Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1AE14350000
|
heap
|
page read and write
|
||
|
1AE14350000
|
heap
|
page read and write
|
||
|
1AE141C8000
|
heap
|
page read and write
|
||
|
1AE14333000
|
heap
|
page read and write
|
||
|
8A2C0FB000
|
stack
|
page read and write
|
||
|
1AE14365000
|
heap
|
page read and write
|
||
|
1AE121D7000
|
heap
|
page read and write
|
||
|
1AE12130000
|
heap
|
page read and write
|
||
|
8A2C37B000
|
stack
|
page read and write
|
||
|
1AE141BA000
|
heap
|
page read and write
|
||
|
1AE1428D000
|
heap
|
page read and write
|
||
|
1AE141B6000
|
heap
|
page read and write
|
||
|
1AE142F7000
|
heap
|
page read and write
|
||
|
1AE1418B000
|
heap
|
page read and write
|
||
|
1AE142B3000
|
heap
|
page read and write
|
||
|
1AE14365000
|
heap
|
page read and write
|
||
|
1AE141A0000
|
heap
|
page read and write
|
||
|
1AE14333000
|
heap
|
page read and write
|
||
|
1AE141BA000
|
heap
|
page read and write
|
||
|
1AE12170000
|
heap
|
page read and write
|
||
|
1AE169C9000
|
heap
|
page read and write
|
||
|
1AE13D70000
|
heap
|
page read and write
|
||
|
1AE1429E000
|
heap
|
page read and write
|
||
|
1AE14300000
|
heap
|
page read and write
|
||
|
1AE141BE000
|
heap
|
page read and write
|
||
|
1AE141C2000
|
heap
|
page read and write
|
||
|
1AE169F4000
|
heap
|
page read and write
|
||
|
1AE141AD000
|
heap
|
page read and write
|
||
|
1AE14347000
|
heap
|
page read and write
|
||
|
1AE1427C000
|
heap
|
page read and write
|
||
|
1AE169F1000
|
heap
|
page read and write
|
||
|
1AE13C45000
|
heap
|
page read and write
|
||
|
1AE141AD000
|
heap
|
page read and write
|
||
|
1AE12261000
|
heap
|
page read and write
|
||
|
1AE14355000
|
heap
|
page read and write
|
||
|
1AE12249000
|
heap
|
page read and write
|
||
|
1AE141B2000
|
heap
|
page read and write
|
||
|
1AE14293000
|
heap
|
page read and write
|
||
|
1AE1418B000
|
heap
|
page read and write
|
||
|
1AE141AA000
|
heap
|
page read and write
|
||
|
1AE14355000
|
heap
|
page read and write
|
||
|
1AE14197000
|
heap
|
page read and write
|
||
|
1AE141A8000
|
heap
|
page read and write
|
||
|
1AE14355000
|
heap
|
page read and write
|
||
|
1AE14193000
|
heap
|
page read and write
|
||
|
1AE14291000
|
heap
|
page read and write
|
||
|
1AE14323000
|
heap
|
page read and write
|
||
|
7DF4295E1000
|
trusted library allocation
|
page execute read
|
||
|
1AE1431E000
|
heap
|
page read and write
|
||
|
1AE1428B000
|
heap
|
page read and write
|
||
|
1AE12236000
|
heap
|
page read and write
|
||
|
1AE141A3000
|
heap
|
page read and write
|
||
|
1AE142EA000
|
heap
|
page read and write
|
||
|
1AE14280000
|
heap
|
page read and write
|
||
|
1AE1229E000
|
heap
|
page read and write
|
||
|
1AE141B6000
|
heap
|
page read and write
|
||
|
1AE141BE000
|
heap
|
page read and write
|
||
|
8A2BE77000
|
stack
|
page read and write
|
||
|
1AE14350000
|
heap
|
page read and write
|
||
|
8A2C17B000
|
stack
|
page read and write
|
||
|
1AE14355000
|
heap
|
page read and write
|
||
|
1AE14291000
|
heap
|
page read and write
|
||
|
1AE169C9000
|
heap
|
page read and write
|
||
|
1AE141BA000
|
heap
|
page read and write
|
||
|
1AE1428F000
|
heap
|
page read and write
|
||
|
1AE1225D000
|
heap
|
page read and write
|
||
|
1AE12120000
|
heap
|
page read and write
|
||
|
1AE1431E000
|
heap
|
page read and write
|
||
|
1AE142C0000
|
heap
|
page read and write
|
||
|
1AE1224D000
|
heap
|
page read and write
|
||
|
1AE142A6000
|
heap
|
page read and write
|
||
|
1AE142A6000
|
heap
|
page read and write
|
||
|
1AE169B0000
|
heap
|
page read and write
|
||
|
1AE12236000
|
heap
|
page read and write
|
||
|
1AE12231000
|
heap
|
page read and write
|
||
|
1AE14295000
|
heap
|
page read and write
|
||
|
1AE14350000
|
heap
|
page read and write
|
||
|
1AE142B2000
|
heap
|
page read and write
|
||
|
1AE14273000
|
heap
|
page read and write
|
||
|
1AE1419D000
|
heap
|
page read and write
|
||
|
1AE1229E000
|
heap
|
page read and write
|
||
|
1AE14323000
|
heap
|
page read and write
|
||
|
1AE141BE000
|
heap
|
page read and write
|
||
|
1AE169F4000
|
heap
|
page read and write
|
||
|
1AE14170000
|
heap
|
page read and write
|
||
|
1AE141B6000
|
heap
|
page read and write
|
||
|
1AE141B2000
|
heap
|
page read and write
|
||
|
1AE14347000
|
heap
|
page read and write
|
||
|
1AE1418B000
|
heap
|
page read and write
|
||
|
1AE1225D000
|
heap
|
page read and write
|
||
|
1AE14286000
|
heap
|
page read and write
|
||
|
1AE1222D000
|
heap
|
page read and write
|
||
|
1AE12272000
|
heap
|
page read and write
|
||
|
1AE1428B000
|
heap
|
page read and write
|
||
|
1AE163C0000
|
trusted library allocation
|
page read and write
|
||
|
1AE1419A000
|
heap
|
page read and write
|
||
|
1AE142F7000
|
heap
|
page read and write
|
||
|
1AE141B2000
|
heap
|
page read and write
|
||
|
1AE141AD000
|
heap
|
page read and write
|
||
|
1AE12243000
|
heap
|
page read and write
|
||
|
1AE14185000
|
heap
|
page read and write
|
||
|
1AE142F7000
|
heap
|
page read and write
|
||
|
1AE1429E000
|
heap
|
page read and write
|
||
|
1AE12248000
|
heap
|
page read and write
|
||
|
1AE141BE000
|
heap
|
page read and write
|
||
|
1AE14365000
|
heap
|
page read and write
|
||
|
1AE169B6000
|
heap
|
page read and write
|
||
|
1AE14323000
|
heap
|
page read and write
|
||
|
1AE1431E000
|
heap
|
page read and write
|
||
|
1AE12215000
|
heap
|
page read and write
|
||
|
1AE121B1000
|
heap
|
page read and write
|
||
|
1AE12256000
|
heap
|
page read and write
|
||
|
1AE1419D000
|
heap
|
page read and write
|
||
|
8A2BFFF000
|
stack
|
page read and write
|
||
|
1AE142F7000
|
heap
|
page read and write
|
||
|
1AE142B3000
|
heap
|
page read and write
|
||
|
1AE14365000
|
heap
|
page read and write
|
||
|
1AE14300000
|
heap
|
page read and write
|
||
|
1AE141AD000
|
heap
|
page read and write
|
||
|
1AE141B2000
|
heap
|
page read and write
|
||
|
1AE14300000
|
heap
|
page read and write
|
||
|
1AE14293000
|
heap
|
page read and write
|
||
|
1AE18CD0000
|
heap
|
page readonly
|
||
|
1AE141AD000
|
heap
|
page read and write
|
||
|
1AE1229E000
|
heap
|
page read and write
|
||
|
1AE142B3000
|
heap
|
page read and write
|
||
|
1AE14347000
|
heap
|
page read and write
|
||
|
1AE14314000
|
heap
|
page read and write
|
||
|
8A2BEFE000
|
stack
|
page read and write
|
||
|
1AE142AB000
|
heap
|
page read and write
|
||
|
1AE14350000
|
heap
|
page read and write
|
||
|
1AE14365000
|
heap
|
page read and write
|
||
|
1AE12242000
|
heap
|
page read and write
|
||
|
1AE142AB000
|
heap
|
page read and write
|
||
|
1AE141A3000
|
heap
|
page read and write
|
||
|
1AE1418B000
|
heap
|
page read and write
|
||
|
1AE141A3000
|
heap
|
page read and write
|
||
|
1AE13C40000
|
heap
|
page read and write
|
||
|
1AE142AB000
|
heap
|
page read and write
|
||
|
1AE141BA000
|
heap
|
page read and write
|
||
|
1AE141C4000
|
heap
|
page read and write
|
||
|
1AE1419E000
|
heap
|
page read and write
|
||
|
8A2C07E000
|
stack
|
page read and write
|
||
|
1AE12297000
|
heap
|
page read and write
|
||
|
1AE141BE000
|
heap
|
page read and write
|
||
|
1AE141A4000
|
heap
|
page read and write
|
||
|
1AE141C2000
|
heap
|
page read and write
|
||
|
1AE141AD000
|
heap
|
page read and write
|
||
|
1AE142EB000
|
heap
|
page read and write
|
||
|
1AE14323000
|
heap
|
page read and write
|
||
|
1AE14297000
|
heap
|
page read and write
|
||
|
1AE1225F000
|
heap
|
page read and write
|
||
|
1AE169B5000
|
heap
|
page read and write
|
||
|
1AE169DC000
|
heap
|
page read and write
|
||
|
1AE141CD000
|
heap
|
page read and write
|
||
|
1AE12249000
|
heap
|
page read and write
|
||
|
1AE141B6000
|
heap
|
page read and write
|
||
|
1AE12231000
|
heap
|
page read and write
|
||
|
1AE1427E000
|
heap
|
page read and write
|
||
|
1AE141BA000
|
heap
|
page read and write
|
||
|
1AE12242000
|
heap
|
page read and write
|
||
|
1AE14323000
|
heap
|
page read and write
|
||
|
1AE14313000
|
heap
|
page read and write
|
||
|
1AE12236000
|
heap
|
page read and write
|
||
|
1AE14270000
|
heap
|
page read and write
|
||
|
1AE141AD000
|
heap
|
page read and write
|
||
|
1AE142AB000
|
heap
|
page read and write
|
||
|
1AE1419A000
|
heap
|
page read and write
|
||
|
1AE14333000
|
heap
|
page read and write
|
||
|
1AE1228A000
|
heap
|
page read and write
|
||
|
1AE14333000
|
heap
|
page read and write
|
||
|
1AE14355000
|
heap
|
page read and write
|
||
|
1AE1229E000
|
heap
|
page read and write
|
||
|
1AE141B2000
|
heap
|
page read and write
|
||
|
1AE1226B000
|
heap
|
page read and write
|
||
|
1AE1223D000
|
heap
|
page read and write
|
||
|
1AE14323000
|
heap
|
page read and write
|
||
|
1AE141BA000
|
heap
|
page read and write
|
||
|
1AE12257000
|
heap
|
page read and write
|
||
|
1AE121A8000
|
heap
|
page read and write
|
||
|
1AE1225A000
|
heap
|
page read and write
|
||
|
1AE1429E000
|
heap
|
page read and write
|
||
|
1AE141C9000
|
heap
|
page read and write
|
||
|
1AE14198000
|
heap
|
page read and write
|
||
|
1AE141B6000
|
heap
|
page read and write
|
||
|
1AE12236000
|
heap
|
page read and write
|
||
|
1AE14283000
|
heap
|
page read and write
|
||
|
1AE141BA000
|
heap
|
page read and write
|
||
|
1AE14297000
|
heap
|
page read and write
|
||
|
1AE169D1000
|
heap
|
page read and write
|
||
|
1AE1419D000
|
heap
|
page read and write
|
||
|
1AE1431E000
|
heap
|
page read and write
|
||
|
1AE14333000
|
heap
|
page read and write
|
||
|
1AE141A3000
|
heap
|
page read and write
|
||
|
1AE1419D000
|
heap
|
page read and write
|
||
|
1AE16DF0000
|
trusted library allocation
|
page read and write
|
||
|
1AE141A9000
|
heap
|
page read and write
|
||
|
1AE141B6000
|
heap
|
page read and write
|
||
|
1AE12231000
|
heap
|
page read and write
|
||
|
1AE121A0000
|
heap
|
page read and write
|
||
|
1AE14295000
|
heap
|
page read and write
|
||
|
8A2BF7E000
|
stack
|
page read and write
|
||
|
1AE1225F000
|
heap
|
page read and write
|
||
|
1AE14365000
|
heap
|
page read and write
|
||
|
1AE12246000
|
heap
|
page read and write
|
||
|
1AE12239000
|
heap
|
page read and write
|
||
|
1AE169FF000
|
heap
|
page read and write
|
||
|
1AE1428D000
|
heap
|
page read and write
|
||
|
1AE141C2000
|
heap
|
page read and write
|
||
|
1AE1428F000
|
heap
|
page read and write
|
||
|
1AE142A6000
|
heap
|
page read and write
|
||
|
1AE14180000
|
heap
|
page read and write
|
||
|
1AE141BE000
|
heap
|
page read and write
|
||
|
1AE14300000
|
heap
|
page read and write
|
||
|
8A2C47E000
|
stack
|
page read and write
|
||
|
1AE1431E000
|
heap
|
page read and write
|
||
|
1AE12266000
|
heap
|
page read and write
|
||
|
1AE14347000
|
heap
|
page read and write
|
||
|
1AE14333000
|
heap
|
page read and write
|
||
|
1AE141B6000
|
heap
|
page read and write
|
||
|
1AE14355000
|
heap
|
page read and write
|
||
|
1AE1429E000
|
heap
|
page read and write
|
||
|
1AE1224B000
|
heap
|
page read and write
|
||
|
1AE141B2000
|
heap
|
page read and write
|
||
|
1AE169D1000
|
heap
|
page read and write
|
||
|
1AE12252000
|
heap
|
page read and write
|
||
|
1AE16EA0000
|
heap
|
page read and write
|
||
|
1AE14350000
|
heap
|
page read and write
|
||
|
1AE141C2000
|
heap
|
page read and write
|
||
|
1AE1419D000
|
heap
|
page read and write
|
||
|
1AE1419F000
|
heap
|
page read and write
|
||
|
1AE141A0000
|
heap
|
page read and write
|
||
|
1AE14180000
|
heap
|
page read and write
|
||
|
1AE12239000
|
heap
|
page read and write
|
||
|
1AE14347000
|
heap
|
page read and write
|
||
|
1AE169DC000
|
heap
|
page read and write
|
||
|
1AE14347000
|
heap
|
page read and write
|
||
|
1AE141C2000
|
heap
|
page read and write
|
||
|
1AE142B8000
|
heap
|
page read and write
|
||
|
1AE14192000
|
heap
|
page read and write
|
There are 230 hidden memdumps, click here to show them.