Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.passport.com
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1614C67D000
|
heap
|
page read and write
|
||
|
1614C687000
|
heap
|
page read and write
|
||
|
1614E641000
|
heap
|
page read and write
|
||
|
1614E642000
|
heap
|
page read and write
|
||
|
1614C65F000
|
heap
|
page read and write
|
||
|
1614E6F6000
|
heap
|
page read and write
|
||
|
1614E697000
|
heap
|
page read and write
|
||
|
1614DF30000
|
heap
|
page read and write
|
||
|
1614E6FA000
|
heap
|
page read and write
|
||
|
1614E639000
|
heap
|
page read and write
|
||
|
1614E679000
|
heap
|
page read and write
|
||
|
1614E706000
|
heap
|
page read and write
|
||
|
1614E60B000
|
heap
|
page read and write
|
||
|
16150D39000
|
heap
|
page read and write
|
||
|
1614E66F000
|
heap
|
page read and write
|
||
|
1614C5C0000
|
heap
|
page read and write
|
||
|
1614E706000
|
heap
|
page read and write
|
||
|
1614C66D000
|
heap
|
page read and write
|
||
|
1614E709000
|
heap
|
page read and write
|
||
|
1614C5D2000
|
heap
|
page read and write
|
||
|
1614E6F6000
|
heap
|
page read and write
|
||
|
4C0D17E000
|
stack
|
page read and write
|
||
|
1614E642000
|
heap
|
page read and write
|
||
|
1614C67C000
|
heap
|
page read and write
|
||
|
1614E6C0000
|
heap
|
page read and write
|
||
|
1614E697000
|
heap
|
page read and write
|
||
|
1614E60F000
|
heap
|
page read and write
|
||
|
1614E697000
|
heap
|
page read and write
|
||
|
1614C694000
|
heap
|
page read and write
|
||
|
1614E679000
|
heap
|
page read and write
|
||
|
1614C666000
|
heap
|
page read and write
|
||
|
1614C645000
|
heap
|
page read and write
|
||
|
1614E679000
|
heap
|
page read and write
|
||
|
1614E679000
|
heap
|
page read and write
|
||
|
1614E6ED000
|
heap
|
page read and write
|
||
|
1614C691000
|
heap
|
page read and write
|
||
|
1614E638000
|
heap
|
page read and write
|
||
|
1614C689000
|
heap
|
page read and write
|
||
|
1614E686000
|
heap
|
page read and write
|
||
|
1614E6DF000
|
heap
|
page read and write
|
||
|
1614E6F6000
|
heap
|
page read and write
|
||
|
1614E6A7000
|
heap
|
page read and write
|
||
|
1614DFC0000
|
heap
|
page read and write
|
||
|
1614E6D5000
|
heap
|
page read and write
|
||
|
1614E679000
|
heap
|
page read and write
|
||
|
1614E709000
|
heap
|
page read and write
|
||
|
1614E6DA000
|
heap
|
page read and write
|
||
|
16151230000
|
trusted library allocation
|
page read and write
|
||
|
1614E6ED000
|
heap
|
page read and write
|
||
|
4C0D57B000
|
stack
|
page read and write
|
||
|
1614E702000
|
heap
|
page read and write
|
||
|
1614E6E3000
|
heap
|
page read and write
|
||
|
1614C66F000
|
heap
|
page read and write
|
||
|
1614C64D000
|
heap
|
page read and write
|
||
|
1614E020000
|
heap
|
page read and write
|
||
|
1614E6A7000
|
heap
|
page read and write
|
||
|
1614E703000
|
heap
|
page read and write
|
||
|
1614C67D000
|
heap
|
page read and write
|
||
|
1614C66A000
|
heap
|
page read and write
|
||
|
1614E6FE000
|
heap
|
page read and write
|
||
|
1614E639000
|
heap
|
page read and write
|
||
|
1614E6A4000
|
heap
|
page read and write
|
||
|
1614E6C0000
|
heap
|
page read and write
|
||
|
1614E62A000
|
heap
|
page read and write
|
||
|
4C0D07E000
|
stack
|
page read and write
|
||
|
1614E025000
|
heap
|
page read and write
|
||
|
1614C681000
|
heap
|
page read and write
|
||
|
1614C652000
|
heap
|
page read and write
|
||
|
1614E60C000
|
heap
|
page read and write
|
||
|
1614E6C0000
|
heap
|
page read and write
|
||
|
1614C669000
|
heap
|
page read and write
|
||
|
1614E6F2000
|
heap
|
page read and write
|
||
|
1614C690000
|
heap
|
page read and write
|
||
|
1614E6FA000
|
heap
|
page read and write
|
||
|
1614E702000
|
heap
|
page read and write
|
||
|
1614E6ED000
|
heap
|
page read and write
|
||
|
1614E6C8000
|
heap
|
page read and write
|
||
|
1614E6FA000
|
heap
|
page read and write
|
||
|
1614C65C000
|
heap
|
page read and write
|
||
|
16150D8A000
|
heap
|
page read and write
|
||
|
1614E702000
|
heap
|
page read and write
|
||
|
1614C69B000
|
heap
|
page read and write
|
||
|
1614E702000
|
heap
|
page read and write
|
||
|
1614E6A4000
|
heap
|
page read and write
|
||
|
1614E6D8000
|
heap
|
page read and write
|
||
|
1614E709000
|
heap
|
page read and write
|
||
|
1614E6E3000
|
heap
|
page read and write
|
||
|
16150DC0000
|
heap
|
page read and write
|
||
|
1614C671000
|
heap
|
page read and write
|
||
|
1614E6ED000
|
heap
|
page read and write
|
||
|
1614E6A7000
|
heap
|
page read and write
|
||
|
1614E633000
|
heap
|
page read and write
|
||
|
1614E6A7000
|
heap
|
page read and write
|
||
|
1614E697000
|
heap
|
page read and write
|
||
|
1614C65C000
|
heap
|
page read and write
|
||
|
1614C670000
|
heap
|
page read and write
|
||
|
1614E617000
|
heap
|
page read and write
|
||
|
1614E637000
|
heap
|
page read and write
|
||
|
1614C668000
|
heap
|
page read and write
|
||
|
1614E6FA000
|
heap
|
page read and write
|
||
|
1614E6FE000
|
heap
|
page read and write
|
||
|
1614E6A4000
|
heap
|
page read and write
|
||
|
1614E62A000
|
heap
|
page read and write
|
||
|
1614E6F2000
|
heap
|
page read and write
|
||
|
1614E6A4000
|
heap
|
page read and write
|
||
|
1614E697000
|
heap
|
page read and write
|
||
|
1614E6DE000
|
heap
|
page read and write
|
||
|
16150D50000
|
heap
|
page read and write
|
||
|
1614E6DF000
|
heap
|
page read and write
|
||
|
1614E6FA000
|
heap
|
page read and write
|
||
|
16150D97000
|
heap
|
page read and write
|
||
|
1614E6EA000
|
heap
|
page read and write
|
||
|
1614E6FA000
|
heap
|
page read and write
|
||
|
1614E6A4000
|
heap
|
page read and write
|
||
|
1614E69F000
|
heap
|
page read and write
|
||
|
1614E6ED000
|
heap
|
page read and write
|
||
|
1614E6DD000
|
heap
|
page read and write
|
||
|
1614C671000
|
heap
|
page read and write
|
||
|
1614E6D3000
|
heap
|
page read and write
|
||
|
16150DB3000
|
heap
|
page read and write
|
||
|
4C0D67F000
|
stack
|
page read and write
|
||
|
1614C691000
|
heap
|
page read and write
|
||
|
1614E6F6000
|
heap
|
page read and write
|
||
|
1614E709000
|
heap
|
page read and write
|
||
|
1614C671000
|
heap
|
page read and write
|
||
|
1614E637000
|
heap
|
page read and write
|
||
|
1614E6FE000
|
heap
|
page read and write
|
||
|
16150DAF000
|
heap
|
page read and write
|
||
|
1614C629000
|
heap
|
page read and write
|
||
|
1614C65C000
|
heap
|
page read and write
|
||
|
1614E679000
|
heap
|
page read and write
|
||
|
1614C651000
|
heap
|
page read and write
|
||
|
1614C671000
|
heap
|
page read and write
|
||
|
1614E6FE000
|
heap
|
page read and write
|
||
|
1614C682000
|
heap
|
page read and write
|
||
|
1614C67D000
|
heap
|
page read and write
|
||
|
1614C68F000
|
heap
|
page read and write
|
||
|
1614E6E3000
|
heap
|
page read and write
|
||
|
1614E6ED000
|
heap
|
page read and write
|
||
|
1614E633000
|
heap
|
page read and write
|
||
|
1614E5F2000
|
heap
|
page read and write
|
||
|
1614E6FE000
|
heap
|
page read and write
|
||
|
1614C66B000
|
heap
|
page read and write
|
||
|
1614E603000
|
heap
|
page read and write
|
||
|
1614E6EA000
|
heap
|
page read and write
|
||
|
1614E5B0000
|
heap
|
page read and write
|
||
|
1614E5F5000
|
heap
|
page read and write
|
||
|
1614C66D000
|
heap
|
page read and write
|
||
|
16150D84000
|
heap
|
page read and write
|
||
|
1614E702000
|
heap
|
page read and write
|
||
|
1614E6FA000
|
heap
|
page read and write
|
||
|
1614E706000
|
heap
|
page read and write
|
||
|
1614E6ED000
|
heap
|
page read and write
|
||
|
1614E6F2000
|
heap
|
page read and write
|
||
|
1614E697000
|
heap
|
page read and write
|
||
|
1614C66A000
|
heap
|
page read and write
|
||
|
1614E66C000
|
heap
|
page read and write
|
||
|
1614C66A000
|
heap
|
page read and write
|
||
|
1614E6F2000
|
heap
|
page read and write
|
||
|
1614E62A000
|
heap
|
page read and write
|
||
|
1614C66A000
|
heap
|
page read and write
|
||
|
1614E6ED000
|
heap
|
page read and write
|
||
|
4C0D1FE000
|
stack
|
page read and write
|
||
|
1614E686000
|
heap
|
page read and write
|
||
|
1614E686000
|
heap
|
page read and write
|
||
|
1614C66D000
|
heap
|
page read and write
|
||
|
1614E699000
|
heap
|
page read and write
|
||
|
1614E686000
|
heap
|
page read and write
|
||
|
1614E60C000
|
heap
|
page read and write
|
||
|
1614E6F2000
|
heap
|
page read and write
|
||
|
1614E6F6000
|
heap
|
page read and write
|
||
|
16150DA1000
|
heap
|
page read and write
|
||
|
1614C66A000
|
heap
|
page read and write
|
||
|
16150D9D000
|
heap
|
page read and write
|
||
|
1614E6E8000
|
heap
|
page read and write
|
||
|
16153110000
|
heap
|
page readonly
|
||
|
1614C570000
|
heap
|
page read and write
|
||
|
1614E6D2000
|
heap
|
page read and write
|
||
|
16150DB8000
|
heap
|
page read and write
|
||
|
1614E6F2000
|
heap
|
page read and write
|
||
|
1614C65C000
|
heap
|
page read and write
|
||
|
4C0CD87000
|
stack
|
page read and write
|
||
|
1614E702000
|
heap
|
page read and write
|
||
|
1614E6D4000
|
heap
|
page read and write
|
||
|
16150800000
|
trusted library allocation
|
page read and write
|
||
|
1614E6FE000
|
heap
|
page read and write
|
||
|
1614E69A000
|
heap
|
page read and write
|
||
|
7DF461C71000
|
trusted library allocation
|
page execute read
|
||
|
1614E6ED000
|
heap
|
page read and write
|
||
|
4C0D27B000
|
stack
|
page read and write
|
||
|
1614E624000
|
heap
|
page read and write
|
||
|
1614E686000
|
heap
|
page read and write
|
||
|
1614E5F8000
|
heap
|
page read and write
|
||
|
1614E686000
|
heap
|
page read and write
|
||
|
1614E6DD000
|
heap
|
page read and write
|
||
|
1614E637000
|
heap
|
page read and write
|
||
|
1614E6F6000
|
heap
|
page read and write
|
||
|
1614E6FA000
|
heap
|
page read and write
|
||
|
1614E6E9000
|
heap
|
page read and write
|
||
|
1614E6FE000
|
heap
|
page read and write
|
||
|
16150D89000
|
heap
|
page read and write
|
||
|
16150D9C000
|
heap
|
page read and write
|
||
|
1614E6ED000
|
heap
|
page read and write
|
||
|
1614C6B3000
|
heap
|
page read and write
|
||
|
1614E697000
|
heap
|
page read and write
|
||
|
1614E6CB000
|
heap
|
page read and write
|
||
|
1614E6E3000
|
heap
|
page read and write
|
||
|
1614E706000
|
heap
|
page read and write
|
||
|
4C0D4FC000
|
stack
|
page read and write
|
||
|
1614E706000
|
heap
|
page read and write
|
||
|
16150D7B000
|
heap
|
page read and write
|
||
|
1614C67F000
|
heap
|
page read and write
|
||
|
16150D56000
|
heap
|
page read and write
|
||
|
1614E6E0000
|
heap
|
page read and write
|
||
|
1614E679000
|
heap
|
page read and write
|
||
|
1614E706000
|
heap
|
page read and write
|
||
|
1614C652000
|
heap
|
page read and write
|
||
|
1614E6FE000
|
heap
|
page read and write
|
||
|
1614C698000
|
heap
|
page read and write
|
||
|
4C0D0FE000
|
stack
|
page read and write
|
||
|
1614E706000
|
heap
|
page read and write
|
||
|
16151250000
|
heap
|
page read and write
|
||
|
1614E642000
|
heap
|
page read and write
|
||
|
16150D30000
|
heap
|
page read and write
|
||
|
1614E706000
|
heap
|
page read and write
|
||
|
1614C65C000
|
heap
|
page read and write
|
||
|
1614E702000
|
heap
|
page read and write
|
||
|
1614E6DD000
|
heap
|
page read and write
|
||
|
1614E6B0000
|
heap
|
page read and write
|
||
|
1614E6FE000
|
heap
|
page read and write
|
||
|
1614E702000
|
heap
|
page read and write
|
||
|
1614C66C000
|
heap
|
page read and write
|
||
|
1614C5C9000
|
heap
|
page read and write
|
||
|
1614E6A0000
|
heap
|
page read and write
|
||
|
1614E706000
|
heap
|
page read and write
|
||
|
1614E706000
|
heap
|
page read and write
|
||
|
1614E6C9000
|
heap
|
page read and write
|
||
|
1614E6EA000
|
heap
|
page read and write
|
||
|
1614E5F3000
|
heap
|
page read and write
|
||
|
1614E6F2000
|
heap
|
page read and write
|
||
|
1614C650000
|
heap
|
page read and write
|
||
|
1614E6DD000
|
heap
|
page read and write
|
||
|
1614E6F6000
|
heap
|
page read and write
|
||
|
1614E6C5000
|
heap
|
page read and write
|
||
|
1614C66D000
|
heap
|
page read and write
|
||
|
1614C654000
|
heap
|
page read and write
|
||
|
1614E6E3000
|
heap
|
page read and write
|
||
|
1614E686000
|
heap
|
page read and write
|
||
|
1614E6E3000
|
heap
|
page read and write
|
||
|
1614C681000
|
heap
|
page read and write
|
||
|
1614E6E3000
|
heap
|
page read and write
|
||
|
4C0D2FB000
|
stack
|
page read and write
|
||
|
1614E702000
|
heap
|
page read and write
|
||
|
1614E6ED000
|
heap
|
page read and write
|
||
|
1614E6E4000
|
heap
|
page read and write
|
||
|
1614C65E000
|
heap
|
page read and write
|
||
|
1614E6F6000
|
heap
|
page read and write
|
||
|
16150D97000
|
heap
|
page read and write
|
||
|
1614E6D5000
|
heap
|
page read and write
|
||
|
1614C652000
|
heap
|
page read and write
|
||
|
1614E6FE000
|
heap
|
page read and write
|
||
|
1614C560000
|
heap
|
page read and write
|
||
|
1614C66D000
|
heap
|
page read and write
|
||
|
1614C671000
|
heap
|
page read and write
|
||
|
1614E6DA000
|
heap
|
page read and write
|
||
|
1614E6D7000
|
heap
|
page read and write
|
||
|
1614C681000
|
heap
|
page read and write
|
||
|
1614E6A7000
|
heap
|
page read and write
|
||
|
1614E6DD000
|
heap
|
page read and write
|
There are 259 hidden memdumps, click here to show them.