Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\mspaint.exe
|
mspaint.exe "C:\Users\user\Desktop\BILL # 965415965285.jpg"
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
97E7000
|
trusted library allocation
|
page read and write
|
||
|
98FA000
|
trusted library allocation
|
page read and write
|
||
|
BFB4000
|
trusted library allocation
|
page read and write
|
||
|
9632000
|
trusted library allocation
|
page read and write
|
||
|
BACA000
|
trusted library allocation
|
page read and write
|
||
|
5201000
|
heap
|
page read and write
|
||
|
9400000
|
trusted library allocation
|
page read and write
|
||
|
23E4BE76000
|
heap
|
page read and write
|
||
|
87B0000
|
trusted library allocation
|
page read and write
|
||
|
8801000
|
trusted library allocation
|
page read and write
|
||
|
5201000
|
heap
|
page read and write
|
||
|
2ACF9302000
|
heap
|
page read and write
|
||
|
B960000
|
trusted library allocation
|
page read and write
|
||
|
1F77D265000
|
heap
|
page read and write
|
||
|
1F77DB00000
|
heap
|
page read and write
|
||
|
61C647B000
|
stack
|
page read and write
|
||
|
91A7000
|
trusted library allocation
|
page read and write
|
||
|
BD41000
|
trusted library allocation
|
page read and write
|
||
|
94C3000
|
trusted library allocation
|
page read and write
|
||
|
1DEE6A02000
|
trusted library allocation
|
page read and write
|
||
|
C3A0000
|
trusted library allocation
|
page read and write
|
||
|
979F000
|
trusted library allocation
|
page read and write
|
||
|
B9DF000
|
trusted library allocation
|
page read and write
|
||
|
813F000
|
trusted library allocation
|
page read and write
|
||
|
5201000
|
heap
|
page read and write
|
||
|
20832864000
|
heap
|
page read and write
|
||
|
C665000
|
trusted library allocation
|
page read and write
|
||
|
BC70000
|
trusted library allocation
|
page read and write
|
||
|
9935000
|
trusted library allocation
|
page read and write
|
||
|
BCD0000
|
trusted library allocation
|
page read and write
|
||
|
39F4000
|
heap
|
page read and write
|
||
|
5201000
|
heap
|
page read and write
|
||
|
8507000
|
trusted library allocation
|
page read and write
|
||
|
9685000
|
trusted library allocation
|
page read and write
|
||
|
983D000
|
trusted library allocation
|
page read and write
|
||
|
BE92000
|
trusted library allocation
|
page read and write
|
||
|
8684000
|
trusted library allocation
|
page read and write
|
||
|
6B60000
|
trusted library allocation
|
page read and write
|
||
|
A8656FE000
|
stack
|
page read and write
|
||
|
BBD9000
|
trusted library allocation
|
page read and write
|
||
|
BD03000
|
trusted library allocation
|
page read and write
|
||
|
96BB000
|
trusted library allocation
|
page read and write
|
||
|
84BD000
|
trusted library allocation
|
page read and write
|
||
|
B8DF000
|
trusted library allocation
|
page read and write
|
||
|
D437000
|
trusted library allocation
|
page read and write
|
||
|
9E8476C000
|
stack
|
page read and write
|
||
|
5201000
|
heap
|
page read and write
|
||
|
5201000
|
heap
|
page read and write
|
||
|
98A7000
|
trusted library allocation
|
page read and write
|
||
|
BC5A000
|
trusted library allocation
|
page read and write
|
||
|
84CF000
|
trusted library allocation
|
page read and write
|
||
|
8A9B000
|
trusted library allocation
|
page read and write
|
||
|
5201000
|
heap
|
page read and write
|
||
|
5201000
|
heap
|
page read and write
|
||
|
BD52000
|
trusted library allocation
|
page read and write
|
||
|
8510000
|
trusted library allocation
|
page read and write
|
||
|
C727000
|
trusted library allocation
|
page read and write
|
||
|
CC08000
|
trusted library allocation
|
page read and write
|
||
|
B94B000
|
trusted library allocation
|
page read and write
|
||
|
98E8000
|
trusted library allocation
|
page read and write
|
||
|
8A92000
|
trusted library allocation
|
page read and write
|
||
|
BA4B000
|
trusted library allocation
|
page read and write
|
||
|
5201000
|
heap
|
page read and write
|
||
|
D458000
|
trusted library allocation
|
page read and write
|
||
|
CBB2000
|
trusted library allocation
|
page read and write
|
||
|
1D8A2602000
|
unkown
|
page read and write
|
||
|
5201000
|
heap
|
page read and write
|
||
|
2DBD17C000
|
stack
|
page read and write
|
||
|
987E000
|
trusted library allocation
|
page read and write
|
||
|
97CA000
|
trusted library allocation
|
page read and write
|
||
|
977B000
|
trusted library allocation
|
page read and write
|
||
|
5201000
|
heap
|
page read and write
|
||
|
BA9A000
|
trusted library allocation
|
page read and write
|
||
|
39F4000
|
heap
|
page read and write
|
||
|
C8CA000
|
trusted library allocation
|
page read and write
|
||
|
C8C8000
|
trusted library allocation
|
page read and write
|
||
|
B7D85FB000
|
stack
|
page read and write
|
||
|
B8EB000
|
trusted library allocation
|
page read and write
|
||
|
966C000
|
trusted library allocation
|
page read and write
|
||
|
9644000
|
trusted library allocation
|
page read and write
|
||
|
8AEC000
|
trusted library allocation
|
page read and write
|
||
|
9772000
|
trusted library allocation
|
page read and write
|
||
|
39F4000
|
heap
|
page read and write
|
||
|
39F4000
|
heap
|
page read and write
|
||
|
5201000
|
heap
|
page read and write
|
||
|
94E2000
|
trusted library allocation
|
page read and write
|
||
|
8C60000
|
trusted library allocation
|
page read and write
|
||
|
D434000
|
trusted library allocation
|
page read and write
|
||
|
D150000
|
trusted library allocation
|
page read and write
|
||
|
CAA6000
|
trusted library allocation
|
page read and write
|
||
|
5201000
|
heap
|
page read and write
|
||
|
B89A000
|
trusted library allocation
|
page read and write
|
||
|
BCB3000
|
trusted library allocation
|
page read and write
|
||
|
54D6000
|
trusted library allocation
|
page read and write
|
||
|
9802000
|
trusted library allocation
|
page read and write
|
||
|
849F000
|
trusted library allocation
|
page read and write
|
||
|
5201000
|
heap
|
page read and write
|
||
|
B8AF000
|
trusted library allocation
|
page read and write
|
||
|
B9EB000
|
trusted library allocation
|
page read and write
|
||
|
CBB7000
|
trusted library allocation
|
page read and write
|
||
|
39F4000
|
heap
|
page read and write
|
||
|
BCB1000
|
trusted library allocation
|
page read and write
|
||
|
5201000
|
heap
|
page read and write
|
||
|
C4D0000
|
trusted library allocation
|
page read and write
|
||
|
CB0D000
|
trusted library allocation
|
page read and write
|
||
|
82B0000
|
trusted library allocation
|
page read and write
|
||
|
BC34000
|
trusted library allocation
|
page read and write
|
||
|
CAE4000
|
trusted library allocation
|
page read and write
|
||
|
D4A3000
|
trusted library allocation
|
page read and write
|
||
|
C396000
|
trusted library allocation
|
page read and write
|
||
|
BAB5000
|
trusted library allocation
|
page read and write
|
||
|
BFB9000
|
trusted library allocation
|
page read and write
|
||
|
C456000
|
trusted library allocation
|
page read and write
|
||
|
B982000
|
trusted library allocation
|
page read and write
|
||
|
71CCC7C000
|
stack
|
page read and write
|