Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1F48372F000
|
heap
|
page read and write
|
||
|
1F483727000
|
heap
|
page read and write
|
||
|
1F483730000
|
heap
|
page read and write
|
||
|
1F483742000
|
heap
|
page read and write
|
||
|
1F48187B000
|
heap
|
page read and write
|
||
|
1F483753000
|
heap
|
page read and write
|
||
|
1F483822000
|
heap
|
page read and write
|
||
|
1F4838C2000
|
heap
|
page read and write
|
||
|
1F486040000
|
trusted library allocation
|
page read and write
|
||
|
1F48382A000
|
heap
|
page read and write
|
||
|
1F481860000
|
heap
|
page read and write
|
||
|
1F483718000
|
heap
|
page read and write
|
||
|
1F486110000
|
heap
|
page read and write
|
||
|
1F48388D000
|
heap
|
page read and write
|
||
|
1F483734000
|
heap
|
page read and write
|
||
|
1F48184D000
|
heap
|
page read and write
|
||
|
1F4838DC000
|
heap
|
page read and write
|
||
|
1F48183E000
|
heap
|
page read and write
|
||
|
1F486108000
|
heap
|
page read and write
|
||
|
2B8207E000
|
stack
|
page read and write
|
||
|
1F483841000
|
heap
|
page read and write
|
||
|
1F48373E000
|
heap
|
page read and write
|
||
|
1F48383A000
|
heap
|
page read and write
|
||
|
1F48372F000
|
heap
|
page read and write
|
||
|
1F4838BE000
|
heap
|
page read and write
|
||
|
1F48372B000
|
heap
|
page read and write
|
||
|
1F481854000
|
heap
|
page read and write
|
||
|
1F48371B000
|
heap
|
page read and write
|
||
|
1F48182E000
|
heap
|
page read and write
|
||
|
1F48373D000
|
heap
|
page read and write
|
||
|
1F483746000
|
heap
|
page read and write
|
||
|
1F48184D000
|
heap
|
page read and write
|
||
|
1F48185A000
|
heap
|
page read and write
|
||
|
1F481841000
|
heap
|
page read and write
|
||
|
1F483730000
|
heap
|
page read and write
|
||
|
1F483862000
|
heap
|
page read and write
|
||
|
1F48384C000
|
heap
|
page read and write
|
||
|
1F48374A000
|
heap
|
page read and write
|
||
|
1F48374A000
|
heap
|
page read and write
|
||
|
2B81FFF000
|
stack
|
page read and write
|
||
|
1F4838BF000
|
heap
|
page read and write
|
||
|
1F483866000
|
heap
|
page read and write
|
||
|
1F481853000
|
heap
|
page read and write
|
||
|
1F481825000
|
heap
|
page read and write
|
||
|
1F48389F000
|
heap
|
page read and write
|
||
|
1F48373D000
|
heap
|
page read and write
|
||
|
1F48184B000
|
heap
|
page read and write
|
||
|
1F488210000
|
heap
|
page readonly
|
||
|
1F483816000
|
heap
|
page read and write
|
||
|
1F48182B000
|
heap
|
page read and write
|
||
|
1F483210000
|
heap
|
page read and write
|
||
|
1F483841000
|
heap
|
page read and write
|
||
|
1F48384A000
|
heap
|
page read and write
|
||
|
1F483824000
|
heap
|
page read and write
|
||
|
1F483866000
|
heap
|
page read and write
|
||
|
1F48381E000
|
heap
|
page read and write
|
||
|
1F4838C2000
|
heap
|
page read and write
|
||
|
1F48182C000
|
heap
|
page read and write
|
||
|
1F483801000
|
heap
|
page read and write
|
||
|
1F4838FC000
|
heap
|
page read and write
|
||
|
1F48184C000
|
heap
|
page read and write
|
||
|
1F48182A000
|
heap
|
page read and write
|
||
|
1F481885000
|
heap
|
page read and write
|
||
|
1F481836000
|
heap
|
page read and write
|
||
|
1F483752000
|
heap
|
page read and write
|
||
|
1F481858000
|
heap
|
page read and write
|
||
|
1F483729000
|
heap
|
page read and write
|
||
|
1F486104000
|
heap
|
page read and write
|
||
|
1F483832000
|
heap
|
page read and write
|
||
|
1F48373D000
|
heap
|
page read and write
|
||
|
1F483752000
|
heap
|
page read and write
|
||
|
1F483873000
|
heap
|
page read and write
|
||
|
1F48183A000
|
heap
|
page read and write
|
||
|
1F481855000
|
heap
|
page read and write
|
||
|
1F483820000
|
heap
|
page read and write
|
||
|
1F483828000
|
heap
|
page read and write
|
||
|
1F483734000
|
heap
|
page read and write
|
||
|
1F4838C2000
|
heap
|
page read and write
|
||
|
1F48374A000
|
heap
|
page read and write
|
||
|
1F48374A000
|
heap
|
page read and write
|
||
|
1F483866000
|
heap
|
page read and write
|
||
|
2B8247F000
|
stack
|
page read and write
|
||
|
2B81E77000
|
stack
|
page read and write
|
||
|
1F4838C2000
|
heap
|
page read and write
|
||
|
1F48374F000
|
heap
|
page read and write
|
||
|
1F481864000
|
heap
|
page read and write
|
||
|
1F486108000
|
heap
|
page read and write
|
||
|
1F483715000
|
heap
|
page read and write
|
||
|
1F481859000
|
heap
|
page read and write
|
||
|
1F483800000
|
heap
|
page read and write
|
||
|
1F481847000
|
heap
|
page read and write
|
||
|
1F485950000
|
trusted library allocation
|
page read and write
|
||
|
1F481790000
|
heap
|
page read and write
|
||
|
1F4838DC000
|
heap
|
page read and write
|
||
|
1F4838B6000
|
heap
|
page read and write
|
||
|
1F481854000
|
heap
|
page read and write
|
||
|
1F483734000
|
heap
|
page read and write
|
||
|
1F483739000
|
heap
|
page read and write
|
||
|
1F483742000
|
heap
|
page read and write
|
||
|
1F48373D000
|
heap
|
page read and write
|
||
|
1F4838D9000
|
heap
|
page read and write
|
||
|
1F48374E000
|
heap
|
page read and write
|
||
|
1F483828000
|
heap
|
page read and write
|
||
|
1F481851000
|
heap
|
page read and write
|
||
|
1F483725000
|
heap
|
page read and write
|
||
|
1F4838C6000
|
heap
|
page read and write
|
||
|
1F483832000
|
heap
|
page read and write
|
||
|
1F483746000
|
heap
|
page read and write
|
||
|
1F48374B000
|
heap
|
page read and write
|
||
|
1F4838CC000
|
heap
|
page read and write
|
||
|
1F48382C000
|
heap
|
page read and write
|
||
|
1F481887000
|
heap
|
page read and write
|
||
|
1F48375A000
|
heap
|
page read and write
|
||
|
1F483826000
|
heap
|
page read and write
|
||
|
1F483826000
|
heap
|
page read and write
|
||
|
1F48372F000
|
heap
|
page read and write
|
||
|
1F4838B6000
|
heap
|
page read and write
|
||
|
1F483742000
|
heap
|
page read and write
|
||
|
1F481800000
|
heap
|
page read and write
|
||
|
1F483746000
|
heap
|
page read and write
|
||
|
1F483742000
|
heap
|
page read and write
|
||
|
1F483864000
|
heap
|
page read and write
|
||
|
1F483841000
|
heap
|
page read and write
|
||
|
1F483810000
|
heap
|
page read and write
|
||
|
1F48382C000
|
heap
|
page read and write
|
||
|
1F48374E000
|
heap
|
page read and write
|
||
|
1F483756000
|
heap
|
page read and write
|
||
|
1F4838D0000
|
heap
|
page read and write
|
||
|
1F48182D000
|
heap
|
page read and write
|
||
|
1F48180B000
|
heap
|
page read and write
|
||
|
2B8217B000
|
stack
|
page read and write
|
||
|
1F4838CC000
|
heap
|
page read and write
|
||
|
1F48372F000
|
heap
|
page read and write
|
||
|
1F48188E000
|
heap
|
page read and write
|
||
|
1F4838D7000
|
heap
|
page read and write
|
||
|
1F48374A000
|
heap
|
page read and write
|
||
|
1F48384E000
|
heap
|
page read and write
|
||
|
1F483873000
|
heap
|
page read and write
|
||
|
1F483873000
|
heap
|
page read and write
|
||
|
1F481847000
|
heap
|
page read and write
|
||
|
1F4816B0000
|
heap
|
page read and write
|
||
|
1F4838D3000
|
heap
|
page read and write
|
||
|
2B8237B000
|
stack
|
page read and write
|
||
|
1F481848000
|
heap
|
page read and write
|
||
|
1F486020000
|
heap
|
page read and write
|
||
|
1F483711000
|
heap
|
page read and write
|
||
|
1F483746000
|
heap
|
page read and write
|
||
|
1F481825000
|
heap
|
page read and write
|
||
|
1F483822000
|
heap
|
page read and write
|
||
|
1F483873000
|
heap
|
page read and write
|
||
|
1F48183D000
|
heap
|
page read and write
|
||
|
1F481825000
|
heap
|
page read and write
|
||
|
1F483719000
|
heap
|
page read and write
|
||
|
1F483723000
|
heap
|
page read and write
|
||
|
1F4838B6000
|
heap
|
page read and write
|
||
|
1F48372F000
|
heap
|
page read and write
|
||
|
1F4838D9000
|
heap
|
page read and write
|
||
|
1F48183B000
|
heap
|
page read and write
|
||
|
1F4838D4000
|
heap
|
page read and write
|
||
|
1F4838CC000
|
heap
|
page read and write
|
||
|
1F483807000
|
heap
|
page read and write
|
||
|
1F483814000
|
heap
|
page read and write
|
||
|
1F481825000
|
heap
|
page read and write
|
||
|
1F48188E000
|
heap
|
page read and write
|
||
|
1F483731000
|
heap
|
page read and write
|
||
|
1F483722000
|
heap
|
page read and write
|
||
|
1F483070000
|
heap
|
page read and write
|
||
|
1F481877000
|
heap
|
page read and write
|
||
|
1F48188E000
|
heap
|
page read and write
|
||
|
1F48382C000
|
heap
|
page read and write
|
||
|
1F483734000
|
heap
|
page read and write
|
||
|
1F48384E000
|
heap
|
page read and write
|
||
|
1F48372B000
|
heap
|
page read and write
|
||
|
1F483812000
|
heap
|
page read and write
|
||
|
1F48181B000
|
heap
|
page read and write
|
||
|
1F48383A000
|
heap
|
page read and write
|
||
|
1F483752000
|
heap
|
page read and write
|
||
|
1F483731000
|
heap
|
page read and write
|
||
|
1F48373E000
|
heap
|
page read and write
|
||
|
1F483805000
|
heap
|
page read and write
|
||
|
1F483700000
|
heap
|
page read and write
|
||
|
1F48180D000
|
heap
|
page read and write
|
||
|
1F483820000
|
heap
|
page read and write
|
||
|
1F48374E000
|
heap
|
page read and write
|
||
|
2B820FC000
|
stack
|
page read and write
|
||
|
1F483866000
|
heap
|
page read and write
|
||
|
1F48374A000
|
heap
|
page read and write
|
||
|
1F48373D000
|
heap
|
page read and write
|
||
|
1F48383A000
|
heap
|
page read and write
|
||
|
1F483832000
|
heap
|
page read and write
|
||
|
1F4838B6000
|
heap
|
page read and write
|
||
|
1F483752000
|
heap
|
page read and write
|
||
|
1F481838000
|
heap
|
page read and write
|
||
|
1F48382A000
|
heap
|
page read and write
|
||
|
1F4838C8000
|
heap
|
page read and write
|
||
|
1F4838B6000
|
heap
|
page read and write
|
||
|
1F48372A000
|
heap
|
page read and write
|
||
|
1F4830F0000
|
heap
|
page read and write
|
||
|
1F483841000
|
heap
|
page read and write
|
||
|
1F483753000
|
heap
|
page read and write
|
||
|
1F483866000
|
heap
|
page read and write
|
||
|
1F483728000
|
heap
|
page read and write
|
||
|
1F4860F1000
|
heap
|
page read and write
|
||
|
1F48381E000
|
heap
|
page read and write
|
||
|
1F483746000
|
heap
|
page read and write
|
||
|
1F4860F0000
|
heap
|
page read and write
|
||
|
1F48374E000
|
heap
|
page read and write
|
||
|
1F48373A000
|
heap
|
page read and write
|
||
|
1F483710000
|
heap
|
page read and write
|
||
|
1F483873000
|
heap
|
page read and write
|
||
|
1F481890000
|
heap
|
page read and write
|
||
|
1F48374B000
|
heap
|
page read and write
|
||
|
1F483742000
|
heap
|
page read and write
|
||
|
1F481859000
|
heap
|
page read and write
|
||
|
1F481840000
|
heap
|
page read and write
|
||
|
1F4838C2000
|
heap
|
page read and write
|
||
|
1F481884000
|
heap
|
page read and write
|
||
|
1F4838D0000
|
heap
|
page read and write
|
||
|
1F483215000
|
heap
|
page read and write
|
||
|
1F48185D000
|
heap
|
page read and write
|
||
|
1F4838B6000
|
heap
|
page read and write
|
||
|
1F4838DB000
|
heap
|
page read and write
|
||
|
1F481857000
|
heap
|
page read and write
|
||
|
1F4838CC000
|
heap
|
page read and write
|
||
|
1F483734000
|
heap
|
page read and write
|
||
|
1F483863000
|
heap
|
page read and write
|
||
|
7DF430161000
|
trusted library allocation
|
page execute read
|
||
|
2B81EFE000
|
stack
|
page read and write
|
||
|
1F481825000
|
heap
|
page read and write
|
||
|
1F483746000
|
heap
|
page read and write
|
||
|
1F4838C2000
|
heap
|
page read and write
|
||
|
1F48374E000
|
heap
|
page read and write
|
||
|
1F48373E000
|
heap
|
page read and write
|
||
|
1F48374E000
|
heap
|
page read and write
|
||
|
1F481861000
|
heap
|
page read and write
|
||
|
1F483890000
|
heap
|
page read and write
|
||
|
1F481840000
|
heap
|
page read and write
|
||
|
1F483824000
|
heap
|
page read and write
|
||
|
1F483832000
|
heap
|
page read and write
|
||
|
1F48373E000
|
heap
|
page read and write
|
||
|
1F4838CC000
|
heap
|
page read and write
|
||
|
1F4838B6000
|
heap
|
page read and write
|
||
|
1F48371B000
|
heap
|
page read and write
|
||
|
1F483873000
|
heap
|
page read and write
|
||
|
2B81F7E000
|
stack
|
page read and write
|
There are 235 hidden memdumps, click here to show them.