Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
99B397E000
|
stack
|
page read and write
|
||
|
2896D365000
|
heap
|
page read and write
|
||
|
28970215000
|
heap
|
page read and write
|
||
|
2896D96F000
|
heap
|
page read and write
|
||
|
2897022B000
|
heap
|
page read and write
|
||
|
2896B8CD000
|
heap
|
page read and write
|
||
|
2896D8B1000
|
heap
|
page read and write
|
||
|
2896D88B000
|
heap
|
page read and write
|
||
|
2896D96F000
|
heap
|
page read and write
|
||
|
2897021F000
|
heap
|
page read and write
|
||
|
2896D940000
|
heap
|
page read and write
|
||
|
2896D7BD000
|
heap
|
page read and write
|
||
|
2896D7BA000
|
heap
|
page read and write
|
||
|
2896D260000
|
heap
|
page read and write
|
||
|
2896D7BE000
|
heap
|
page read and write
|
||
|
2896D8BB000
|
heap
|
page read and write
|
||
|
2896D798000
|
heap
|
page read and write
|
||
|
2896D8C8000
|
heap
|
page read and write
|
||
|
2896D7C4000
|
heap
|
page read and write
|
||
|
2896B896000
|
heap
|
page read and write
|
||
|
2897022B000
|
heap
|
page read and write
|
||
|
2896B86F000
|
heap
|
page read and write
|
||
|
2896D8C4000
|
heap
|
page read and write
|
||
|
2896D7C8000
|
heap
|
page read and write
|
||
|
2896D91C000
|
heap
|
page read and write
|
||
|
2896D926000
|
heap
|
page read and write
|
||
|
2896D790000
|
heap
|
page read and write
|
||
|
2896D7B1000
|
heap
|
page read and write
|
||
|
2896B896000
|
heap
|
page read and write
|
||
|
2896D7BD000
|
heap
|
page read and write
|
||
|
2896D7B4000
|
heap
|
page read and write
|
||
|
2896D961000
|
heap
|
page read and write
|
||
|
2896D8BB000
|
heap
|
page read and write
|
||
|
2896D92D000
|
heap
|
page read and write
|
||
|
2896B8DD000
|
heap
|
page read and write
|
||
|
99B3556000
|
stack
|
page read and write
|
||
|
2896B8D1000
|
heap
|
page read and write
|
||
|
2896D7CC000
|
heap
|
page read and write
|
||
|
2896D8C8000
|
heap
|
page read and write
|
||
|
2896D8C4000
|
heap
|
page read and write
|
||
|
2896D7B6000
|
heap
|
page read and write
|
||
|
28970210000
|
heap
|
page read and write
|
||
|
2896B88F000
|
heap
|
page read and write
|
||
|
2896D795000
|
heap
|
page read and write
|
||
|
2896D880000
|
heap
|
page read and write
|
||
|
2896D926000
|
heap
|
page read and write
|
||
|
2896B88F000
|
heap
|
page read and write
|
||
|
2896D7C8000
|
heap
|
page read and write
|
||
|
2896B8E3000
|
heap
|
page read and write
|
||
|
2896D7CC000
|
heap
|
page read and write
|
||
|
2896D8B3000
|
heap
|
page read and write
|
||
|
2896D7AA000
|
heap
|
page read and write
|
||
|
2896B740000
|
heap
|
page read and write
|
||
|
2896D888000
|
heap
|
page read and write
|
||
|
2897022B000
|
heap
|
page read and write
|
||
|
2896D8C8000
|
heap
|
page read and write
|
||
|
28970216000
|
heap
|
page read and write
|
||
|
28970208000
|
heap
|
page read and write
|
||
|
2896D894000
|
heap
|
page read and write
|
||
|
2896D940000
|
heap
|
page read and write
|
||
|
2896D89C000
|
heap
|
page read and write
|
||
|
2896D883000
|
heap
|
page read and write
|
||
|
2896D799000
|
heap
|
page read and write
|
||
|
2896D7A4000
|
heap
|
page read and write
|
||
|
2896F9D0000
|
trusted library allocation
|
page read and write
|
||
|
2896D92A000
|
heap
|
page read and write
|
||
|
2896D790000
|
heap
|
page read and write
|
||
|
2896D967000
|
heap
|
page read and write
|
||
|
2896D8AB000
|
heap
|
page read and write
|
||
|
2896B8D8000
|
heap
|
page read and write
|
||
|
2896D94B000
|
heap
|
page read and write
|
||
|
2896D8A8000
|
heap
|
page read and write
|
||
|
2896D360000
|
heap
|
page read and write
|
||
|
2896B897000
|
heap
|
page read and write
|
||
|
2896D940000
|
heap
|
page read and write
|
||
|
2896D95D000
|
heap
|
page read and write
|
||
|
2896D7BF000
|
heap
|
page read and write
|
||
|
2896B8AD000
|
heap
|
page read and write
|
||
|
2896D96F000
|
heap
|
page read and write
|
||
|
2896D7C8000
|
heap
|
page read and write
|
||
|
2896D7B4000
|
heap
|
page read and write
|
||
|
2896D961000
|
heap
|
page read and write
|
||
|
28970218000
|
heap
|
page read and write
|
||
|
2896D7DC000
|
heap
|
page read and write
|
||
|
2896D94B000
|
heap
|
page read and write
|
||
|
2896D79B000
|
heap
|
page read and write
|
||
|
2896D96F000
|
heap
|
page read and write
|
||
|
2896D7CC000
|
heap
|
page read and write
|
||
|
2896D926000
|
heap
|
page read and write
|
||
|
2896D7C4000
|
heap
|
page read and write
|
||
|
2896D7D0000
|
heap
|
page read and write
|
||
|
2896D929000
|
heap
|
page read and write
|
||
|
2896D7BE000
|
heap
|
page read and write
|
||
|
2896D8AF000
|
heap
|
page read and write
|
||
|
2896D8AF000
|
heap
|
page read and write
|
||
|
2896D8A0000
|
heap
|
page read and write
|
||
|
2896B811000
|
heap
|
page read and write
|
||
|
2896B8C1000
|
heap
|
page read and write
|
||
|
2896D7D1000
|
heap
|
page read and write
|
||
|
99B3AFB000
|
stack
|
page read and write
|
||
|
2896D7BD000
|
heap
|
page read and write
|
||
|
99B38FF000
|
stack
|
page read and write
|
||
|
2896D7D4000
|
heap
|
page read and write
|
||
|
2896B8B5000
|
heap
|
page read and write
|
||
|
2896D7D0000
|
heap
|
page read and write
|
||
|
2896D8A8000
|
heap
|
page read and write
|
||
|
2896D794000
|
heap
|
page read and write
|
||
|
2896D7B4000
|
heap
|
page read and write
|
||
|
2896D929000
|
heap
|
page read and write
|
||
|
2896D79B000
|
heap
|
page read and write
|
||
|
2896D7AF000
|
heap
|
page read and write
|
||
|
2896D7B4000
|
heap
|
page read and write
|
||
|
2896D7AB000
|
heap
|
page read and write
|
||
|
99B39FD000
|
stack
|
page read and write
|
||
|
2896D7D7000
|
heap
|
page read and write
|
||
|
2896D967000
|
heap
|
page read and write
|
||
|
2896D7D4000
|
heap
|
page read and write
|
||
|
2896D94B000
|
heap
|
page read and write
|
||
|
2896D8C8000
|
heap
|
page read and write
|
||
|
2896D940000
|
heap
|
page read and write
|
||
|
2897021F000
|
heap
|
page read and write
|
||
|
2896B88C000
|
heap
|
page read and write
|
||
|
2896D780000
|
heap
|
page read and write
|
||
|
99B387E000
|
stack
|
page read and write
|
||
|
2896D7BE000
|
heap
|
page read and write
|
||
|
2896D96F000
|
heap
|
page read and write
|
||
|
2896B780000
|
heap
|
page read and write
|
||
|
2897022C000
|
heap
|
page read and write
|
||
|
28970201000
|
heap
|
page read and write
|
||
|
2896D8AB000
|
heap
|
page read and write
|
||
|
2896D7A5000
|
heap
|
page read and write
|
||
|
2896B89C000
|
heap
|
page read and write
|
||
|
2896D8AD000
|
heap
|
page read and write
|
||
|
2896D8AD000
|
heap
|
page read and write
|
||
|
2896B8B8000
|
heap
|
page read and write
|
||
|
2896D884000
|
heap
|
page read and write
|
||
|
2896D7A8000
|
heap
|
page read and write
|
||
|
2896B8DF000
|
heap
|
page read and write
|
||
|
2896D967000
|
heap
|
page read and write
|
||
|
2896D90F000
|
heap
|
page read and write
|
||
|
2896D7AB000
|
heap
|
page read and write
|
||
|
2896B8B7000
|
heap
|
page read and write
|
||
|
2896D95C000
|
heap
|
page read and write
|
||
|
2896B730000
|
heap
|
page read and write
|
||
|
2896B8EF000
|
heap
|
page read and write
|
||
|
2896B8B3000
|
heap
|
page read and write
|
||
|
2896D8BB000
|
heap
|
page read and write
|
||
|
2896D7D0000
|
heap
|
page read and write
|
||
|
2896D967000
|
heap
|
page read and write
|
||
|
2896B8C2000
|
heap
|
page read and write
|
||
|
2896D7B9000
|
heap
|
page read and write
|
||
|
2896D91C000
|
heap
|
page read and write
|
||
|
2896D7A9000
|
heap
|
page read and write
|
||
|
289704A0000
|
heap
|
page read and write
|
||
|
2896D7AF000
|
heap
|
page read and write
|
||
|
2896D90F000
|
heap
|
page read and write
|
||
|
28970200000
|
heap
|
page read and write
|
||
|
2896D7AF000
|
heap
|
page read and write
|
||
|
2896D7C4000
|
heap
|
page read and write
|
||
|
2896D7C8000
|
heap
|
page read and write
|
||
|
2896D929000
|
heap
|
page read and write
|
||
|
2897020D000
|
heap
|
page read and write
|
||
|
2896D967000
|
heap
|
page read and write
|
||
|
2896D8B1000
|
heap
|
page read and write
|
||
|
2896D92D000
|
heap
|
page read and write
|
||
|
2896D91C000
|
heap
|
page read and write
|
||
|
2896D94B000
|
heap
|
page read and write
|
||
|
2896D91C000
|
heap
|
page read and write
|
||
|
2896D961000
|
heap
|
page read and write
|
||
|
2896D7CC000
|
heap
|
page read and write
|
||
|
2896D961000
|
heap
|
page read and write
|
||
|
2896D7B4000
|
heap
|
page read and write
|
||
|
2896D8B3000
|
heap
|
page read and write
|
||
|
2896D94B000
|
heap
|
page read and write
|
||
|
99B35DE000
|
stack
|
page read and write
|
||
|
2896D8C4000
|
heap
|
page read and write
|
||
|
2896B89B000
|
heap
|
page read and write
|
||
|
2896B8AE000
|
heap
|
page read and write
|
||
|
2896D961000
|
heap
|
page read and write
|
||
|
2896B896000
|
heap
|
page read and write
|
||
|
99B3CFB000
|
stack
|
page read and write
|
||
|
2896B88F000
|
heap
|
page read and write
|
||
|
2896B800000
|
heap
|
page read and write
|
||
|
2896D7AF000
|
heap
|
page read and write
|
||
|
2896D7D4000
|
heap
|
page read and write
|
||
|
2896D7AF000
|
heap
|
page read and write
|
||
|
99B3A7C000
|
stack
|
page read and write
|
||
|
2896D79B000
|
heap
|
page read and write
|
||
|
2896D90F000
|
heap
|
page read and write
|
||
|
2896D7BA000
|
heap
|
page read and write
|
||
|
2896D90F000
|
heap
|
page read and write
|
||
|
2897021A000
|
heap
|
page read and write
|
||
|
2896D8BB000
|
heap
|
page read and write
|
||
|
2897021F000
|
heap
|
page read and write
|
||
|
2896D922000
|
heap
|
page read and write
|
||
|
2896D940000
|
heap
|
page read and write
|
There are 186 hidden memdumps, click here to show them.