Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
time.windows.com
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
243BB0DB000
|
heap
|
page read and write
|
||
|
243BB266000
|
heap
|
page read and write
|
||
|
243BB215000
|
heap
|
page read and write
|
||
|
243B92C7000
|
heap
|
page read and write
|
||
|
243B925E000
|
heap
|
page read and write
|
||
|
243BB0D2000
|
heap
|
page read and write
|
||
|
243BB1EF000
|
heap
|
page read and write
|
||
|
243BB266000
|
heap
|
page read and write
|
||
|
243B91D0000
|
heap
|
page read and write
|
||
|
243BB258000
|
heap
|
page read and write
|
||
|
243B9291000
|
heap
|
page read and write
|
||
|
EAFDA7B000
|
stack
|
page read and write
|
||
|
243BB250000
|
heap
|
page read and write
|
||
|
243BB0AB000
|
heap
|
page read and write
|
||
|
243BB0CE000
|
heap
|
page read and write
|
||
|
243BB0CA000
|
heap
|
page read and write
|
||
|
243BB0DF000
|
heap
|
page read and write
|
||
|
243BB0BF000
|
heap
|
page read and write
|
||
|
243BB0AB000
|
heap
|
page read and write
|
||
|
243BB0A4000
|
heap
|
page read and write
|
||
|
243B9242000
|
heap
|
page read and write
|
||
|
243BD923000
|
heap
|
page read and write
|
||
|
243BDD50000
|
heap
|
page read and write
|
||
|
243BB237000
|
heap
|
page read and write
|
||
|
243BFBF0000
|
heap
|
page readonly
|
||
|
243B92C7000
|
heap
|
page read and write
|
||
|
243B9272000
|
heap
|
page read and write
|
||
|
243BB0C6000
|
heap
|
page read and write
|
||
|
243BB0DA000
|
heap
|
page read and write
|
||
|
243B9278000
|
heap
|
page read and write
|
||
|
243BB0DE000
|
heap
|
page read and write
|
||
|
243BB0AB000
|
heap
|
page read and write
|
||
|
243BB0E4000
|
heap
|
page read and write
|
||
|
243BB0E4000
|
heap
|
page read and write
|
||
|
243B9265000
|
heap
|
page read and write
|
||
|
243B926C000
|
heap
|
page read and write
|
||
|
243BB0CE000
|
heap
|
page read and write
|
||
|
243BB0B8000
|
heap
|
page read and write
|
||
|
243BB0CE000
|
heap
|
page read and write
|
||
|
243B928F000
|
heap
|
page read and write
|
||
|
243BB230000
|
heap
|
page read and write
|
||
|
EAFD87B000
|
stack
|
page read and write
|
||
|
243BB0E4000
|
heap
|
page read and write
|
||
|
EAFD77E000
|
stack
|
page read and write
|
||
|
243BB0EC000
|
heap
|
page read and write
|
||
|
243BB0A8000
|
heap
|
page read and write
|
||
|
243BDD10000
|
trusted library allocation
|
page read and write
|
||
|
243BB227000
|
heap
|
page read and write
|
||
|
243BB0CA000
|
heap
|
page read and write
|
||
|
243B91B5000
|
heap
|
page read and write
|
||
|
243BB0C3000
|
heap
|
page read and write
|
||
|
243BB0A0000
|
heap
|
page read and write
|
||
|
243B927D000
|
heap
|
page read and write
|
||
|
243B91BC000
|
heap
|
page read and write
|
||
|
243BB0BB000
|
heap
|
page read and write
|
||
|
243BB0E0000
|
heap
|
page read and write
|
||
|
243B9290000
|
heap
|
page read and write
|
||
|
243BB266000
|
heap
|
page read and write
|
||
|
243BB217000
|
heap
|
page read and write
|
||
|
243BB0CE000
|
heap
|
page read and write
|
||
|
243B927D000
|
heap
|
page read and write
|
||
|
243BB215000
|
heap
|
page read and write
|
||
|
243BB227000
|
heap
|
page read and write
|
||
|
243B9299000
|
heap
|
page read and write
|
||
|
243B928F000
|
heap
|
page read and write
|
||
|
243BB0C3000
|
heap
|
page read and write
|
||
|
243B91B0000
|
heap
|
page read and write
|
||
|
243BB0D7000
|
heap
|
page read and write
|
||
|
243BB1B8000
|
heap
|
page read and write
|
||
|
243BB1AB000
|
heap
|
page read and write
|
||
|
243BB0C3000
|
heap
|
page read and write
|
||
|
243BB0A5000
|
heap
|
page read and write
|
||
|
243B92C9000
|
heap
|
page read and write
|
||
|
243BB1AD000
|
heap
|
page read and write
|
||
|
243BB0D3000
|
heap
|
page read and write
|
||
|
243BB0D3000
|
heap
|
page read and write
|
||
|
243BD930000
|
heap
|
page read and write
|
||
|
243BB0BF000
|
heap
|
page read and write
|
||
|
243BB27A000
|
heap
|
page read and write
|
||
|
243B92CE000
|
heap
|
page read and write
|
||
|
EAFD3BE000
|
stack
|
page read and write
|
||
|
243BB26C000
|
heap
|
page read and write
|
||
|
243B925E000
|
heap
|
page read and write
|
||
|
243B9269000
|
heap
|
page read and write
|
||
|
243BB0A0000
|
heap
|
page read and write
|
||
|
243BB0CE000
|
heap
|
page read and write
|
||
|
243BB1D9000
|
heap
|
page read and write
|
||
|
243BD91F000
|
heap
|
page read and write
|
||
|
243B9281000
|
heap
|
page read and write
|
||
|
243BB1EC000
|
heap
|
page read and write
|
||
|
243BB0DA000
|
heap
|
page read and write
|
||
|
243BB0CA000
|
heap
|
page read and write
|
||
|
243B9160000
|
heap
|
page read and write
|
||
|
243BB1C6000
|
heap
|
page read and write
|
||
|
243BB0E4000
|
heap
|
page read and write
|
||
|
243BB21F000
|
heap
|
page read and write
|
||
|
243BB0DA000
|
heap
|
page read and write
|
||
|
243BD926000
|
heap
|
page read and write
|
||
|
243BB250000
|
heap
|
page read and write
|
||
|
243B9275000
|
heap
|
page read and write
|
||
|
243BB1CF000
|
heap
|
page read and write
|
||
|
243BB217000
|
heap
|
page read and write
|
||
|
243BB0DE000
|
heap
|
page read and write
|
||
|
243B9295000
|
heap
|
page read and write
|
||
|
243BD923000
|
heap
|
page read and write
|
||
|
243B92CE000
|
heap
|
page read and write
|
||
|
243BB0B5000
|
heap
|
page read and write
|
||
|
243BB0D8000
|
heap
|
page read and write
|
||
|
243BB0BF000
|
heap
|
page read and write
|
||
|
243BB0E4000
|
heap
|
page read and write
|
||
|
243B9269000
|
heap
|
page read and write
|
||
|
243BB0E4000
|
heap
|
page read and write
|
||
|
243BD8F0000
|
heap
|
page read and write
|
||
|
243BB0D2000
|
heap
|
page read and write
|
||
|
243BB0C3000
|
heap
|
page read and write
|
||
|
243BB0BF000
|
heap
|
page read and write
|
||
|
243BB0B5000
|
heap
|
page read and write
|
||
|
243B9265000
|
heap
|
page read and write
|
||
|
243BB0C3000
|
heap
|
page read and write
|
||
|
243B9265000
|
heap
|
page read and write
|
||
|
243BD923000
|
heap
|
page read and write
|
||
|
243B92AD000
|
heap
|
page read and write
|
||
|
243BB23D000
|
heap
|
page read and write
|
||
|
243BB0D2000
|
heap
|
page read and write
|
||
|
243B92A1000
|
heap
|
page read and write
|
||
|
243BB0B2000
|
heap
|
page read and write
|
||
|
243BB21F000
|
heap
|
page read and write
|
||
|
243B92C9000
|
heap
|
page read and write
|
||
|
243BB0DA000
|
heap
|
page read and write
|
||
|
243B929E000
|
heap
|
page read and write
|
||
|
243BD91C000
|
heap
|
page read and write
|
||
|
243BB1CF000
|
heap
|
page read and write
|
||
|
243BB0E7000
|
heap
|
page read and write
|
||
|
243B9265000
|
heap
|
page read and write
|
||
|
243BB217000
|
heap
|
page read and write
|
||
|
243BB0BB000
|
heap
|
page read and write
|
||
|
243BD920000
|
heap
|
page read and write
|
||
|
243BB0D6000
|
heap
|
page read and write
|
||
|
243B928E000
|
heap
|
page read and write
|
||
|
243B926E000
|
heap
|
page read and write
|
||
|
243BB227000
|
heap
|
page read and write
|
||
|
243BB0CE000
|
heap
|
page read and write
|
||
|
243BB0CB000
|
heap
|
page read and write
|
||
|
243BB252000
|
heap
|
page read and write
|
||
|
243BB1BC000
|
heap
|
page read and write
|
||
|
243BD2E0000
|
trusted library allocation
|
page read and write
|
||
|
243BB1C6000
|
heap
|
page read and write
|
||
|
243BB1E1000
|
heap
|
page read and write
|
||
|
243BB0D3000
|
heap
|
page read and write
|
||
|
243BB0D7000
|
heap
|
page read and write
|
||
|
243BB0CF000
|
heap
|
page read and write
|
||
|
243BB1A3000
|
heap
|
page read and write
|
||
|
243BB0C3000
|
heap
|
page read and write
|
||
|
243BB258000
|
heap
|
page read and write
|
||
|
243B92BD000
|
heap
|
page read and write
|
||
|
243B92BD000
|
heap
|
page read and write
|
||
|
243BB1C6000
|
heap
|
page read and write
|
||
|
243BB0BA000
|
heap
|
page read and write
|
||
|
243B9288000
|
heap
|
page read and write
|
||
|
243BB0CA000
|
heap
|
page read and write
|
||
|
243BB0AB000
|
heap
|
page read and write
|
||
|
243B925B000
|
heap
|
page read and write
|
||
|
243BB1D9000
|
heap
|
page read and write
|
||
|
243BB1D9000
|
heap
|
page read and write
|
||
|
243BB1B5000
|
heap
|
page read and write
|
||
|
243BB27A000
|
heap
|
page read and write
|
||
|
7DF49F081000
|
trusted library allocation
|
page execute read
|
||
|
243BB0BF000
|
heap
|
page read and write
|
||
|
243BB090000
|
heap
|
page read and write
|
||
|
243B92CE000
|
heap
|
page read and write
|
||
|
243BB0B4000
|
heap
|
page read and write
|
||
|
243BB1BA000
|
heap
|
page read and write
|
||
|
243BB0E4000
|
heap
|
page read and write
|
||
|
EAFD6FE000
|
stack
|
page read and write
|
||
|
243BB258000
|
heap
|
page read and write
|
||
|
243B927B000
|
heap
|
page read and write
|
||
|
243BB237000
|
heap
|
page read and write
|
||
|
EAFD33E000
|
stack
|
page read and write
|
||
|
243BB190000
|
heap
|
page read and write
|
||
|
243BD912000
|
heap
|
page read and write
|
||
|
EAFD67E000
|
stack
|
page read and write
|
||
|
243B926D000
|
heap
|
page read and write
|
||
|
243BB0C0000
|
heap
|
page read and write
|
||
|
243BB0DE000
|
heap
|
page read and write
|
||
|
243BB0DE000
|
heap
|
page read and write
|
||
|
243BB0BF000
|
heap
|
page read and write
|
||
|
243BB250000
|
heap
|
page read and write
|
||
|
243BB1BE000
|
heap
|
page read and write
|
||
|
243BB0D7000
|
heap
|
page read and write
|
||
|
243BB1E2000
|
heap
|
page read and write
|
||
|
243B92C7000
|
heap
|
page read and write
|
||
|
243BD909000
|
heap
|
page read and write
|
||
|
243BB0C3000
|
heap
|
page read and write
|
||
|
243B927C000
|
heap
|
page read and write
|
||
|
243BB237000
|
heap
|
page read and write
|
||
|
243BB0A0000
|
heap
|
page read and write
|
||
|
243B91BA000
|
heap
|
page read and write
|
||
|
243BB0D2000
|
heap
|
page read and write
|
||
|
243BB215000
|
heap
|
page read and write
|
||
|
243B91BD000
|
heap
|
page read and write
|
||
|
243B92C7000
|
heap
|
page read and write
|
||
|
243BB27A000
|
heap
|
page read and write
|
||
|
243B9040000
|
heap
|
page read and write
|
||
|
243BD929000
|
heap
|
page read and write
|
||
|
243BB269000
|
heap
|
page read and write
|
||
|
243BB23D000
|
heap
|
page read and write
|
||
|
243BB0D7000
|
heap
|
page read and write
|
||
|
243B92C8000
|
heap
|
page read and write
|
||
|
243B929D000
|
heap
|
page read and write
|
||
|
243BB0DF000
|
heap
|
page read and write
|
||
|
243B92CD000
|
heap
|
page read and write
|
||
|
243BB230000
|
heap
|
page read and write
|
||
|
243BB255000
|
heap
|
page read and write
|
||
|
243BB0B9000
|
heap
|
page read and write
|
||
|
243B927C000
|
heap
|
page read and write
|
||
|
243BB0C0000
|
heap
|
page read and write
|
||
|
243B92CB000
|
heap
|
page read and write
|
||
|
243BB230000
|
heap
|
page read and write
|
||
|
243BAC30000
|
heap
|
page read and write
|
||
|
EAFD2B7000
|
stack
|
page read and write
|
||
|
243B9120000
|
heap
|
page read and write
|
||
|
243BB21F000
|
heap
|
page read and write
|
||
|
243B91BB000
|
heap
|
page read and write
|
||
|
243BB0E4000
|
heap
|
page read and write
|
||
|
EAFD7FB000
|
stack
|
page read and write
|
||
|
243B925E000
|
heap
|
page read and write
|
||
|
243BB23D000
|
heap
|
page read and write
|
||
|
243B927D000
|
heap
|
page read and write
|
||
|
243BB199000
|
heap
|
page read and write
|
||
|
243BB0D3000
|
heap
|
page read and write
|
||
|
243BB0D3000
|
heap
|
page read and write
|
There are 221 hidden memdumps, click here to show them.