Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
14FB9E2E000
|
heap
|
page read and write
|
||
|
14FB975E000
|
heap
|
page read and write
|
||
|
14FB7CEB000
|
heap
|
page read and write
|
||
|
14FB7D77000
|
heap
|
page read and write
|
||
|
14FB7D4F000
|
heap
|
page read and write
|
||
|
14FB9DA8000
|
heap
|
page read and write
|
||
|
14FB9E28000
|
heap
|
page read and write
|
||
|
152A57D000
|
stack
|
page read and write
|
||
|
14FB9CCA000
|
heap
|
page read and write
|
||
|
14FB9CAF000
|
heap
|
page read and write
|
||
|
14FB7D86000
|
heap
|
page read and write
|
||
|
14FB9CC5000
|
heap
|
page read and write
|
||
|
14FB9DB0000
|
heap
|
page read and write
|
||
|
14FB9CCE000
|
heap
|
page read and write
|
||
|
14FB9DA8000
|
heap
|
page read and write
|
||
|
14FB9CA8000
|
heap
|
page read and write
|
||
|
14FB9CCE000
|
heap
|
page read and write
|
||
|
14FB9DAA000
|
heap
|
page read and write
|
||
|
14FB9E45000
|
heap
|
page read and write
|
||
|
14FB9CBA000
|
heap
|
page read and write
|
||
|
14FB9930000
|
heap
|
page read and write
|
||
|
14FB9CAA000
|
heap
|
page read and write
|
||
|
14FB7D78000
|
heap
|
page read and write
|
||
|
14FB9DB8000
|
heap
|
page read and write
|
||
|
14FB9CCE000
|
heap
|
page read and write
|
||
|
14FB9CCA000
|
heap
|
page read and write
|
||
|
14FB9CAF000
|
heap
|
page read and write
|
||
|
14FB9E49000
|
heap
|
page read and write
|
||
|
14FB9E6D000
|
heap
|
page read and write
|
||
|
14FB7D6D000
|
heap
|
page read and write
|
||
|
14FBC619000
|
heap
|
page read and write
|
||
|
14FB7D89000
|
heap
|
page read and write
|
||
|
14FB9DA6000
|
heap
|
page read and write
|
||
|
14FB9DA2000
|
heap
|
page read and write
|
||
|
14FB7C80000
|
heap
|
page read and write
|
||
|
14FB9DBF000
|
heap
|
page read and write
|
||
|
14FB9D9C000
|
heap
|
page read and write
|
||
|
14FB9CB7000
|
heap
|
page read and write
|
||
|
14FB7DA3000
|
heap
|
page read and write
|
||
|
14FB9CC5000
|
heap
|
page read and write
|
||
|
14FB9E2A000
|
heap
|
page read and write
|
||
|
14FB9CAF000
|
heap
|
page read and write
|
||
|
14FB9E49000
|
heap
|
page read and write
|
||
|
14FB9C90000
|
heap
|
page read and write
|
||
|
14FB9CCA000
|
heap
|
page read and write
|
||
|
14FB9E40000
|
heap
|
page read and write
|
||
|
14FB9CCB000
|
heap
|
page read and write
|
||
|
14FB7D93000
|
heap
|
page read and write
|
||
|
14FB9E2E000
|
heap
|
page read and write
|
||
|
14FBBED0000
|
trusted library allocation
|
page read and write
|
||
|
14FB9E76000
|
heap
|
page read and write
|
||
|
14FB7DBA000
|
heap
|
page read and write
|
||
|
14FB9C96000
|
heap
|
page read and write
|
||
|
14FB7D8C000
|
heap
|
page read and write
|
||
|
14FB9DB0000
|
heap
|
page read and write
|
||
|
14FB9CBF000
|
heap
|
page read and write
|
||
|
14FB7D78000
|
heap
|
page read and write
|
||
|
14FB7DA7000
|
heap
|
page read and write
|
||
|
14FB7D80000
|
heap
|
page read and write
|
||
|
14FB9CAF000
|
heap
|
page read and write
|
||
|
14FBC617000
|
heap
|
page read and write
|
||
|
14FB9CBA000
|
heap
|
page read and write
|
||
|
14FB9DBF000
|
heap
|
page read and write
|
||
|
14FB7D57000
|
heap
|
page read and write
|
||
|
14FB9E26000
|
heap
|
page read and write
|
||
|
14FB9C9C000
|
heap
|
page read and write
|
||
|
14FB9DBF000
|
heap
|
page read and write
|
||
|
14FB9E45000
|
heap
|
page read and write
|
||
|
14FB9E49000
|
heap
|
page read and write
|
||
|
14FB9CB5000
|
heap
|
page read and write
|
||
|
14FB7D63000
|
heap
|
page read and write
|
||
|
14FBC5D0000
|
heap
|
page read and write
|
||
|
14FB9E45000
|
heap
|
page read and write
|
||
|
14FB7D62000
|
heap
|
page read and write
|
||
|
14FB9755000
|
heap
|
page read and write
|
||
|
14FB975E000
|
heap
|
page read and write
|
||
|
14FB9E6D000
|
heap
|
page read and write
|
||
|
14FB9E3C000
|
heap
|
page read and write
|
||
|
14FB7D63000
|
heap
|
page read and write
|
||
|
14FB7D81000
|
heap
|
page read and write
|
||
|
14FB9CC5000
|
heap
|
page read and write
|
||
|
14FB9E76000
|
heap
|
page read and write
|
||
|
14FB9E3C000
|
heap
|
page read and write
|
||
|
14FB7D6E000
|
heap
|
page read and write
|
||
|
14FB7DB1000
|
heap
|
page read and write
|
||
|
14FB9E49000
|
heap
|
page read and write
|
||
|
14FB9E2E000
|
heap
|
page read and write
|
||
|
14FBC8F0000
|
trusted library allocation
|
page read and write
|
||
|
14FB7D4F000
|
heap
|
page read and write
|
||
|
14FBC5F4000
|
heap
|
page read and write
|
||
|
152A8FE000
|
stack
|
page read and write
|
||
|
14FB9CA7000
|
heap
|
page read and write
|
||
|
14FB9CBA000
|
heap
|
page read and write
|
||
|
14FB9DBF000
|
heap
|
page read and write
|
||
|
7DF436851000
|
trusted library allocation
|
page execute read
|
||
|
14FB9CC5000
|
heap
|
page read and write
|
||
|
14FB9DA0000
|
heap
|
page read and write
|
||
|
14FB9CC5000
|
heap
|
page read and write
|
||
|
14FB9C80000
|
heap
|
page read and write
|
||
|
14FB9DA2000
|
heap
|
page read and write
|
||
|
14FB7DB6000
|
heap
|
page read and write
|
||
|
14FB9E49000
|
heap
|
page read and write
|
||
|
14FB9E29000
|
heap
|
page read and write
|
||
|
14FB9D80000
|
heap
|
page read and write
|
||
|
14FB7D4B000
|
heap
|
page read and write
|
||
|
14FB9DA4000
|
heap
|
page read and write
|
||
|
14FB9CCA000
|
heap
|
page read and write
|
||
|
14FB9CCA000
|
heap
|
page read and write
|
||
|
14FB9E40000
|
heap
|
page read and write
|
||
|
14FB7D57000
|
heap
|
page read and write
|
||
|
14FB9C99000
|
heap
|
page read and write
|
||
|
14FB9CC6000
|
heap
|
page read and write
|
||
|
14FB7CC0000
|
heap
|
page read and write
|
||
|
14FB9CAF000
|
heap
|
page read and write
|
||
|
14FB9E6D000
|
heap
|
page read and write
|
||
|
14FBC5DB000
|
heap
|
page read and write
|
||
|
14FB7D7B000
|
heap
|
page read and write
|
||
|
14FB9C98000
|
heap
|
page read and write
|
||
|
14FB7D83000
|
heap
|
page read and write
|
||
|
152A086000
|
stack
|
page read and write
|
||
|
14FB9D8A000
|
heap
|
page read and write
|
||
|
14FB9E3C000
|
heap
|
page read and write
|
||
|
14FB9CDB000
|
heap
|
page read and write
|
||
|
14FB9E5C000
|
heap
|
page read and write
|
||
|
14FB9C9C000
|
heap
|
page read and write
|
||
|
14FB9CC5000
|
heap
|
page read and write
|
||
|
14FB9E22000
|
heap
|
page read and write
|
||
|
14FB9CAF000
|
heap
|
page read and write
|
||
|
14FB9E6D000
|
heap
|
page read and write
|
||
|
14FBC607000
|
heap
|
page read and write
|
||
|
14FBC601000
|
heap
|
page read and write
|
||
|
14FB9E40000
|
heap
|
page read and write
|
||
|
14FBC617000
|
heap
|
page read and write
|
||
|
14FB9CBF000
|
heap
|
page read and write
|
||
|
14FB9CA9000
|
heap
|
page read and write
|
||
|
14FB7D8A000
|
heap
|
page read and write
|
||
|
14FB9CBF000
|
heap
|
page read and write
|
||
|
14FB7D78000
|
heap
|
page read and write
|
||
|
14FB9CB1000
|
heap
|
page read and write
|
||
|
14FB7D4F000
|
heap
|
page read and write
|
||
|
14FB9CBA000
|
heap
|
page read and write
|
||
|
14FB9E5C000
|
heap
|
page read and write
|
||
|
14FB9D92000
|
heap
|
page read and write
|
||
|
14FB7DBD000
|
heap
|
page read and write
|
||
|
14FB9E40000
|
heap
|
page read and write
|
||
|
14FB9E45000
|
heap
|
page read and write
|
||
|
14FB9D94000
|
heap
|
page read and write
|
||
|
14FB9CBF000
|
heap
|
page read and write
|
||
|
14FBC5F8000
|
heap
|
page read and write
|
||
|
14FB7D7A000
|
heap
|
page read and write
|
||
|
14FB7C30000
|
heap
|
page read and write
|
||
|
14FB9E2E000
|
heap
|
page read and write
|
||
|
14FB7C40000
|
heap
|
page read and write
|
||
|
14FB9CCE000
|
heap
|
page read and write
|
||
|
14FB7D57000
|
heap
|
page read and write
|
||
|
14FB9D9E000
|
heap
|
page read and write
|
||
|
14FB9CD3000
|
heap
|
page read and write
|
||
|
14FB9CA8000
|
heap
|
page read and write
|
||
|
14FB9CBF000
|
heap
|
page read and write
|
||
|
14FB9E3C000
|
heap
|
page read and write
|
||
|
14FB9CD3000
|
heap
|
page read and write
|
||
|
14FB9E1A000
|
heap
|
page read and write
|
||
|
14FB7D80000
|
heap
|
page read and write
|
||
|
14FB9CCA000
|
heap
|
page read and write
|
||
|
14FB7D63000
|
heap
|
page read and write
|
||
|
14FBC5DE000
|
heap
|
page read and write
|
||
|
14FB9E1C000
|
heap
|
page read and write
|
||
|
14FB9DA0000
|
heap
|
page read and write
|
||
|
14FB9CAB000
|
heap
|
page read and write
|
||
|
152A18E000
|
stack
|
page read and write
|
||
|
14FB7DBA000
|
heap
|
page read and write
|
||
|
14FBC60E000
|
heap
|
page read and write
|
||
|
14FBC5E6000
|
heap
|
page read and write
|
||
|
14FB9CCA000
|
heap
|
page read and write
|
||
|
14FB9CC2000
|
heap
|
page read and write
|
||
|
152A47F000
|
stack
|
page read and write
|
||
|
14FBC61C000
|
heap
|
page read and write
|
||
|
14FB9E5C000
|
heap
|
page read and write
|
||
|
14FB9CC5000
|
heap
|
page read and write
|
||
|
14FB9CD3000
|
heap
|
page read and write
|
||
|
152A7FB000
|
stack
|
page read and write
|
||
|
14FB7D61000
|
heap
|
page read and write
|
||
|
14FB7D82000
|
heap
|
page read and write
|
||
|
14FB9CB5000
|
heap
|
page read and write
|
||
|
14FBC60B000
|
heap
|
page read and write
|
||
|
14FB7D7D000
|
heap
|
page read and write
|
||
|
14FB9CCE000
|
heap
|
page read and write
|
||
|
14FB9D9E000
|
heap
|
page read and write
|
||
|
14FB9CCA000
|
heap
|
page read and write
|
||
|
14FB9CD3000
|
heap
|
page read and write
|
||
|
14FB9CB2000
|
heap
|
page read and write
|
||
|
14FBE7D0000
|
heap
|
page readonly
|
||
|
14FB9E76000
|
heap
|
page read and write
|
||
|
14FB9C9C000
|
heap
|
page read and write
|
||
|
152A10E000
|
stack
|
page read and write
|
||
|
14FB9CB5000
|
heap
|
page read and write
|
||
|
14FB7D78000
|
heap
|
page read and write
|
||
|
14FB9CCE000
|
heap
|
page read and write
|
||
|
14FB9E5C000
|
heap
|
page read and write
|
||
|
14FB9E3C000
|
heap
|
page read and write
|
||
|
14FB9CBF000
|
heap
|
page read and write
|
||
|
14FB7D51000
|
heap
|
page read and write
|
||
|
14FB9E5C000
|
heap
|
page read and write
|
||
|
14FB9CCE000
|
heap
|
page read and write
|
||
|
14FB9CB5000
|
heap
|
page read and write
|
||
|
14FB7D78000
|
heap
|
page read and write
|
||
|
14FB9C90000
|
heap
|
page read and write
|
||
|
14FBC602000
|
heap
|
page read and write
|
||
|
14FB9D98000
|
heap
|
page read and write
|
||
|
14FB7D5E000
|
heap
|
page read and write
|
||
|
14FB9E21000
|
heap
|
page read and write
|
||
|
14FB9CC5000
|
heap
|
page read and write
|
||
|
14FB9E24000
|
heap
|
page read and write
|
||
|
14FB9CBA000
|
heap
|
page read and write
|
||
|
14FBC9A0000
|
heap
|
page read and write
|
||
|
14FB9CAF000
|
heap
|
page read and write
|
||
|
14FBC5E9000
|
heap
|
page read and write
|
||
|
14FB9DA4000
|
heap
|
page read and write
|
||
|
14FB9CBF000
|
heap
|
page read and write
|
||
|
14FB9DB8000
|
heap
|
page read and write
|
||
|
152A5FB000
|
stack
|
page read and write
|
||
|
14FB9CB5000
|
heap
|
page read and write
|
||
|
14FB9CBF000
|
heap
|
page read and write
|
||
|
14FB9E0B000
|
heap
|
page read and write
|
||
|
14FB9E6D000
|
heap
|
page read and write
|
||
|
14FB9E3C000
|
heap
|
page read and write
|
||
|
14FB9DA6000
|
heap
|
page read and write
|
||
|
14FB9E5C000
|
heap
|
page read and write
|
||
|
14FB9E76000
|
heap
|
page read and write
|
||
|
14FB9DB8000
|
heap
|
page read and write
|
||
|
14FB9750000
|
heap
|
page read and write
|
||
|
14FB9CB0000
|
heap
|
page read and write
|
||
|
152A4FC000
|
stack
|
page read and write
|
||
|
14FB9DB0000
|
heap
|
page read and write
|
||
|
14FB975D000
|
heap
|
page read and write
|
||
|
14FBC617000
|
heap
|
page read and write
|
||
|
14FB7D63000
|
heap
|
page read and write
|
||
|
14FB9E1A000
|
heap
|
page read and write
|
||
|
14FB9CAF000
|
heap
|
page read and write
|
||
|
14FB7DBE000
|
heap
|
page read and write
|
||
|
14FB9E40000
|
heap
|
page read and write
|
||
|
14FB7D90000
|
heap
|
page read and write
|
||
|
14FBC60D000
|
heap
|
page read and write
|
||
|
14FB9DB0000
|
heap
|
page read and write
|
||
|
14FB9C9C000
|
heap
|
page read and write
|
||
|
14FB7D5F000
|
heap
|
page read and write
|
||
|
14FB9CAB000
|
heap
|
page read and write
|
||
|
14FB9E2E000
|
heap
|
page read and write
|
||
|
14FB9E2E000
|
heap
|
page read and write
|
||
|
14FB7D57000
|
heap
|
page read and write
|
||
|
14FB9E45000
|
heap
|
page read and write
|
||
|
14FB9E76000
|
heap
|
page read and write
|
||
|
14FB9E45000
|
heap
|
page read and write
|
||
|
14FB7D30000
|
heap
|
page read and write
|
||
|
14FB9CB5000
|
heap
|
page read and write
|
||
|
14FBC618000
|
heap
|
page read and write
|
There are 246 hidden memdumps, click here to show them.