Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
26.165.165.52.in-addr.arpa
|
unknown
|
||
|
198.187.3.20.in-addr.arpa
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1FBDD9ED000
|
heap
|
page read and write
|
||
|
1FBDF7CD000
|
heap
|
page read and write
|
||
|
1FBDF8BB000
|
heap
|
page read and write
|
||
|
1FBDF7AB000
|
heap
|
page read and write
|
||
|
1FBDF954000
|
heap
|
page read and write
|
||
|
1FBDF7E5000
|
heap
|
page read and write
|
||
|
1FBDD850000
|
heap
|
page read and write
|
||
|
1FBDF7DF000
|
heap
|
page read and write
|
||
|
1FBDF7DF000
|
heap
|
page read and write
|
||
|
1FBDF7B5000
|
heap
|
page read and write
|
||
|
1FBDF8CD000
|
heap
|
page read and write
|
||
|
1FBDD9C7000
|
heap
|
page read and write
|
||
|
1FBDF932000
|
heap
|
page read and write
|
||
|
1FBDF7DF000
|
heap
|
page read and write
|
||
|
1FBDF7C5000
|
heap
|
page read and write
|
||
|
1FBDF942000
|
heap
|
page read and write
|
||
|
1FBDF7DA000
|
heap
|
page read and write
|
||
|
1FBDF7EE000
|
heap
|
page read and write
|
||
|
1FBDF7BA000
|
heap
|
page read and write
|
||
|
1FBDF7BE000
|
heap
|
page read and write
|
||
|
1FBE2111000
|
heap
|
page read and write
|
||
|
1FBE20F1000
|
heap
|
page read and write
|
||
|
1FBDF8D8000
|
heap
|
page read and write
|
||
|
1FBDF7BE000
|
heap
|
page read and write
|
||
|
1FBDF7E5000
|
heap
|
page read and write
|
||
|
20A13FD000
|
stack
|
page read and write
|
||
|
1FBDD9ED000
|
heap
|
page read and write
|
||
|
1FBDD9AE000
|
heap
|
page read and write
|
||
|
1FBDD8CB000
|
heap
|
page read and write
|
||
|
1FBDF7BA000
|
heap
|
page read and write
|
||
|
1FBDF7C1000
|
heap
|
page read and write
|
||
|
1FBDD985000
|
heap
|
page read and write
|
||
|
1FBDF7D5000
|
heap
|
page read and write
|
||
|
20A0FFB000
|
stack
|
page read and write
|
||
|
1FBDF8A4000
|
heap
|
page read and write
|
||
|
1FBDF7AF000
|
heap
|
page read and write
|
||
|
1FBDD9ED000
|
heap
|
page read and write
|
||
|
1FBDF7B3000
|
heap
|
page read and write
|
||
|
1FBDF7A2000
|
heap
|
page read and write
|
||
|
1FBDF7C9000
|
heap
|
page read and write
|
||
|
1FBDF7CD000
|
heap
|
page read and write
|
||
|
20A107D000
|
stack
|
page read and write
|
||
|
1FBDF7C4000
|
heap
|
page read and write
|
||
|
1FBDF797000
|
heap
|
page read and write
|
||
|
1FBDF7E5000
|
heap
|
page read and write
|
||
|
1FBDF792000
|
heap
|
page read and write
|
||
|
1FBDD98F000
|
heap
|
page read and write
|
||
|
1FBDD9C1000
|
heap
|
page read and write
|
||
|
1FBDD960000
|
heap
|
page read and write
|
||
|
1FBDF893000
|
heap
|
page read and write
|
||
|
1FBDF7C9000
|
heap
|
page read and write
|
||
|
1FBDD9D7000
|
heap
|
page read and write
|
||
|
1FBDD9C1000
|
heap
|
page read and write
|
||
|
1FBDF7B4000
|
heap
|
page read and write
|
||
|
1FBDD9C0000
|
heap
|
page read and write
|
||
|
1FBDF795000
|
heap
|
page read and write
|
||
|
1FBDF963000
|
heap
|
page read and write
|
||
|
1FBDF8F7000
|
heap
|
page read and write
|
||
|
1FBDF7B3000
|
heap
|
page read and write
|
||
|
1FBE2102000
|
heap
|
page read and write
|
||
|
1FBDD8C5000
|
heap
|
page read and write
|
||
|
1FBE20EC000
|
heap
|
page read and write
|
||
|
1FBDD8F9000
|
heap
|
page read and write
|
||
|
1FBDF7BB000
|
heap
|
page read and write
|
||
|
1FBDF7D4000
|
heap
|
page read and write
|
||
|
1FBDF921000
|
heap
|
page read and write
|
||
|
1FBE2560000
|
heap
|
page read and write
|
||
|
1FBDF880000
|
heap
|
page read and write
|
||
|
1FBDF932000
|
heap
|
page read and write
|
||
|
1FBDF7CD000
|
heap
|
page read and write
|
||
|
1FBDF7BE000
|
heap
|
page read and write
|
||
|
1FBDF7BE000
|
heap
|
page read and write
|
||
|
1FBDF7D4000
|
heap
|
page read and write
|
||
|
1FBDF7A9000
|
heap
|
page read and write
|
||
|
1FBDF8B2000
|
heap
|
page read and write
|
||
|
1FBDF7D5000
|
heap
|
page read and write
|
||
|
1FBDF7DA000
|
heap
|
page read and write
|
||
|
1FBDF7C9000
|
heap
|
page read and write
|
||
|
1FBDF956000
|
heap
|
page read and write
|
||
|
1FBE2110000
|
heap
|
page read and write
|
||
|
1FBE20E0000
|
heap
|
page read and write
|
||
|
1FBDF7DA000
|
heap
|
page read and write
|
||
|
1FBDF7A8000
|
heap
|
page read and write
|
||
|
1FBDF961000
|
heap
|
page read and write
|
||
|
1FBDF89F000
|
heap
|
page read and write
|
||
|
1FBDF7B6000
|
heap
|
page read and write
|
||
|
1FBDD984000
|
heap
|
page read and write
|
||
|
1FBDF7BE000
|
heap
|
page read and write
|
||
|
1FBDF7C9000
|
heap
|
page read and write
|
||
|
20A0E7E000
|
stack
|
page read and write
|
||
|
1FBDF7C9000
|
heap
|
page read and write
|
||
|
1FBDF926000
|
heap
|
page read and write
|
||
|
1FBDF7EE000
|
heap
|
page read and write
|
||
|
1FBDF79B000
|
heap
|
page read and write
|
||
|
1FBDF7E5000
|
heap
|
page read and write
|
||
|
1FBDF954000
|
heap
|
page read and write
|
||
|
1FBDF8C2000
|
heap
|
page read and write
|
||
|
1FBDF961000
|
heap
|
page read and write
|
||
|
1FBDF7EE000
|
heap
|
page read and write
|
||
|
1FBE20F7000
|
heap
|
page read and write
|
||
|
1FBDF7C5000
|
heap
|
page read and write
|
||
|
20A117E000
|
stack
|
page read and write
|
||
|
1FBDF7E5000
|
heap
|
page read and write
|
||
|
1FBDF8DC000
|
heap
|
page read and write
|
||
|
1FBDF7C4000
|
heap
|
page read and write
|
||
|
1FBDF7CD000
|
heap
|
page read and write
|
||
|
1FBDD9A8000
|
heap
|
page read and write
|
||
|
1FBDD730000
|
heap
|
page read and write
|
||
|
20A0EFD000
|
stack
|
page read and write
|
||
|
1FBDF8AA000
|
heap
|
page read and write
|
||
|
1FBDF7DA000
|
heap
|
page read and write
|
||
|
1FBDF7F4000
|
heap
|
page read and write
|
||
|
1FBDF7B0000
|
heap
|
page read and write
|
||
|
1FBDF7DA000
|
heap
|
page read and write
|
||
|
1FBDF926000
|
heap
|
page read and write
|
||
|
1FBDF7BE000
|
heap
|
page read and write
|
||
|
1FBDF7C4000
|
heap
|
page read and write
|
||
|
1FBDF7EA000
|
heap
|
page read and write
|
||
|
1FBE20EC000
|
heap
|
page read and write
|
||
|
1FBDF929000
|
heap
|
page read and write
|
||
|
1FBDD984000
|
heap
|
page read and write
|
||
|
20A0BA7000
|
stack
|
page read and write
|
||
|
1FBDF7D4000
|
heap
|
page read and write
|
||
|
1FBDF7C9000
|
heap
|
page read and write
|
||
|
1FBDF921000
|
heap
|
page read and write
|
||
|
1FBDF8A6000
|
heap
|
page read and write
|
||
|
1FBDF7AF000
|
heap
|
page read and write
|
||
|
1FBDF8A2000
|
heap
|
page read and write
|
||
|
1FBDF7CD000
|
heap
|
page read and write
|
||
|
1FBDF7E5000
|
heap
|
page read and write
|
||
|
1FBDF929000
|
heap
|
page read and write
|
||
|
1FBDF7EA000
|
heap
|
page read and write
|
||
|
20A10FE000
|
stack
|
page read and write
|
||
|
1FBDF95E000
|
heap
|
page read and write
|
||
|
1FBDF934000
|
heap
|
page read and write
|
||
|
1FBDF791000
|
heap
|
page read and write
|
||
|
1FBE20F1000
|
heap
|
page read and write
|
||
|
1FBDF934000
|
heap
|
page read and write
|
||
|
1FBDD810000
|
heap
|
page read and write
|
||
|
1FBDF8C2000
|
heap
|
page read and write
|
||
|
1FBDF79E000
|
heap
|
page read and write
|
||
|
1FBDD9BC000
|
heap
|
page read and write
|
||
|
1FBDF954000
|
heap
|
page read and write
|
||
|
1FBDF7CD000
|
heap
|
page read and write
|
||
|
1FBDF7B3000
|
heap
|
page read and write
|
||
|
1FBDF7BA000
|
heap
|
page read and write
|
||
|
20A11FB000
|
stack
|
page read and write
|
||
|
1FBDF790000
|
heap
|
page read and write
|
||
|
1FBDF7B7000
|
heap
|
page read and write
|
||
|
1FBDF7D1000
|
heap
|
page read and write
|
||
|
1FBDF7E5000
|
heap
|
page read and write
|
||
|
1FBE210D000
|
heap
|
page read and write
|
||
|
1FBDF929000
|
heap
|
page read and write
|
||
|
1FBDF7A5000
|
heap
|
page read and write
|
||
|
1FBDD9A9000
|
heap
|
page read and write
|
||
|
1FBDF7B0000
|
heap
|
page read and write
|
||
|
1FBDF7AF000
|
heap
|
page read and write
|
||
|
1FBDF7E5000
|
heap
|
page read and write
|
||
|
1FBDF7DA000
|
heap
|
page read and write
|
||
|
1FBDD99F000
|
heap
|
page read and write
|
||
|
1FBE2110000
|
heap
|
page read and write
|
||
|
1FBDF95C000
|
heap
|
page read and write
|
||
|
1FBDD9A0000
|
heap
|
page read and write
|
||
|
1FBDF7DA000
|
heap
|
page read and write
|
||
|
1FBDF934000
|
heap
|
page read and write
|
||
|
1FBE20FF000
|
heap
|
page read and write
|
||
|
1FBE20E8000
|
heap
|
page read and write
|
||
|
1FBDF7E5000
|
heap
|
page read and write
|
||
|
1FBDD97A000
|
heap
|
page read and write
|
||
|
1FBDF7C9000
|
heap
|
page read and write
|
||
|
1FBDF7C5000
|
heap
|
page read and write
|
||
|
1FBDF7DF000
|
heap
|
page read and write
|
||
|
1FBDF7DF000
|
heap
|
page read and write
|
||
|
1FBDF7AF000
|
heap
|
page read and write
|
||
|
1FBDD9C4000
|
heap
|
page read and write
|
||
|
1FBDF7DF000
|
heap
|
page read and write
|
||
|
1FBDF8B2000
|
heap
|
page read and write
|
||
|
1FBDF7DA000
|
heap
|
page read and write
|
||
|
1FBDF7DF000
|
heap
|
page read and write
|
||
|
1FBDD9AF000
|
heap
|
page read and write
|
||
|
1FBDF7DA000
|
heap
|
page read and write
|
||
|
1FBDF7AA000
|
heap
|
page read and write
|
||
|
1FBDF7AF000
|
heap
|
page read and write
|
||
|
20A0F7F000
|
stack
|
page read and write
|
||
|
1FBDF79B000
|
heap
|
page read and write
|
||
|
1FBDF7B0000
|
heap
|
page read and write
|
||
|
1FBDF7BE000
|
heap
|
page read and write
|
||
|
1FBDF7E5000
|
heap
|
page read and write
|
||
|
1FBDD97A000
|
heap
|
page read and write
|
||
|
1FBDF7E5000
|
heap
|
page read and write
|
||
|
1FBE19D0000
|
trusted library allocation
|
page read and write
|
||
|
1FBDF95E000
|
heap
|
page read and write
|
||
|
1FBDF8A8000
|
heap
|
page read and write
|
||
|
1FBDF7B5000
|
heap
|
page read and write
|
||
|
1FBDF8BB000
|
heap
|
page read and write
|
||
|
1FBDF881000
|
heap
|
page read and write
|
||
|
1FBE2110000
|
heap
|
page read and write
|
||
|
1FBE20E7000
|
heap
|
page read and write
|
||
|
1FBDF792000
|
heap
|
page read and write
|
||
|
1FBDF958000
|
heap
|
page read and write
|
||
|
1FBDF7BE000
|
heap
|
page read and write
|
||
|
1FBDD9B9000
|
heap
|
page read and write
|
||
|
1FBDF7BE000
|
heap
|
page read and write
|
||
|
1FBDF926000
|
heap
|
page read and write
|
||
|
1FBDF8B2000
|
heap
|
page read and write
|
||
|
1FBDF7CD000
|
heap
|
page read and write
|
||
|
1FBDF780000
|
heap
|
page read and write
|
||
|
1FBDF1D0000
|
heap
|
page read and write
|
||
|
1FBDF790000
|
heap
|
page read and write
|
||
|
1FBE210A000
|
heap
|
page read and write
|
||
|
1FBDD98F000
|
heap
|
page read and write
|
||
|
1FBDF7C4000
|
heap
|
page read and write
|
||
|
1FBDF95E000
|
heap
|
page read and write
|
||
|
1FBDF7CD000
|
heap
|
page read and write
|
||
|
1FBDF942000
|
heap
|
page read and write
|
||
|
1FBDD98E000
|
heap
|
page read and write
|
||
|
1FBDF7EE000
|
heap
|
page read and write
|
||
|
1FBDF932000
|
heap
|
page read and write
|
||
|
1FBDD9DB000
|
heap
|
page read and write
|
||
|
1FBDF8C2000
|
heap
|
page read and write
|
||
|
1FBDF7DF000
|
heap
|
page read and write
|
||
|
1FBDD901000
|
heap
|
page read and write
|
||
|
1FBDD990000
|
heap
|
page read and write
|
||
|
1FBDF7E5000
|
heap
|
page read and write
|
||
|
1FBDF7B5000
|
heap
|
page read and write
|
||
|
1FBDF7B3000
|
heap
|
page read and write
|
||
|
1FBDF7D5000
|
heap
|
page read and write
|
||
|
1FBDF7CD000
|
heap
|
page read and write
|
||
|
1FBDF8CF000
|
heap
|
page read and write
|
||
|
1FBDF7C9000
|
heap
|
page read and write
|
||
|
1FBDF7BA000
|
heap
|
page read and write
|
||
|
1FBDF961000
|
heap
|
page read and write
|
||
|
1FBDF7BA000
|
heap
|
page read and write
|
||
|
1FBDF7F3000
|
heap
|
page read and write
|
||
|
1FBDF7E1000
|
heap
|
page read and write
|
||
|
1FBDD8CA000
|
heap
|
page read and write
|
||
|
1FBDF7DF000
|
heap
|
page read and write
|
||
|
1FBDF7DA000
|
heap
|
page read and write
|
||
|
1FBDD8C0000
|
heap
|
page read and write
|
||
|
1FBDF7EA000
|
heap
|
page read and write
|
||
|
1FBDD97C000
|
heap
|
page read and write
|
||
|
1FBDF7E5000
|
heap
|
page read and write
|
||
|
1FBDF7DA000
|
heap
|
page read and write
|
||
|
1FBDF799000
|
heap
|
page read and write
|
||
|
1FBDF921000
|
heap
|
page read and write
|
||
|
1FBDF961000
|
heap
|
page read and write
|
||
|
1FBDF7E5000
|
heap
|
page read and write
|
||
|
1FBDF7EE000
|
heap
|
page read and write
|
||
|
1FBDF8FA000
|
heap
|
page read and write
|
||
|
1FBDF7A5000
|
heap
|
page read and write
|
||
|
1FBDF7C4000
|
heap
|
page read and write
|
||
|
1FBDF95E000
|
heap
|
page read and write
|
||
|
1FBDF7C4000
|
heap
|
page read and write
|
||
|
1FBDF897000
|
heap
|
page read and write
|
||
|
1FBDF88B000
|
heap
|
page read and write
|
||
|
1FBDD9B8000
|
heap
|
page read and write
|
||
|
1FBDF7A4000
|
heap
|
page read and write
|
||
|
1FBDD965000
|
heap
|
page read and write
|
||
|
1FBDD8F0000
|
heap
|
page read and write
|
||
|
1FBDF79B000
|
heap
|
page read and write
|
||
|
1FBDF7CD000
|
heap
|
page read and write
|
||
|
1FBDF794000
|
heap
|
page read and write
|
||
|
1FBDF7C5000
|
heap
|
page read and write
|
||
|
20A147B000
|
stack
|
page read and write
|
||
|
1FBDD964000
|
heap
|
page read and write
|
||
|
1FBDF7D3000
|
heap
|
page read and write
|
||
|
1FBDF7BE000
|
heap
|
page read and write
|
||
|
1FBDF7B3000
|
heap
|
page read and write
|
||
|
1FBDD984000
|
heap
|
page read and write
|
||
|
1FBDF942000
|
heap
|
page read and write
|
||
|
1FBDF7A0000
|
heap
|
page read and write
|
||
|
1FBDF7DF000
|
heap
|
page read and write
|
||
|
1FBDF7AF000
|
heap
|
page read and write
|
||
|
1FBDF7BA000
|
heap
|
page read and write
|
There are 264 hidden memdumps, click here to show them.