Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
291894A5000
|
heap
|
page read and write
|
||
|
2918765C000
|
heap
|
page read and write
|
||
|
29189600000
|
heap
|
page read and write
|
||
|
2918BDB8000
|
heap
|
page read and write
|
||
|
29189470000
|
heap
|
page read and write
|
||
|
291895F7000
|
heap
|
page read and write
|
||
|
29189470000
|
heap
|
page read and write
|
||
|
291895ED000
|
heap
|
page read and write
|
||
|
2918960A000
|
heap
|
page read and write
|
||
|
291894BA000
|
heap
|
page read and write
|
||
|
2918BDC6000
|
heap
|
page read and write
|
||
|
29189600000
|
heap
|
page read and write
|
||
|
291895ED000
|
heap
|
page read and write
|
||
|
2918948F000
|
heap
|
page read and write
|
||
|
2918BDCA000
|
heap
|
page read and write
|
||
|
29187410000
|
heap
|
page read and write
|
||
|
291895F7000
|
heap
|
page read and write
|
||
|
29189613000
|
heap
|
page read and write
|
||
|
2918947C000
|
heap
|
page read and write
|
||
|
2918962A000
|
heap
|
page read and write
|
||
|
291894AE000
|
heap
|
page read and write
|
||
|
291895A4000
|
heap
|
page read and write
|
||
|
29188F2E000
|
heap
|
page read and write
|
||
|
291894BA000
|
heap
|
page read and write
|
||
|
2918765A000
|
heap
|
page read and write
|
||
|
291895D3000
|
heap
|
page read and write
|
||
|
2918949F000
|
heap
|
page read and write
|
||
|
2918769C000
|
heap
|
page read and write
|
||
|
2918BDE2000
|
heap
|
page read and write
|
||
|
29187635000
|
heap
|
page read and write
|
||
|
DA1E8FE000
|
stack
|
page read and write
|
||
|
DA1EAFB000
|
stack
|
page read and write
|
||
|
2918BDBA000
|
heap
|
page read and write
|
||
|
29187644000
|
heap
|
page read and write
|
||
|
291895F9000
|
heap
|
page read and write
|
||
|
291894BA000
|
heap
|
page read and write
|
||
|
29189573000
|
heap
|
page read and write
|
||
|
2918762D000
|
heap
|
page read and write
|
||
|
2918BDDB000
|
heap
|
page read and write
|
||
|
291895F7000
|
heap
|
page read and write
|
||
|
2918965D000
|
heap
|
page read and write
|
||
|
29189600000
|
heap
|
page read and write
|
||
|
291895E7000
|
heap
|
page read and write
|
||
|
291895D3000
|
heap
|
page read and write
|
||
|
2918766A000
|
heap
|
page read and write
|
||
|
2918BDE1000
|
heap
|
page read and write
|
||
|
29189489000
|
heap
|
page read and write
|
||
|
29189479000
|
heap
|
page read and write
|
||
|
2918BDC2000
|
heap
|
page read and write
|
||
|
291895D3000
|
heap
|
page read and write
|
||
|
2918947C000
|
heap
|
page read and write
|
||
|
2918949F000
|
heap
|
page read and write
|
||
|
291894A5000
|
heap
|
page read and write
|
||
|
291895A4000
|
heap
|
page read and write
|
||
|
2918BDC5000
|
heap
|
page read and write
|
||
|
291894A5000
|
heap
|
page read and write
|
||
|
291895A4000
|
heap
|
page read and write
|
||
|
2918763B000
|
heap
|
page read and write
|
||
|
29189613000
|
heap
|
page read and write
|
||
|
291894AA000
|
heap
|
page read and write
|
||
|
291894AA000
|
heap
|
page read and write
|
||
|
29189654000
|
heap
|
page read and write
|
||
|
291894AE000
|
heap
|
page read and write
|
||
|
291875A0000
|
heap
|
page read and write
|
||
|
DA1E5CE000
|
stack
|
page read and write
|
||
|
291894AF000
|
heap
|
page read and write
|
||
|
29189495000
|
heap
|
page read and write
|
||
|
DA1E87E000
|
stack
|
page read and write
|
||
|
291894A5000
|
heap
|
page read and write
|
||
|
29188F25000
|
heap
|
page read and write
|
||
|
291895D3000
|
heap
|
page read and write
|
||
|
29189597000
|
heap
|
page read and write
|
||
|
2918962A000
|
heap
|
page read and write
|
||
|
291895E2000
|
heap
|
page read and write
|
||
|
2918949F000
|
heap
|
page read and write
|
||
|
29187636000
|
heap
|
page read and write
|
||
|
29187635000
|
heap
|
page read and write
|
||
|
2918957B000
|
heap
|
page read and write
|
||
|
2918760D000
|
heap
|
page read and write
|
||
|
2918948F000
|
heap
|
page read and write
|
||
|
29187664000
|
heap
|
page read and write
|
||
|
29189597000
|
heap
|
page read and write
|
||
|
2918948F000
|
heap
|
page read and write
|
||
|
291894BC000
|
heap
|
page read and write
|
||
|
DA1E97F000
|
stack
|
page read and write
|
||
|
2918947C000
|
heap
|
page read and write
|
||
|
2918960A000
|
heap
|
page read and write
|
||
|
2918949F000
|
heap
|
page read and write
|
||
|
291895A0000
|
heap
|
page read and write
|
||
|
291895A4000
|
heap
|
page read and write
|
||
|
29189495000
|
heap
|
page read and write
|
||
|
29187675000
|
heap
|
page read and write
|
||
|
29189495000
|
heap
|
page read and write
|
||
|
2918764B000
|
heap
|
page read and write
|
||
|
2918962A000
|
heap
|
page read and write
|
||
|
29189654000
|
heap
|
page read and write
|
||
|
291895ED000
|
heap
|
page read and write
|
||
|
2918BDDB000
|
heap
|
page read and write
|
||
|
29187668000
|
heap
|
page read and write
|
||
|
29187655000
|
heap
|
page read and write
|
||
|
291894A6000
|
heap
|
page read and write
|
||
|
29189560000
|
heap
|
page read and write
|
||
|
291894A5000
|
heap
|
page read and write
|
||
|
29189497000
|
heap
|
page read and write
|
||
|
291895ED000
|
heap
|
page read and write
|
||
|
2918949F000
|
heap
|
page read and write
|
||
|
DA1E9FC000
|
stack
|
page read and write
|
||
|
29187530000
|
heap
|
page read and write
|
||
|
291894AE000
|
heap
|
page read and write
|
||
|
2918949F000
|
heap
|
page read and write
|
||
|
29187645000
|
heap
|
page read and write
|
||
|
291895D3000
|
heap
|
page read and write
|
||
|
291894A5000
|
heap
|
page read and write
|
||
|
29187629000
|
heap
|
page read and write
|
||
|
29189491000
|
heap
|
page read and write
|
||
|
29187635000
|
heap
|
page read and write
|
||
|
29189488000
|
heap
|
page read and write
|
||
|
291895F7000
|
heap
|
page read and write
|
||
|
291894B3000
|
heap
|
page read and write
|
||
|
291895A4000
|
heap
|
page read and write
|
||
|
29189588000
|
heap
|
page read and write
|
||
|
2918948F000
|
heap
|
page read and write
|
||
|
2918949A000
|
heap
|
page read and write
|
||
|
2918764B000
|
heap
|
page read and write
|
||
|
2918958E000
|
heap
|
page read and write
|
||
|
2918765F000
|
heap
|
page read and write
|
||
|
29189613000
|
heap
|
page read and write
|
||
|
29187670000
|
heap
|
page read and write
|
||
|
291895F7000
|
heap
|
page read and write
|
||
|
2918948F000
|
heap
|
page read and write
|
||
|
291894AB000
|
heap
|
page read and write
|
||
|
2918769E000
|
heap
|
page read and write
|
||
|
29189490000
|
heap
|
page read and write
|
||
|
291895F7000
|
heap
|
page read and write
|
||
|
2918762E000
|
heap
|
page read and write
|
||
|
29189569000
|
heap
|
page read and write
|
||
|
2918948A000
|
heap
|
page read and write
|
||
|
29189476000
|
heap
|
page read and write
|
||
|
29189573000
|
heap
|
page read and write
|
||
|
2918948F000
|
heap
|
page read and write
|
||
|
2918957D000
|
heap
|
page read and write
|
||
|
2918765F000
|
heap
|
page read and write
|
||
|
2918765F000
|
heap
|
page read and write
|
||
|
29189492000
|
heap
|
page read and write
|
||
|
29187679000
|
heap
|
page read and write
|
||
|
291895FA000
|
heap
|
page read and write
|
||
|
291894AE000
|
heap
|
page read and write
|
||
|
2918764A000
|
heap
|
page read and write
|
||
|
291895E6000
|
heap
|
page read and write
|
||
|
2918949F000
|
heap
|
page read and write
|
||
|
291894A5000
|
heap
|
page read and write
|
||
|
291894AE000
|
heap
|
page read and write
|
||
|
2918948B000
|
heap
|
page read and write
|
||
|
29188F20000
|
heap
|
page read and write
|
||
|
29189010000
|
heap
|
page read and write
|
||
|
291875A8000
|
heap
|
page read and write
|
||
|
2918765B000
|
heap
|
page read and write
|
||
|
291894AA000
|
heap
|
page read and write
|
||
|
2918C280000
|
heap
|
page read and write
|
||
|
29189488000
|
heap
|
page read and write
|
||
|
291894AE000
|
heap
|
page read and write
|
||
|
29187673000
|
heap
|
page read and write
|
||
|
29187652000
|
heap
|
page read and write
|
||
|
29189495000
|
heap
|
page read and write
|
||
|
2918949A000
|
heap
|
page read and write
|
||
|
291895A4000
|
heap
|
page read and write
|
||
|
29189643000
|
heap
|
page read and write
|
||
|
291894AA000
|
heap
|
page read and write
|
||
|
29189597000
|
heap
|
page read and write
|
||
|
291894BA000
|
heap
|
page read and write
|
||
|
2918960A000
|
heap
|
page read and write
|
||
|
29187645000
|
heap
|
page read and write
|
||
|
291895ED000
|
heap
|
page read and write
|
||
|
29189654000
|
heap
|
page read and write
|
||
|
2918BDD6000
|
heap
|
page read and write
|
||
|
291895A0000
|
heap
|
page read and write
|
||
|
291895A0000
|
heap
|
page read and write
|
||
|
29189643000
|
heap
|
page read and write
|
||
|
2918764B000
|
heap
|
page read and write
|
||
|
291894AA000
|
heap
|
page read and write
|
||
|
291895ED000
|
heap
|
page read and write
|
||
|
29189478000
|
heap
|
page read and write
|
||
|
29189643000
|
heap
|
page read and write
|
||
|
2918947C000
|
heap
|
page read and write
|
||
|
29187675000
|
heap
|
page read and write
|
||
|
29189460000
|
heap
|
page read and write
|
||
|
291895ED000
|
heap
|
page read and write
|
||
|
29187675000
|
heap
|
page read and write
|
||
|
29189613000
|
heap
|
page read and write
|
||
|
291894AA000
|
heap
|
page read and write
|
||
|
2918762D000
|
heap
|
page read and write
|
||
|
29188F2D000
|
heap
|
page read and write
|
||
|
291894AE000
|
heap
|
page read and write
|
||
|
2918948F000
|
heap
|
page read and write
|
||
|
2918949A000
|
heap
|
page read and write
|
||
|
29187649000
|
heap
|
page read and write
|
||
|
29187662000
|
heap
|
page read and write
|
||
|
2918965C000
|
heap
|
page read and write
|
||
|
2918949A000
|
heap
|
page read and write
|
||
|
2918BDB0000
|
heap
|
page read and write
|
||
|
29189487000
|
heap
|
page read and write
|
||
|
2918962A000
|
heap
|
page read and write
|
||
|
2918948B000
|
heap
|
page read and write
|
||
|
DA1EA7D000
|
stack
|
page read and write
|
||
|
29189495000
|
heap
|
page read and write
|
||
|
2918BDD8000
|
heap
|
page read and write
|
||
|
291895DF000
|
heap
|
page read and write
|
||
|
29187649000
|
heap
|
page read and write
|
||
|
291895A0000
|
heap
|
page read and write
|
||
|
291895A4000
|
heap
|
page read and write
|
||
|
291894AA000
|
heap
|
page read and write
|
||
|
2918960A000
|
heap
|
page read and write
|
||
|
2918949A000
|
heap
|
page read and write
|
||
|
29187673000
|
heap
|
page read and write
|
||
|
29189654000
|
heap
|
page read and write
|
||
|
DA1E547000
|
stack
|
page read and write
|
||
|
2918BDE8000
|
heap
|
page read and write
|
||
|
29189590000
|
heap
|
page read and write
|
||
|
2918765E000
|
heap
|
page read and write
|
||
|
2918BDE4000
|
heap
|
page read and write
|
||
|
291895D2000
|
heap
|
page read and write
|
||
|
291894B3000
|
heap
|
page read and write
|
||
|
29189585000
|
heap
|
page read and write
|
||
|
291894AA000
|
heap
|
page read and write
|
||
|
291894B3000
|
heap
|
page read and write
|
||
|
2918948F000
|
heap
|
page read and write
|
||
|
291895F7000
|
heap
|
page read and write
|
||
|
291895ED000
|
heap
|
page read and write
|
||
|
291895A0000
|
heap
|
page read and write
|
||
|
291894B3000
|
heap
|
page read and write
|
||
|
29188F2E000
|
heap
|
page read and write
|
||
|
291894A5000
|
heap
|
page read and write
|
||
|
2918B6B0000
|
trusted library allocation
|
page read and write
|
||
|
DA1ECFB000
|
stack
|
page read and write
|
||
|
2918769E000
|
heap
|
page read and write
|
||
|
29189643000
|
heap
|
page read and write
|
||
|
291895F7000
|
heap
|
page read and write
|
||
|
2918949F000
|
heap
|
page read and write
|
||
|
2918768C000
|
heap
|
page read and write
|
||
|
29189495000
|
heap
|
page read and write
|
||
|
DA1EDFE000
|
stack
|
page read and write
|
||
|
2918958A000
|
heap
|
page read and write
|
||
|
2918763F000
|
heap
|
page read and write
|
||
|
29187647000
|
heap
|
page read and write
|
||
|
291895A0000
|
heap
|
page read and write
|
||
|
29187643000
|
heap
|
page read and write
|
||
|
29189600000
|
heap
|
page read and write
|
||
|
2918958C000
|
heap
|
page read and write
|
||
|
291874F0000
|
heap
|
page read and write
|
There are 239 hidden memdumps, click here to show them.