Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1F8445E9000
|
heap
|
page read and write
|
||
|
1F844645000
|
heap
|
page read and write
|
||
|
1F84447F000
|
heap
|
page read and write
|
||
|
1F844465000
|
heap
|
page read and write
|
||
|
1F844478000
|
heap
|
page read and write
|
||
|
1F844484000
|
heap
|
page read and write
|
||
|
1F84448E000
|
heap
|
page read and write
|
||
|
1F844499000
|
heap
|
page read and write
|
||
|
1F8445FD000
|
heap
|
page read and write
|
||
|
1F844612000
|
heap
|
page read and write
|
||
|
1F8444A9000
|
heap
|
page read and write
|
||
|
1F8445B5000
|
heap
|
page read and write
|
||
|
1F8444A2000
|
heap
|
page read and write
|
||
|
1F842593000
|
heap
|
page read and write
|
||
|
1F84447B000
|
heap
|
page read and write
|
||
|
1F844499000
|
heap
|
page read and write
|
||
|
1F844484000
|
heap
|
page read and write
|
||
|
1F84446B000
|
heap
|
page read and write
|
||
|
1F84464C000
|
heap
|
page read and write
|
||
|
1F844495000
|
heap
|
page read and write
|
||
|
1F844612000
|
heap
|
page read and write
|
||
|
1F8425C9000
|
heap
|
page read and write
|
||
|
1F84447F000
|
heap
|
page read and write
|
||
|
1F84448E000
|
heap
|
page read and write
|
||
|
7DF425D21000
|
trusted library allocation
|
page execute read
|
||
|
1F8444A2000
|
heap
|
page read and write
|
||
|
1F84255F000
|
heap
|
page read and write
|
||
|
1F8425B9000
|
heap
|
page read and write
|
||
|
1F844495000
|
heap
|
page read and write
|
||
|
1F84446B000
|
heap
|
page read and write
|
||
|
1F84447A000
|
heap
|
page read and write
|
||
|
1F84447F000
|
heap
|
page read and write
|
||
|
1F8445AC000
|
heap
|
page read and write
|
||
|
1F843EC0000
|
heap
|
page read and write
|
||
|
1F844645000
|
heap
|
page read and write
|
||
|
1F846CD1000
|
heap
|
page read and write
|
||
|
1F84447B000
|
heap
|
page read and write
|
||
|
1F844598000
|
heap
|
page read and write
|
||
|
1F844630000
|
heap
|
page read and write
|
||
|
1F846CDC000
|
heap
|
page read and write
|
||
|
1F844499000
|
heap
|
page read and write
|
||
|
D793AFB000
|
stack
|
page read and write
|
||
|
1F84448E000
|
heap
|
page read and write
|
||
|
1F846CC4000
|
heap
|
page read and write
|
||
|
1F84464C000
|
heap
|
page read and write
|
||
|
1F8425C5000
|
heap
|
page read and write
|
||
|
1F8444AE000
|
heap
|
page read and write
|
||
|
1F844494000
|
heap
|
page read and write
|
||
|
D793A7E000
|
stack
|
page read and write
|
||
|
1F84448E000
|
heap
|
page read and write
|
||
|
1F8424D8000
|
heap
|
page read and write
|
||
|
1F846CF3000
|
heap
|
page read and write
|
||
|
1F846CCA000
|
heap
|
page read and write
|
||
|
1F8445EA000
|
heap
|
page read and write
|
||
|
1F844612000
|
heap
|
page read and write
|
||
|
1F844620000
|
heap
|
page read and write
|
||
|
1F844499000
|
heap
|
page read and write
|
||
|
1F844484000
|
heap
|
page read and write
|
||
|
1F844620000
|
heap
|
page read and write
|
||
|
1F844479000
|
heap
|
page read and write
|
||
|
1F84446B000
|
heap
|
page read and write
|
||
|
1F842566000
|
heap
|
page read and write
|
||
|
1F8444AE000
|
heap
|
page read and write
|
||
|
1F84448E000
|
heap
|
page read and write
|
||
|
1F84449E000
|
heap
|
page read and write
|
||
|
1F846CB6000
|
heap
|
page read and write
|
||
|
1F842410000
|
heap
|
page read and write
|
||
|
1F842574000
|
heap
|
page read and write
|
||
|
1F844484000
|
heap
|
page read and write
|
||
|
1F84456B000
|
heap
|
page read and write
|
||
|
1F844491000
|
heap
|
page read and write
|
||
|
1F842568000
|
heap
|
page read and write
|
||
|
1F84449D000
|
heap
|
page read and write
|
||
|
1F84448A000
|
heap
|
page read and write
|
||
|
1F844495000
|
heap
|
page read and write
|
||
|
1F844494000
|
heap
|
page read and write
|
||
|
1F844499000
|
heap
|
page read and write
|
||
|
1F842597000
|
heap
|
page read and write
|
||
|
1F84449D000
|
heap
|
page read and write
|
||
|
1F8445BD000
|
heap
|
page read and write
|
||
|
D79379E000
|
stack
|
page read and write
|
||
|
1F84449D000
|
heap
|
page read and write
|
||
|
1F8425CB000
|
heap
|
page read and write
|
||
|
D793E7E000
|
stack
|
page read and write
|
||
|
1F842400000
|
heap
|
page read and write
|
||
|
1F84447F000
|
heap
|
page read and write
|
||
|
1F844620000
|
heap
|
page read and write
|
||
|
1F844551000
|
heap
|
page read and write
|
||
|
1F844499000
|
heap
|
page read and write
|
||
|
1F8444A5000
|
heap
|
page read and write
|
||
|
1F844494000
|
heap
|
page read and write
|
||
|
1F844485000
|
heap
|
page read and write
|
||
|
1F8425CD000
|
heap
|
page read and write
|
||
|
D793BFD000
|
stack
|
page read and write
|
||
|
1F844494000
|
heap
|
page read and write
|
||
|
1F84449D000
|
heap
|
page read and write
|
||
|
1F84449E000
|
heap
|
page read and write
|
||
|
D793FFF000
|
stack
|
page read and write
|
||
|
1F844580000
|
heap
|
page read and write
|
||
|
1F8445B3000
|
heap
|
page read and write
|
||
|
1F844559000
|
heap
|
page read and write
|
||
|
1F84255A000
|
heap
|
page read and write
|
||
|
1F8444A2000
|
heap
|
page read and write
|
||
|
1F842485000
|
heap
|
page read and write
|
||
|
1F846CC5000
|
heap
|
page read and write
|
||
|
1F844499000
|
heap
|
page read and write
|
||
|
1F8425CD000
|
heap
|
page read and write
|
||
|
1F8445FD000
|
heap
|
page read and write
|
||
|
1F8445A0000
|
heap
|
page read and write
|
||
|
1F842598000
|
heap
|
page read and write
|
||
|
1F844495000
|
heap
|
page read and write
|
||
|
1F846CF1000
|
heap
|
page read and write
|
||
|
1F844562000
|
heap
|
page read and write
|
||
|
1F84448A000
|
heap
|
page read and write
|
||
|
1F844630000
|
heap
|
page read and write
|
||
|
1F84448A000
|
heap
|
page read and write
|
||
|
1F84446B000
|
heap
|
page read and write
|
||
|
1F84448E000
|
heap
|
page read and write
|
||
|
D793697000
|
stack
|
page read and write
|
||
|
1F8445FD000
|
heap
|
page read and write
|
||
|
1F8445B6000
|
heap
|
page read and write
|
||
|
1F84448A000
|
heap
|
page read and write
|
||
|
1F844496000
|
heap
|
page read and write
|
||
|
1F84448B000
|
heap
|
page read and write
|
||
|
1F844635000
|
heap
|
page read and write
|
||
|
1F84255F000
|
heap
|
page read and write
|
||
|
1F848FB0000
|
heap
|
page readonly
|
||
|
1F844630000
|
heap
|
page read and write
|
||
|
1F846CC0000
|
heap
|
page read and write
|
||
|
1F84448A000
|
heap
|
page read and write
|
||
|
1F844649000
|
heap
|
page read and write
|
||
|
D793B7E000
|
stack
|
page read and write
|
||
|
1F8470D0000
|
trusted library allocation
|
page read and write
|
||
|
1F844484000
|
heap
|
page read and write
|
||
|
1F84447F000
|
heap
|
page read and write
|
||
|
1F844481000
|
heap
|
page read and write
|
||
|
1F847170000
|
heap
|
page read and write
|
||
|
1F84253F000
|
heap
|
page read and write
|
||
|
1F84259E000
|
heap
|
page read and write
|
||
|
1F844464000
|
heap
|
page read and write
|
||
|
1F8444AE000
|
heap
|
page read and write
|
||
|
1F8445AC000
|
heap
|
page read and write
|
||
|
1F844550000
|
heap
|
page read and write
|
||
|
1F846CB0000
|
heap
|
page read and write
|
||
|
1F8466A0000
|
trusted library allocation
|
page read and write
|
||
|
1F844495000
|
heap
|
page read and write
|
||
|
1F846CB3000
|
heap
|
page read and write
|
||
|
1F84449A000
|
heap
|
page read and write
|
||
|
1F8445A0000
|
heap
|
page read and write
|
||
|
1F846CE1000
|
heap
|
page read and write
|
||
|
1F842576000
|
heap
|
page read and write
|
||
|
1F844582000
|
heap
|
page read and write
|
||
|
1F84464C000
|
heap
|
page read and write
|
||
|
1F8445A0000
|
heap
|
page read and write
|
||
|
1F844494000
|
heap
|
page read and write
|
||
|
1F8444A2000
|
heap
|
page read and write
|
||
|
1F844484000
|
heap
|
page read and write
|
||
|
1F842573000
|
heap
|
page read and write
|
||
|
1F84449D000
|
heap
|
page read and write
|
||
|
1F844558000
|
heap
|
page read and write
|
||
|
1F842575000
|
heap
|
page read and write
|
||
|
1F844647000
|
heap
|
page read and write
|
||
|
1F844484000
|
heap
|
page read and write
|
||
|
1F844637000
|
heap
|
page read and write
|
||
|
1F846CC9000
|
heap
|
page read and write
|
||
|
1F84448E000
|
heap
|
page read and write
|
||
|
1F844460000
|
heap
|
page read and write
|
||
|
1F84448A000
|
heap
|
page read and write
|
||
|
1F844620000
|
heap
|
page read and write
|
||
|
1F8444A2000
|
heap
|
page read and write
|
||
|
D793C7B000
|
stack
|
page read and write
|
||
|
1F844499000
|
heap
|
page read and write
|
||
|
1F842598000
|
heap
|
page read and write
|
||
|
1F844494000
|
heap
|
page read and write
|
||
|
1F8445BC000
|
heap
|
page read and write
|
||
|
1F84449A000
|
heap
|
page read and write
|
||
|
1F844468000
|
heap
|
page read and write
|
||
|
1F84449D000
|
heap
|
page read and write
|
||
|
1F844487000
|
heap
|
page read and write
|
||
|
1F84448E000
|
heap
|
page read and write
|
||
|
1F84449E000
|
heap
|
page read and write
|
||
|
1F84449F000
|
heap
|
page read and write
|
||
|
1F84447F000
|
heap
|
page read and write
|
||
|
1F8444A2000
|
heap
|
page read and write
|
||
|
1F84448E000
|
heap
|
page read and write
|
||
|
1F84464C000
|
heap
|
page read and write
|
||
|
1F842450000
|
heap
|
page read and write
|
||
|
1F8445FD000
|
heap
|
page read and write
|
||
|
1F84456D000
|
heap
|
page read and write
|
||
|
1F844598000
|
heap
|
page read and write
|
||
|
1F844630000
|
heap
|
page read and write
|
||
|
1F8445B4000
|
heap
|
page read and write
|
||
|
1F844582000
|
heap
|
page read and write
|
||
|
1F8425C3000
|
heap
|
page read and write
|
||
|
1F84258B000
|
heap
|
page read and write
|
||
|
1F844499000
|
heap
|
page read and write
|
||
|
1F842566000
|
heap
|
page read and write
|
||
|
1F844499000
|
heap
|
page read and write
|
||
|
1F8425A0000
|
heap
|
page read and write
|
||
|
1F84447F000
|
heap
|
page read and write
|
||
|
1F844645000
|
heap
|
page read and write
|
||
|
D793EFB000
|
stack
|
page read and write
|
||
|
1F84448E000
|
heap
|
page read and write
|
||
|
1F844580000
|
heap
|
page read and write
|
||
|
1F8425CD000
|
heap
|
page read and write
|
||
|
1F844484000
|
heap
|
page read and write
|
||
|
1F84448A000
|
heap
|
page read and write
|
||
|
D79371E000
|
stack
|
page read and write
|
||
|
1F8424E2000
|
heap
|
page read and write
|
||
|
1F8444A2000
|
heap
|
page read and write
|
||
|
1F844575000
|
heap
|
page read and write
|
||
|
1F842480000
|
heap
|
page read and write
|
||
|
1F842569000
|
heap
|
page read and write
|
||
|
1F8444A2000
|
heap
|
page read and write
|
||
|
1F844612000
|
heap
|
page read and write
|
||
|
1F844620000
|
heap
|
page read and write
|
||
|
1F8424D0000
|
heap
|
page read and write
|
||
|
1F844612000
|
heap
|
page read and write
|
||
|
1F844460000
|
heap
|
page read and write
|
||
|
1F8445AC000
|
heap
|
page read and write
|
||
|
1F844450000
|
heap
|
page read and write
|
||
|
1F844630000
|
heap
|
page read and write
|
||
|
1F846CCA000
|
heap
|
page read and write
|
||
|
1F8445FD000
|
heap
|
page read and write
|
||
|
1F84258C000
|
heap
|
page read and write
|
||
|
1F842566000
|
heap
|
page read and write
|
||
|
1F846CF2000
|
heap
|
page read and write
|
There are 217 hidden memdumps, click here to show them.