x86)\SteadyMouse\LICENSE.txt (copy)
|
ASCII text, with very long lines (691), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\MouseHook.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\README.txt (copy)
|
Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\SteadyMouse.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\disabled.ico (copy)
|
MS Windows icon resource - 9 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\enabled.ico (copy)
|
MS Windows icon resource - 9 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\gdiplus.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\installer.ico (copy)
|
MS Windows icon resource - 11 icons, 32x32, 8 bits/pixel, 24x24, 8 bits/pixel
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\is-0IN87.tmp
|
MS Windows icon resource - 11 icons, 32x32, 8 bits/pixel, 24x24, 8 bits/pixel
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\is-3HOGA.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\is-5MTL7.tmp
|
MS Windows icon resource - 9 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\is-96DUB.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\is-DIJ9B.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\is-EJLL0.tmp
|
MS Windows icon resource - 9 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\is-F3P2F.tmp
|
ASCII text, with very long lines (691), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\is-I44SO.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\is-JA7DK.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\is-LBDD3.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\is-M4DE7.tmp
|
Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\is-MDLV9.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\is-NMNDI.tmp
|
MS Windows icon resource - 9 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\is-NQJJK.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\is-QGVNR.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\mfc70.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\msvcr70.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\msvcr71.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\shfolder.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\steadymouse.ico (copy)
|
MS Windows icon resource - 9 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\unins000.dat
|
InnoSetup Log SteadyMouse {68F42A75-416C-4DF0-81F6-143757C72E16}, version 0x418, 12983 bytes, 651689\37\user\376\, C:\Program
Files (x86)\SteadyMouse\376\377
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\SteadyMouse\unins000.msg
|
InnoSetup messages, version 5.5.3, 221 messages (UTF-16), &About Setup...
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteadyMouse.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Thu Apr 25 21:28:28 2024, mtime=Thu Apr 25 21:28:29 2024, atime=Tue Nov 21 21:17:16 2017, length=699264, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteadyMouse\Community\SteadyMouse on Facebook.url
|
MS Windows 95 Internet shortcut text (URL=<https://www.facebook.com/steadymouse/>), ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteadyMouse\Community\SteadyMouse on Instagram.url
|
MS Windows 95 Internet shortcut text (URL=<https://www.instagram.com/steadymouse/>), ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteadyMouse\Community\SteadyMouse on Keybase.url
|
MS Windows 95 Internet shortcut text (URL=<https://keybase.io/steadymouse>), ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteadyMouse\Community\SteadyMouse on Product Hunt.url
|
MS Windows 95 Internet shortcut text (URL=<https://www.producthunt.com/posts/steadymouse>), ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteadyMouse\Community\SteadyMouse on Reddit.url
|
MS Windows 95 Internet shortcut text (URL=<https://www.reddit.com/r/steadymouse/>), ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteadyMouse\Community\SteadyMouse on Twitter.url
|
MS Windows 95 Internet shortcut text (URL=<https://twitter.com/steadymouse>), ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteadyMouse\Purchase Full Version.url
|
MS Windows 95 Internet shortcut text (URL=<https://www.steadymouse.com/purchase/#buynow>), ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteadyMouse\SteadyMouse.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Thu Apr 25 21:28:28 2024, mtime=Thu Apr 25 21:28:28 2024, atime=Tue Nov 21 21:17:16 2017, length=699264, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteadyMouse\View License Agreement.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Thu Apr 25 21:28:28 2024, mtime=Thu Apr 25 21:28:28 2024, atime=Fri Sep 29 20:46:58 2017, length=3098, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteadyMouse\View ReadMe.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Thu Apr 25 21:28:28 2024, mtime=Thu Apr 25 21:28:28 2024, atime=Sat Sep 30 07:40:04 2017, length=1960, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteadyMouse\View Website.url
|
MS Windows 95 Internet shortcut text (URL=<https://www.steadymouse.com/>), ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Desktop\SteadyMouse.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Thu Apr 25 21:28:28 2024, mtime=Thu Apr 25 21:28:29 2024, atime=Tue Nov 21 21:17:16 2017, length=699264, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-03N37.tmp\SetupSteadyMouse1.3_ObsoleteFreeVersionRepackaged.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-QMRKV.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\SteadyMouse\settings.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 38 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SetupSteadyMouse1.3_ObsoleteFreeVersionRepackaged.exe
|
"C:\Users\user\Desktop\SetupSteadyMouse1.3_ObsoleteFreeVersionRepackaged.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\is-03N37.tmp\SetupSteadyMouse1.3_ObsoleteFreeVersionRepackaged.tmp
|
"C:\Users\user\AppData\Local\Temp\is-03N37.tmp\SetupSteadyMouse1.3_ObsoleteFreeVersionRepackaged.tmp" /SL5="$30324,2152528,535552,C:\Users\user\Desktop\SetupSteadyMouse1.3_ObsoleteFreeVersionRepackaged.exe"
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
"C:\Windows\System32\taskkill.exe" /f /im SteadyMouse.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
"C:\Windows\System32\taskkill.exe" /f /im SteadyMouse.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
"C:\Windows\system32\taskkill.exe" /f /im SteadyMouse.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
"C:\Windows\system32\taskkill.exe" /f /im SteadyMouse.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
"C:\Windows\system32\taskkill.exe" /f /im SteadyMouse.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
"C:\Windows\system32\taskkill.exe" /f /im SteadyMouse.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
"C:\Windows\system32\taskkill.exe" /f /im SteadyMouse.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
"C:\Windows\system32\taskkill.exe" /f /im SteadyMouse.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\notepad.exe
|
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\SteadyMouse\README.txt
|
||
|
C:\Program Files (x86)\SteadyMouse\SteadyMouse.exe
|
"C:\Program Files (x86)\SteadyMouse\SteadyMouse.exe"
|
There are 10 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.innosetup.com/
|
unknown
|
||
|
https://www.steadymouse.com/(
|
unknown
|
||
|
https://www.producthunt.com/posts/steadymouse
|
unknown
|
||
|
https://www.steadymouse.com/
|
unknown
|
||
|
https://www.steadymouse.com/purchase/#buynow
|
unknown
|
||
|
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
|
https://www.instagram.com/steadymouse/(
|
unknown
|
||
|
https://twitter.com/steadymouse(
|
unknown
|
||
|
https://www.steadymouse.com/purchase/
|
unknown
|
||
|
https://www.steadymouse.com/8https://www.steadymouse.com/8https://www.steadymouse.com/
|
unknown
|
||
|
http://www.dk-soft.org/
|
unknown
|
||
|
http://www.haysoft.org%1-k
|
unknown
|
||
|
https://www.steadymouse.com/purchase/#buynow(
|
unknown
|
||
|
https://www.producthunt.com/posts/steadymouseq
|
unknown
|
||
|
https://www.steadymouse.com
|
unknown
|
||
|
https://www.producthunt.com/posts/steadymouse(
|
unknown
|
||
|
https://www.reddit.com/r/steadymouse/(
|
unknown
|
||
|
https://keybase.io/steadymouse
|
unknown
|
||
|
https://keybase.io/steadymouse(
|
unknown
|
||
|
https://twitter.com/steadymouse
|
unknown
|
||
|
https://www.steadymouse.com/troubleshooting/
|
unknown
|
||
|
http://counter-strike.com.ua/
|
unknown
|
||
|
http://www.palkornel.hu/innosetup%1
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
https://www.instagram.com/steadymouse/
|
unknown
|
||
|
https://www.reddit.com/r/steadymouse/
|
unknown
|
||
|
http://www.steadymouse.com/donations/
|
unknown
|
||
|
https://www.steadymouse.com/q
|
unknown
|
There are 18 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
Inno Setup: Selected Tasks
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
Inno Setup: Deselected Tasks
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
Inno Setup: Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
MajorVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
MinorVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68F42A75-416C-4DF0-81F6-143757C72E16}_is1
|
EstimatedSize
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fWindowsOnlyEOL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fPasteOriginalEOL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fReverse
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fWrapAround
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fMatchCase
|
There are 29 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
69A2000
|
direct allocation
|
page read and write
|
||
|
23A4000
|
direct allocation
|
page read and write
|
||
|
2490000
|
heap
|
page read and write
|
||
|
33FE000
|
stack
|
page read and write
|
||
|
2822000
|
direct allocation
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
7C7000
|
heap
|
page read and write
|
||
|
7F1000
|
heap
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
7ED000
|
heap
|
page read and write
|
||
|
2290000
|
direct allocation
|
page read and write
|
||
|
2872000
|
direct allocation
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
CC4000
|
heap
|
page read and write
|
||
|
5F8E000
|
stack
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
68F000
|
heap
|
page read and write
|
||
|
84A000
|
heap
|
page read and write
|
||
|
69B7000
|
direct allocation
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
2293000
|
direct allocation
|
page read and write
|
||
|
6917000
|
direct allocation
|
page read and write
|
||
|
81F000
|
heap
|
page read and write
|
||
|
7C218000
|
unkown
|
page write copy
|
||
|
24B0000
|
direct allocation
|
page execute and read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
75E000
|
heap
|
page read and write
|
||
|
460E000
|
stack
|
page read and write
|
||
|
696F000
|
direct allocation
|
page read and write
|
||
|
412000
|
unkown
|
page write copy
|
||
|
6C8F000
|
direct allocation
|
page read and write
|
||
|
2461000
|
direct allocation
|
page read and write
|
||
|
494F000
|
stack
|
page read and write
|
||
|
484E000
|
stack
|
page read and write
|
||
|
99000
|
stack
|
page read and write
|
||
|
494000
|
unkown
|
page readonly
|
||
|
3B6C000
|
stack
|
page read and write
|
||
|
98F000
|
stack
|
page read and write
|
||
|
67A000
|
stack
|
page read and write
|
||
|
239C000
|
direct allocation
|
page read and write
|
||
|
10009000
|
unkown
|
page readonly
|
||
|
6913000
|
direct allocation
|
page read and write
|
||
|
283E000
|
direct allocation
|
page read and write
|
||
|
69A0000
|
direct allocation
|
page read and write
|
||
|
7C21A000
|
unkown
|
page read and write
|
||
|
2419000
|
direct allocation
|
page read and write
|
||
|
23D3000
|
direct allocation
|
page read and write
|
||
|
2846000
|
direct allocation
|
page read and write
|
||
|
3B2F000
|
stack
|
page read and write
|
||
|
6300000
|
heap
|
page read and write
|
||
|
2468000
|
direct allocation
|
page read and write
|
||
|
500000
|
unkown
|
page execute read
|
||
|
2830000
|
direct allocation
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
2430000
|
heap
|
page read and write
|
||
|
243D000
|
direct allocation
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
7C049000
|
unkown
|
page read and write
|
||
|
2361000
|
direct allocation
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
7C21E000
|
unkown
|
page readonly
|
||
|
2394000
|
heap
|
page read and write
|
||
|
286A000
|
direct allocation
|
page read and write
|
||
|
470F000
|
stack
|
page read and write
|
||
|
281B000
|
direct allocation
|
page read and write
|
||
|
23F0000
|
heap
|
page read and write
|
||
|
693F000
|
direct allocation
|
page read and write
|
||
|
7C3000
|
heap
|
page read and write
|
||
|
600E000
|
stack
|
page read and write
|
||
|
669000
|
heap
|
page read and write
|
||
|
50D000
|
unkown
|
page read and write
|
||
|
80A000
|
heap
|
page read and write
|
||
|
7CB000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
284D000
|
direct allocation
|
page read and write
|
||
|
7FE33000
|
direct allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
360B000
|
direct allocation
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
244C000
|
direct allocation
|
page read and write
|
||
|
23DB000
|
direct allocation
|
page read and write
|
||
|
5E12000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page readonly
|
||
|
2330000
|
direct allocation
|
page read and write
|
||
|
361B000
|
direct allocation
|
page read and write
|
||
|
23E2000
|
direct allocation
|
page read and write
|
||
|
7C3000
|
heap
|
page read and write
|
||
|
2563000
|
heap
|
page read and write
|
||
|
3B8C000
|
stack
|
page read and write
|
||
|
783000
|
heap
|
page read and write
|
||
|
2550000
|
direct allocation
|
page read and write
|
||
|
778000
|
heap
|
page read and write
|
||
|
7C214000
|
unkown
|
page read and write
|
||
|
1000F000
|
unkown
|
page readonly
|
||
|
2343000
|
direct allocation
|
page read and write
|
||
|
2829000
|
direct allocation
|
page read and write
|
||
|
23C3000
|
direct allocation
|
page read and write
|
||
|
50D000
|
unkown
|
page write copy
|
||
|
2499000
|
heap
|
page read and write
|
||
|
7FCC0000
|
direct allocation
|
page read and write
|
||
|
3360000
|
direct allocation
|
page read and write
|
||
|
4460000
|
heap
|
page read and write
|
||
|
798000
|
heap
|
page read and write
|
||
|
1F5000
|
heap
|
page read and write
|
||
|
506000
|
unkown
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
2444000
|
direct allocation
|
page read and write
|
||
|
34FE000
|
stack
|
page read and write
|
||
|
3592000
|
direct allocation
|
page read and write
|
||
|
502000
|
unkown
|
page write copy
|
||
|
2333000
|
direct allocation
|
page read and write
|
||
|
5F4F000
|
heap
|
page read and write
|
||
|
23C0000
|
heap
|
page read and write
|
||
|
423000
|
unkown
|
page read and write
|
||
|
2888000
|
direct allocation
|
page read and write
|
||
|
23ED000
|
direct allocation
|
page read and write
|
||
|
489000
|
unkown
|
page readonly
|
||
|
69A6000
|
direct allocation
|
page read and write
|
||
|
788000
|
heap
|
page read and write
|
||
|
3630000
|
direct allocation
|
page read and write
|
||
|
691F000
|
direct allocation
|
page read and write
|
||
|
23BA000
|
direct allocation
|
page read and write
|
||
|
77A000
|
heap
|
page read and write
|
||
|
235A000
|
direct allocation
|
page read and write
|
||
|
2379000
|
direct allocation
|
page read and write
|
||
|
5AE000
|
stack
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
604F000
|
stack
|
page read and write
|
||
|
6C44000
|
direct allocation
|
page read and write
|
||
|
7C04C000
|
unkown
|
page write copy
|
||
|
412000
|
unkown
|
page read and write
|
||
|
9AF000
|
stack
|
page read and write
|
||
|
8AF000
|
stack
|
page read and write
|
||
|
6BA0000
|
heap
|
page read and write
|
||
|
694D000
|
direct allocation
|
page read and write
|
||
|
832000
|
heap
|
page read and write
|
||
|
24A0000
|
heap
|
page read and write
|
||
|
81C000
|
heap
|
page read and write
|
||
|
821000
|
heap
|
page read and write
|
||
|
6948000
|
direct allocation
|
page read and write
|
||
|
5F21000
|
heap
|
page read and write
|
||
|
2560000
|
heap
|
page read and write
|
||
|
2453000
|
direct allocation
|
page read and write
|
||
|
7C141000
|
unkown
|
page execute read
|
||
|
829000
|
heap
|
page read and write
|
||
|
63A0000
|
trusted library allocation
|
page read and write
|
||
|
2540000
|
direct allocation
|
page read and write
|
||
|
82F000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
3612000
|
direct allocation
|
page read and write
|
||
|
3622000
|
direct allocation
|
page read and write
|
||
|
696C000
|
direct allocation
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
23F5000
|
direct allocation
|
page read and write
|
||
|
808000
|
heap
|
page read and write
|
||
|
23FC000
|
direct allocation
|
page read and write
|
||
|
363F000
|
direct allocation
|
page read and write
|
||
|
23C8000
|
direct allocation
|
page read and write
|
||
|
23AC000
|
direct allocation
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
84C000
|
heap
|
page read and write
|
||
|
35CA000
|
direct allocation
|
page read and write
|
||
|
825000
|
heap
|
page read and write
|
||
|
3BA0000
|
trusted library allocation
|
page read and write
|
||
|
2495000
|
heap
|
page read and write
|
||
|
737000
|
heap
|
page read and write
|
||
|
485000
|
unkown
|
page readonly
|
||
|
2436000
|
direct allocation
|
page read and write
|
||
|
285B000
|
direct allocation
|
page read and write
|
||
|
6983000
|
direct allocation
|
page read and write
|
||
|
45CF000
|
stack
|
page read and write
|
||
|
3646000
|
direct allocation
|
page read and write
|
||
|
63E000
|
stack
|
page read and write
|
||
|
2540000
|
direct allocation
|
page read and write
|
||
|
359A000
|
direct allocation
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
83C000
|
heap
|
page read and write
|
||
|
35FD000
|
direct allocation
|
page read and write
|
||
|
6922000
|
direct allocation
|
page read and write
|
||
|
5E50000
|
direct allocation
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
353E000
|
stack
|
page read and write
|
||
|
37B0000
|
heap
|
page read and write
|
||
|
64E000
|
heap
|
page read and write
|
||
|
2530000
|
heap
|
page read and write
|
||
|
2862000
|
direct allocation
|
page read and write
|
||
|
825000
|
heap
|
page read and write
|
||
|
4A8F000
|
stack
|
page read and write
|
||
|
638000
|
stack
|
page read and write
|
||
|
6C91000
|
direct allocation
|
page read and write
|
||
|
7D6000
|
heap
|
page read and write
|
||
|
26CB000
|
direct allocation
|
page read and write
|
||
|
855000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
48B000
|
unkown
|
page readonly
|
||
|
AAF000
|
stack
|
page read and write
|
||
|
7DB000
|
heap
|
page read and write
|
||
|
2881000
|
direct allocation
|
page read and write
|
||
|
69A8000
|
direct allocation
|
page read and write
|
||
|
93000
|
stack
|
page read and write
|
||
|
513000
|
unkown
|
page readonly
|
||
|
6390000
|
trusted library allocation
|
page read and write
|
||
|
6992000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
69A000
|
heap
|
page read and write
|
||
|
41C000
|
unkown
|
page readonly
|
||
|
7FB000
|
heap
|
page read and write
|
||
|
5F20000
|
heap
|
page read and write
|
||
|
3360000
|
direct allocation
|
page read and write
|
||
|
2428000
|
direct allocation
|
page read and write
|
||
|
40F000
|
unkown
|
page write copy
|
||
|
6CE6000
|
direct allocation
|
page read and write
|
||
|
2B60000
|
trusted library allocation
|
page read and write
|
||
|
4466000
|
heap
|
page read and write
|
||
|
6964000
|
direct allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page readonly
|
||
|
697F000
|
direct allocation
|
page read and write
|
||
|
584000
|
unkown
|
page readonly
|
||
|
7FE37000
|
direct allocation
|
page read and write
|
||
|
444E000
|
stack
|
page read and write
|
||
|
2450000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2670000
|
heap
|
page read and write
|
||
|
798000
|
heap
|
page read and write
|
||
|
2854000
|
direct allocation
|
page read and write
|
||
|
23C9000
|
heap
|
page read and write
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
66D000
|
heap
|
page read and write
|
||
|
5F57000
|
heap
|
page read and write
|
||
|
364D000
|
direct allocation
|
page read and write
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
498E000
|
stack
|
page read and write
|
||
|
77B000
|
heap
|
page read and write
|
||
|
84D000
|
heap
|
page read and write
|
||
|
805000
|
heap
|
page read and write
|
||
|
23BB000
|
direct allocation
|
page read and write
|
||
|
7C001000
|
unkown
|
page execute read
|
||
|
57F000
|
unkown
|
page readonly
|
||
|
3B4C000
|
stack
|
page read and write
|
||
|
47A000
|
unkown
|
page readonly
|
||
|
3629000
|
direct allocation
|
page read and write
|
||
|
238F000
|
direct allocation
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
47B0000
|
heap
|
page read and write
|
||
|
365D000
|
direct allocation
|
page read and write
|
||
|
5FCF000
|
stack
|
page read and write
|
||
|
23AC000
|
direct allocation
|
page read and write
|
||
|
239D000
|
direct allocation
|
page read and write
|
||
|
5F4F000
|
heap
|
page read and write
|
||
|
37C0000
|
heap
|
page read and write
|
||
|
6B8000
|
heap
|
page read and write
|
||
|
5F4E000
|
stack
|
page read and write
|
||
|
7D1000
|
heap
|
page read and write
|
||
|
690D000
|
direct allocation
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
7C04E000
|
unkown
|
page read and write
|
||
|
6974000
|
direct allocation
|
page read and write
|
||
|
6971000
|
direct allocation
|
page read and write
|
||
|
427000
|
unkown
|
page readonly
|
||
|
7C000000
|
unkown
|
page readonly
|
||
|
83F000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
35D6000
|
direct allocation
|
page read and write
|
||
|
2396000
|
direct allocation
|
page read and write
|
||
|
76E000
|
stack
|
page read and write
|
||
|
2412000
|
direct allocation
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
D20000
|
trusted library allocation
|
page read and write
|
||
|
4F0D000
|
stack
|
page read and write
|
||
|
6928000
|
direct allocation
|
page read and write
|
||
|
828000
|
heap
|
page read and write
|
||
|
417000
|
unkown
|
page read and write
|
||
|
7F6000
|
heap
|
page read and write
|
||
|
37AF000
|
stack
|
page read and write
|
||
|
5F5E000
|
heap
|
page read and write
|
||
|
4469000
|
heap
|
page read and write
|
||
|
502000
|
unkown
|
page read and write
|
||
|
240B000
|
direct allocation
|
page read and write
|
||
|
2837000
|
direct allocation
|
page read and write
|
||
|
23C5000
|
heap
|
page read and write
|
||
|
242F000
|
direct allocation
|
page read and write
|
||
|
23B3000
|
direct allocation
|
page read and write
|
||
|
2550000
|
direct allocation
|
page read and write
|
||
|
2879000
|
direct allocation
|
page read and write
|
||
|
1000B000
|
unkown
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
419000
|
unkown
|
page write copy
|
||
|
790000
|
heap
|
page read and write
|
||
|
35B9000
|
direct allocation
|
page read and write
|
||
|
7FE000
|
heap
|
page read and write
|
||
|
841000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5F60000
|
heap
|
page read and write
|
||
|
5D50000
|
heap
|
page read and write
|
||
|
2380000
|
direct allocation
|
page read and write
|
||
|
44CF000
|
stack
|
page read and write
|
||
|
62E000
|
stack
|
page read and write
|
||
|
7C039000
|
unkown
|
page readonly
|
||
|
656000
|
heap
|
page read and write
|
||
|
2802000
|
direct allocation
|
page read and write
|
||
|
26C7000
|
direct allocation
|
page read and write
|
||
|
7C140000
|
unkown
|
page readonly
|
||
|
6901000
|
direct allocation
|
page read and write
|
||
|
A8E000
|
stack
|
page read and write
|
||
|
699A000
|
direct allocation
|
page read and write
|
||
|
245A000
|
direct allocation
|
page read and write
|
||
|
50A000
|
unkown
|
page read and write
|
||
|
18E000
|
stack
|
page read and write
|
||
|
7FE000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
35C3000
|
direct allocation
|
page read and write
|
||
|
40F000
|
unkown
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
693C000
|
direct allocation
|
page read and write
|
||
|
3637000
|
direct allocation
|
page read and write
|
||
|
801000
|
heap
|
page read and write
|
||
|
84C000
|
heap
|
page read and write
|
||
|
23C1000
|
direct allocation
|
page read and write
|
||
|
6924000
|
direct allocation
|
page read and write
|
||
|
64A000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
7E6000
|
heap
|
page read and write
|
||
|
7C050000
|
unkown
|
page readonly
|
||
|
B8E000
|
stack
|
page read and write
|
||
|
823000
|
heap
|
page read and write
|
||
|
3A2E000
|
stack
|
page read and write
|
||
|
2352000
|
direct allocation
|
page read and write
|
There are 326 hidden memdumps, click here to show them.