Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
209AD3F8000
|
heap
|
page read and write
|
||
|
209AD42E000
|
heap
|
page read and write
|
||
|
209AB58B000
|
heap
|
page read and write
|
||
|
209AD4F2000
|
heap
|
page read and write
|
||
|
209AB350000
|
heap
|
page read and write
|
||
|
209AD42A000
|
heap
|
page read and write
|
||
|
209AFD2D000
|
heap
|
page read and write
|
||
|
209AD432000
|
heap
|
page read and write
|
||
|
209AD413000
|
heap
|
page read and write
|
||
|
209AD577000
|
heap
|
page read and write
|
||
|
209AD41D000
|
heap
|
page read and write
|
||
|
209AD41D000
|
heap
|
page read and write
|
||
|
209AD422000
|
heap
|
page read and write
|
||
|
209AD58D000
|
heap
|
page read and write
|
||
|
209AB587000
|
heap
|
page read and write
|
||
|
209AD5A8000
|
heap
|
page read and write
|
||
|
209AD51B000
|
heap
|
page read and write
|
||
|
209AB57A000
|
heap
|
page read and write
|
||
|
209AB5DD000
|
heap
|
page read and write
|
||
|
209AD41A000
|
heap
|
page read and write
|
||
|
209AD41D000
|
heap
|
page read and write
|
||
|
209AD407000
|
heap
|
page read and write
|
||
|
209AD4F5000
|
heap
|
page read and write
|
||
|
209AD433000
|
heap
|
page read and write
|
||
|
209AD439000
|
heap
|
page read and write
|
||
|
209AD432000
|
heap
|
page read and write
|
||
|
209AD505000
|
heap
|
page read and write
|
||
|
209AD436000
|
heap
|
page read and write
|
||
|
209AB56E000
|
heap
|
page read and write
|
||
|
209AD426000
|
heap
|
page read and write
|
||
|
E0DD77E000
|
stack
|
page read and write
|
||
|
209AD439000
|
heap
|
page read and write
|
||
|
209AD40E000
|
heap
|
page read and write
|
||
|
209AB57B000
|
heap
|
page read and write
|
||
|
209AD41D000
|
heap
|
page read and write
|
||
|
209AB57F000
|
heap
|
page read and write
|
||
|
209AD436000
|
heap
|
page read and write
|
||
|
209AD403000
|
heap
|
page read and write
|
||
|
209AD50E000
|
heap
|
page read and write
|
||
|
209AFD33000
|
heap
|
page read and write
|
||
|
209AD5B5000
|
heap
|
page read and write
|
||
|
209AD42E000
|
heap
|
page read and write
|
||
|
209AFD3C000
|
heap
|
page read and write
|
||
|
209AD413000
|
heap
|
page read and write
|
||
|
209AD521000
|
heap
|
page read and write
|
||
|
209AD5B9000
|
heap
|
page read and write
|
||
|
209AB5A2000
|
heap
|
page read and write
|
||
|
209AD523000
|
heap
|
page read and write
|
||
|
209AB582000
|
heap
|
page read and write
|
||
|
209B0020000
|
trusted library allocation
|
page read and write
|
||
|
209AB430000
|
heap
|
page read and write
|
||
|
209AD436000
|
heap
|
page read and write
|
||
|
209AD41A000
|
heap
|
page read and write
|
||
|
209AD426000
|
heap
|
page read and write
|
||
|
209AB5B3000
|
heap
|
page read and write
|
||
|
209AD426000
|
heap
|
page read and write
|
||
|
209AD503000
|
heap
|
page read and write
|
||
|
209AB58B000
|
heap
|
page read and write
|
||
|
209AD587000
|
heap
|
page read and write
|
||
|
209AD426000
|
heap
|
page read and write
|
||
|
209AB587000
|
heap
|
page read and write
|
||
|
209AD413000
|
heap
|
page read and write
|
||
|
209AD426000
|
heap
|
page read and write
|
||
|
209AB58D000
|
heap
|
page read and write
|
||
|
209AFD00000
|
heap
|
page read and write
|
||
|
209AD58D000
|
heap
|
page read and write
|
||
|
209AD432000
|
heap
|
page read and write
|
||
|
7DF47A551000
|
trusted library allocation
|
page execute read
|
||
|
209AD5A8000
|
heap
|
page read and write
|
||
|
209AF5F0000
|
trusted library allocation
|
page read and write
|
||
|
209AD42A000
|
heap
|
page read and write
|
||
|
209AD526000
|
heap
|
page read and write
|
||
|
209AB577000
|
heap
|
page read and write
|
||
|
209AD526000
|
heap
|
page read and write
|
||
|
209AD414000
|
heap
|
page read and write
|
||
|
209AFD1D000
|
heap
|
page read and write
|
||
|
209AD577000
|
heap
|
page read and write
|
||
|
209AD503000
|
heap
|
page read and write
|
||
|
209AFD2E000
|
heap
|
page read and write
|
||
|
209AB589000
|
heap
|
page read and write
|
||
|
209AFD17000
|
heap
|
page read and write
|
||
|
E0DD2FE000
|
stack
|
page read and write
|
||
|
209AD58D000
|
heap
|
page read and write
|
||
|
209AD3F9000
|
heap
|
page read and write
|
||
|
209AD41D000
|
heap
|
page read and write
|
||
|
209AD505000
|
heap
|
page read and write
|
||
|
E0DD4FD000
|
stack
|
page read and write
|
||
|
209AD41D000
|
heap
|
page read and write
|
||
|
209AB582000
|
heap
|
page read and write
|
||
|
209AD40F000
|
heap
|
page read and write
|
||
|
E0DD47C000
|
stack
|
page read and write
|
||
|
209AD41D000
|
heap
|
page read and write
|
||
|
209AD42A000
|
heap
|
page read and write
|
||
|
209AB58D000
|
heap
|
page read and write
|
||
|
209AD42A000
|
heap
|
page read and write
|
||
|
209AD422000
|
heap
|
page read and write
|
||
|
209AB58D000
|
heap
|
page read and write
|
||
|
209AD507000
|
heap
|
page read and write
|
||
|
209AD42A000
|
heap
|
page read and write
|
||
|
209AD432000
|
heap
|
page read and write
|
||
|
E0DD97E000
|
stack
|
page read and write
|
||
|
209AD426000
|
heap
|
page read and write
|
||
|
209AB5A8000
|
heap
|
page read and write
|
||
|
209AD3E0000
|
heap
|
page read and write
|
||
|
209AD5A8000
|
heap
|
page read and write
|
||
|
209AD410000
|
heap
|
page read and write
|
||
|
209AD426000
|
heap
|
page read and write
|
||
|
209AD553000
|
heap
|
page read and write
|
||
|
209AB4E0000
|
heap
|
page read and write
|
||
|
209AD587000
|
heap
|
page read and write
|
||
|
E0DD87B000
|
stack
|
page read and write
|
||
|
209AD40A000
|
heap
|
page read and write
|
||
|
209AFD1D000
|
heap
|
page read and write
|
||
|
209AD413000
|
heap
|
page read and write
|
||
|
209AB56C000
|
heap
|
page read and write
|
||
|
209AD501000
|
heap
|
page read and write
|
||
|
209AD42E000
|
heap
|
page read and write
|
||
|
209AD422000
|
heap
|
page read and write
|
||
|
209AB566000
|
heap
|
page read and write
|
||
|
209AD408000
|
heap
|
page read and write
|
||
|
209AD51A000
|
heap
|
page read and write
|
||
|
209AD432000
|
heap
|
page read and write
|
||
|
209AD50E000
|
heap
|
page read and write
|
||
|
209AFD0D000
|
heap
|
page read and write
|
||
|
209AD41D000
|
heap
|
page read and write
|
||
|
209AB58B000
|
heap
|
page read and write
|
||
|
209AD41D000
|
heap
|
page read and write
|
||
|
209AFD42000
|
heap
|
page read and write
|
||
|
209AB58B000
|
heap
|
page read and write
|
||
|
209AD40A000
|
heap
|
page read and write
|
||
|
209AB58D000
|
heap
|
page read and write
|
||
|
209AD4FE000
|
heap
|
page read and write
|
||
|
209AFD19000
|
heap
|
page read and write
|
||
|
209AB5A5000
|
heap
|
page read and write
|
||
|
209AD57B000
|
heap
|
page read and write
|
||
|
209AD57B000
|
heap
|
page read and write
|
||
|
209AD555000
|
heap
|
page read and write
|
||
|
209AD50E000
|
heap
|
page read and write
|
||
|
209AD432000
|
heap
|
page read and write
|
||
|
E0DD57B000
|
stack
|
page read and write
|
||
|
209AB5DD000
|
heap
|
page read and write
|
||
|
209AB575000
|
heap
|
page read and write
|
||
|
209AD413000
|
heap
|
page read and write
|
||
|
209AD41D000
|
heap
|
page read and write
|
||
|
209AD5B2000
|
heap
|
page read and write
|
||
|
209AD40E000
|
heap
|
page read and write
|
||
|
209AB470000
|
heap
|
page read and write
|
||
|
209AFD09000
|
heap
|
page read and write
|
||
|
209AB57C000
|
heap
|
page read and write
|
||
|
209AB5A7000
|
heap
|
page read and write
|
||
|
209AD436000
|
heap
|
page read and write
|
||
|
209AD432000
|
heap
|
page read and write
|
||
|
209AB569000
|
heap
|
page read and write
|
||
|
209AFD18000
|
heap
|
page read and write
|
||
|
209AB575000
|
heap
|
page read and write
|
||
|
209AD436000
|
heap
|
page read and write
|
||
|
209AB56C000
|
heap
|
page read and write
|
||
|
209AD4F2000
|
heap
|
page read and write
|
||
|
209AB4F1000
|
heap
|
page read and write
|
||
|
209AD418000
|
heap
|
page read and write
|
||
|
209AD403000
|
heap
|
page read and write
|
||
|
209B01C0000
|
heap
|
page read and write
|
||
|
209AD436000
|
heap
|
page read and write
|
||
|
209AD4FF000
|
heap
|
page read and write
|
||
|
209AD4F2000
|
heap
|
page read and write
|
||
|
209AD40E000
|
heap
|
page read and write
|
||
|
209AD555000
|
heap
|
page read and write
|
||
|
209AD4E0000
|
heap
|
page read and write
|
||
|
209AFD0B000
|
heap
|
page read and write
|
||
|
209AD522000
|
heap
|
page read and write
|
||
|
209AB5DD000
|
heap
|
page read and write
|
||
|
209AB582000
|
heap
|
page read and write
|
||
|
209AB5A8000
|
heap
|
page read and write
|
||
|
209AD560000
|
heap
|
page read and write
|
||
|
209AD58D000
|
heap
|
page read and write
|
||
|
209AD436000
|
heap
|
page read and write
|
||
|
209AD42E000
|
heap
|
page read and write
|
||
|
209AD41A000
|
heap
|
page read and write
|
||
|
209AD57B000
|
heap
|
page read and write
|
||
|
209AD51A000
|
heap
|
page read and write
|
||
|
209AD41D000
|
heap
|
page read and write
|
||
|
209AD501000
|
heap
|
page read and write
|
||
|
209AB57B000
|
heap
|
page read and write
|
||
|
209AB582000
|
heap
|
page read and write
|
||
|
209ACDF0000
|
heap
|
page read and write
|
||
|
209AD42A000
|
heap
|
page read and write
|
||
|
209AD4E2000
|
heap
|
page read and write
|
||
|
209ACFF0000
|
heap
|
page read and write
|
||
|
209AD436000
|
heap
|
page read and write
|
||
|
209AD587000
|
heap
|
page read and write
|
||
|
209AD516000
|
heap
|
page read and write
|
||
|
E0DD3FE000
|
stack
|
page read and write
|
||
|
209AB5D7000
|
heap
|
page read and write
|
||
|
E0DD37E000
|
stack
|
page read and write
|
||
|
209AD40E000
|
heap
|
page read and write
|
||
|
209AFD34000
|
heap
|
page read and write
|
||
|
209AB587000
|
heap
|
page read and write
|
||
|
209AB584000
|
heap
|
page read and write
|
||
|
209AB586000
|
heap
|
page read and write
|
||
|
209AD413000
|
heap
|
page read and write
|
||
|
209AB58D000
|
heap
|
page read and write
|
||
|
209AD41D000
|
heap
|
page read and write
|
||
|
209AB54E000
|
heap
|
page read and write
|
||
|
209AD42A000
|
heap
|
page read and write
|
||
|
209AB5B0000
|
heap
|
page read and write
|
||
|
209AD432000
|
heap
|
page read and write
|
||
|
209AD3FB000
|
heap
|
page read and write
|
||
|
209AD4FD000
|
heap
|
page read and write
|
||
|
209AB5AC000
|
heap
|
page read and write
|
||
|
209AD419000
|
heap
|
page read and write
|
||
|
209AD577000
|
heap
|
page read and write
|
||
|
209AD402000
|
heap
|
page read and write
|
||
|
209AD3F0000
|
heap
|
page read and write
|
||
|
209AB5B1000
|
heap
|
page read and write
|
||
|
209AD4EA000
|
heap
|
page read and write
|
||
|
209AD540000
|
heap
|
page read and write
|
||
|
209AD577000
|
heap
|
page read and write
|
||
|
209B1F00000
|
heap
|
page readonly
|
||
|
209AD507000
|
heap
|
page read and write
|
||
|
209AD42E000
|
heap
|
page read and write
|
||
|
209AB58C000
|
heap
|
page read and write
|
||
|
209AD439000
|
heap
|
page read and write
|
||
|
209AB582000
|
heap
|
page read and write
|
||
|
209AD413000
|
heap
|
page read and write
|
||
|
209AB56C000
|
heap
|
page read and write
|
||
|
209AB57B000
|
heap
|
page read and write
|
||
|
209AB5CA000
|
heap
|
page read and write
|
||
|
209AD50E000
|
heap
|
page read and write
|
||
|
209AD5BA000
|
heap
|
page read and write
|
||
|
209AB581000
|
heap
|
page read and write
|
||
|
209AD563000
|
heap
|
page read and write
|
||
|
209AD426000
|
heap
|
page read and write
|
||
|
209AD42E000
|
heap
|
page read and write
|
||
|
209AB5D9000
|
heap
|
page read and write
|
||
|
209AD422000
|
heap
|
page read and write
|
||
|
209AD3F0000
|
heap
|
page read and write
|
||
|
209AD587000
|
heap
|
page read and write
|
||
|
209AB5B1000
|
heap
|
page read and write
|
||
|
209AD5A8000
|
heap
|
page read and write
|
||
|
209ACDF5000
|
heap
|
page read and write
|
||
|
209AD422000
|
heap
|
page read and write
|
||
|
209AD57B000
|
heap
|
page read and write
|
||
|
209AD439000
|
heap
|
page read and write
|
||
|
209AD42A000
|
heap
|
page read and write
|
||
|
209AB588000
|
heap
|
page read and write
|
||
|
209AD55F000
|
heap
|
page read and write
|
||
|
209AD42E000
|
heap
|
page read and write
|
||
|
209AD40F000
|
heap
|
page read and write
|
||
|
209AFD3A000
|
heap
|
page read and write
|
||
|
209AFD17000
|
heap
|
page read and write
|
||
|
209AD422000
|
heap
|
page read and write
|
||
|
E0DD277000
|
stack
|
page read and write
|
||
|
E0DD7FC000
|
stack
|
page read and write
|
||
|
209AB5C6000
|
heap
|
page read and write
|
||
|
209AD422000
|
heap
|
page read and write
|
||
|
209AD40E000
|
heap
|
page read and write
|
||
|
209AD3F5000
|
heap
|
page read and write
|
||
|
209AD53F000
|
heap
|
page read and write
|
||
|
209AFD0D000
|
heap
|
page read and write
|
||
|
209AD525000
|
heap
|
page read and write
|
||
|
209AD3F0000
|
heap
|
page read and write
|
||
|
209AD436000
|
heap
|
page read and write
|
||
|
209AD42E000
|
heap
|
page read and write
|
||
|
209AB575000
|
heap
|
page read and write
|
There are 254 hidden memdumps, click here to show them.