Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\f0\52C64B7E
|
@C:\Program Files\Common Files\Microsoft Shared\Office16\oregres.dll,-205
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\f0\52C64B7E
|
@wmploc.dll,-102
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
A19EC76000
|
stack
|
page read and write
|
||
|
1B3DC0D5000
|
heap
|
page read and write
|
||
|
A19EE7E000
|
stack
|
page read and write
|
||
|
1B3DC0CD000
|
heap
|
page read and write
|
||
|
1B3DC0F6000
|
heap
|
page read and write
|
||
|
1B3DDE02000
|
heap
|
page read and write
|
||
|
1B3DDDEA000
|
heap
|
page read and write
|
||
|
1B3DDE0B000
|
heap
|
page read and write
|
||
|
1B3DDDDF000
|
heap
|
page read and write
|
||
|
1B3DDF78000
|
heap
|
page read and write
|
||
|
1B3DDE06000
|
heap
|
page read and write
|
||
|
1B3DC0E4000
|
heap
|
page read and write
|
||
|
1B3DDF87000
|
heap
|
page read and write
|
||
|
1B3DDF92000
|
heap
|
page read and write
|
||
|
1B3DDFD5000
|
heap
|
page read and write
|
||
|
1B3DC0F1000
|
heap
|
page read and write
|
||
|
1B3DBE00000
|
heap
|
page read and write
|
||
|
1B3DDF9C000
|
heap
|
page read and write
|
||
|
1B3DDF92000
|
heap
|
page read and write
|
||
|
1B3DDF0B000
|
heap
|
page read and write
|
||
|
1B3DDE6B000
|
heap
|
page read and write
|
||
|
1B3DDF84000
|
heap
|
page read and write
|
||
|
1B3DDE0F000
|
heap
|
page read and write
|
||
|
1B3DC040000
|
heap
|
page read and write
|
||
|
1B3DDF03000
|
heap
|
page read and write
|
||
|
1B3DDE21000
|
heap
|
page read and write
|
||
|
1B3DDE21000
|
heap
|
page read and write
|
||
|
1B3DC0EB000
|
heap
|
page read and write
|
||
|
1B3DDE6B000
|
heap
|
page read and write
|
||
|
1B3E2A17000
|
heap
|
page read and write
|
||
|
1B3DC128000
|
heap
|
page read and write
|
||
|
1B3E2A1B000
|
heap
|
page read and write
|
||
|
1B3DDF27000
|
heap
|
page read and write
|
||
|
1B3DDF43000
|
heap
|
page read and write
|
||
|
1B3DDDF0000
|
heap
|
page read and write
|
||
|
1B3DDDF0000
|
heap
|
page read and write
|
||
|
1B3DDF84000
|
heap
|
page read and write
|
||
|
1B3DC128000
|
heap
|
page read and write
|
||
|
1B3DC104000
|
heap
|
page read and write
|
||
|
1B3DC0CC000
|
heap
|
page read and write
|
||
|
1B3DDDEA000
|
heap
|
page read and write
|
||
|
1B3DC0CA000
|
heap
|
page read and write
|
||
|
1B3DC0F7000
|
heap
|
page read and write
|
||
|
1B3DC129000
|
heap
|
page read and write
|
||
|
1B3DDA25000
|
heap
|
page read and write
|
||
|
1B3DC135000
|
heap
|
page read and write
|
||
|
1B3DC122000
|
heap
|
page read and write
|
||
|
1B3DDDF6000
|
heap
|
page read and write
|
||
|
1B3DDE06000
|
heap
|
page read and write
|
||
|
1B3DDF0B000
|
heap
|
page read and write
|
||
|
1B3E2A15000
|
heap
|
page read and write
|
||
|
1B3DC128000
|
heap
|
page read and write
|
||
|
1B3DDE6B000
|
heap
|
page read and write
|
||
|
1B3DC0D8000
|
heap
|
page read and write
|
||
|
1B3DDE6B000
|
heap
|
page read and write
|
||
|
1B3DDFC6000
|
heap
|
page read and write
|
||
|
1B3DC0D5000
|
heap
|
page read and write
|
||
|
1B3DDF70000
|
heap
|
page read and write
|
||
|
1B3DDE12000
|
heap
|
page read and write
|
||
|
1B3DDE6B000
|
heap
|
page read and write
|
||
|
A19F2FC000
|
stack
|
page read and write
|
||
|
1B3DDFA0000
|
heap
|
page read and write
|
||
|
A19EFFE000
|
stack
|
page read and write
|
||
|
1B3DDE10000
|
heap
|
page read and write
|
||
|
1B3DDFCB000
|
heap
|
page read and write
|
||
|
1B3DC0FE000
|
heap
|
page read and write
|
||
|
1B3DDE03000
|
heap
|
page read and write
|
||
|
1B3DDE17000
|
heap
|
page read and write
|
||
|
1B3DDF77000
|
heap
|
page read and write
|
||
|
1B3DDE6B000
|
heap
|
page read and write
|
||
|
1B3DDF5E000
|
heap
|
page read and write
|
||
|
1B3DC128000
|
heap
|
page read and write
|
||
|
1B3DDDFB000
|
heap
|
page read and write
|
||
|
1B3DDF1F000
|
heap
|
page read and write
|
||
|
1B3DDDD2000
|
heap
|
page read and write
|
||
|
1B3DC0F7000
|
heap
|
page read and write
|
||
|
1B3DDF5E000
|
heap
|
page read and write
|
||
|
1B3DDE06000
|
heap
|
page read and write
|
||
|
A19F37A000
|
stack
|
page read and write
|
||
|
1B3DDFC8000
|
heap
|
page read and write
|
||
|
1B3DDDFA000
|
heap
|
page read and write
|
||
|
1B3DDFA8000
|
heap
|
page read and write
|
||
|
1B3DDF27000
|
heap
|
page read and write
|
||
|
1B3DC104000
|
heap
|
page read and write
|
||
|
1B3DDF17000
|
heap
|
page read and write
|
||
|
1B3DDF84000
|
heap
|
page read and write
|
||
|
1B3DDE06000
|
heap
|
page read and write
|
||
|
A19EDFE000
|
stack
|
page read and write
|
||
|
1B3DDE6B000
|
heap
|
page read and write
|
||
|
1B3DDF2D000
|
heap
|
page read and write
|
||
|
1B3DDDE6000
|
heap
|
page read and write
|
||
|
A19EEFE000
|
stack
|
page read and write
|
||
|
1B3DDDC0000
|
heap
|
page read and write
|
||
|
1B3DC0FF000
|
heap
|
page read and write
|
||
|
1B3DDF9C000
|
heap
|
page read and write
|
||
|
1B3DC0F9000
|
heap
|
page read and write
|
||
|
A19F1FE000
|
stack
|
page read and write
|
||
|
1B3DDE10000
|
heap
|
page read and write
|
||
|
1B3DC134000
|
heap
|
page read and write
|
||
|
1B3DC100000
|
heap
|
page read and write
|
||
|
1B3DDDFB000
|
heap
|
page read and write
|
||
|
1B3DDE06000
|
heap
|
page read and write
|
||
|
1B3DC102000
|
heap
|
page read and write
|
||
|
1B3DDDED000
|
heap
|
page read and write
|
||
|
1B3E2A39000
|
heap
|
page read and write
|
||
|
7DF4B1931000
|
trusted library allocation
|
page execute read
|