Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
wrapper-windows-x86-64-3.5.59-pro.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\nst714A.tmp\LangDLL.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nst714A.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nst714A.tmp\modern-header.bmp
|
PC bitmap, Windows 3.x format, 150 x 57 x 24, image size 25764, resolution 3543 x 3543 px/m, cbSize 25818, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nst714A.tmp\modern-wizard.bmp
|
PC bitmap, Windows 3.x format, 164 x 314 x 24, image size 154488, resolution 3543 x 3543 px/m, cbSize 154542, bits offset
54
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nst714A.tmp\nsDialogs.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_de.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_en.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_es.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_ja.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\DemoApp.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\GetHostId.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\InstallTestWrapper-NT.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\PauseTestWrapper-NT.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\QueryTestWrapper-NT.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\ResumeTestWrapper-NT.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\SetupTestWrapper.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\StartTestWrapper-NT.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\StopTestWrapper-NT.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\TeardownTestWrapper.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\TestWrapper.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\TestWrapperCommand.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\UninstallTestWrapper-NT.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\wrapper.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\wrapperw.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\conf\demoapp.conf
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\conf\wrapper-license.conf
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\conf\wrapper.conf
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\doc\index.html
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\doc\revisions.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\doc\wrapper-development-license-1.3.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\doc\wrapper-server-license-1.3.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\doc\wrapper-tsims-addendum-1.3.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lang\wrapperTestApp_de.mo
|
GNU message catalog (little endian), revision 0.0, 306 messages, Project-Id-Version: louserzationwrapper 3.5.0 ' TestAction
access_violation_native '
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lang\wrapperTestApp_ja.mo
|
GNU message catalog (little endian), revision 0.0, 306 messages, Project-Id-Version: Wrapper Test Application ' \343\202\242\343\202\257\343\202\267\343\203\247\343\203\263\343\201\256\343\203\206\343\202\271\343\203\210
access_violation_native '
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lang\wrapper_de.mo
|
GNU message catalog (little endian), revision 0.0, 2003 messages, Project-Id-Version: louserzationwrapper 3.5.0 'Rufe StartServiceCtrlDispatcher
auf \342\200\246 bitte warten.'
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lang\wrapper_ja.mo
|
GNU message catalog (little endian), revision 0.0, 1957 messages, Project-Id-Version: Wrapper louserzation 1.0 'StartServiceCtrlDispatcher
\343\202\222\345\221\274\343\201\263\345\207\272\343\201\227\344\270\255\342\200\246\343\201\212\345\276\205\343\201\241\343\201\217\343\201\240\343\201\225\343\201\204\343\200\202'
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lang\wrapperjni_de.mo
|
GNU message catalog (little endian), revision 0.0, 511 messages, Project-Id-Version: louserzationwrapper 3.5.0 '
der Anwendung.'
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lang\wrapperjni_ja.mo
|
GNU message catalog (little endian), revision 0.0, 522 messages, Project-Id-Version: Wrapper louserzation 1.0 '
\343\200\200'
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lib\wrapper.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lib\wrapper.jar
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lib\wrapperdemo.jar
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lib\wrappertest.jar
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\App.bat.in
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\AppCommand.bat.in
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\AppNoWrapper.bat.in
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\AppTemplate.bat.in
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\AppTemplatePassThrough.bat.in
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\InstallApp-NT.bat.in
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\PauseApp-NT.bat.in
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\QueryApp-NT.bat.in
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\ResumeApp-NT.bat.in
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\SetupApp.bat.in
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\StartApp-NT.bat.in
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\StopApp-NT.bat.in
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\TeardownApp.bat.in
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\UninstallApp-NT.bat.in
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\conf\wrapper-license-time.conf
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\conf\wrapper.conf.in
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\conf\wrapper.conf.in_ja
|
C source, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
There are 50 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe
|
"C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe"
|
||
|
C:\Windows\SysWOW64\notepad.exe
|
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_en.txt
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://wrapper.tanukisoftware.com/doc/english/requestTrial.jsp
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/german/javadocs.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/english/accountServerLicenses.jsp
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/japanese/support.jsp
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/german/licenseOverview.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/integrateGetNativeSystemInfokernel32.dllMicrosoft
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/german/accountServerLicenses.jsp
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/japanese/qna.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/japanese/faq.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/spanish/faq.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/german/download.jsp
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/japanese/introduction.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/spanish/troubleshooting.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com2024GVBtWUThis
|
unknown
|
||
|
https://wrapper.tanukisoftware.org/doc/japanese/integrate.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/japanese/requestTrial.jsp
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/spanish/integrate.html
|
unknown
|
||
|
http://bugs.sun.com/view_bug.do?bug_id=6965962
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/spanish/qna.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/german/
|
unknown
|
||
|
https://www.tanukisoftware.com/en/distributors.php
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/english/howto.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/english/integrate.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/japanese/licenseOverview.html
|
unknown
|
||
|
http://wrapper.tanukisoftware.com/purchase
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/japanese/properties.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/german/integrate.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/english/howto-upgrade.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/german/properties.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/trialLicense
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/german/security-model.htmlGibt
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/spanish/support.jsp
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/german/troubleshooting.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/japanese/security-model.html
|
unknown
|
||
|
http://wrapper.tanukisoftware.org
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/japanese/integrate.html
|
unknown
|
||
|
https://www.tanukisoftware.com/es/
|
unknown
|
||
|
http://wrapper.tanukisoftware.org/jdoc/index.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/english/support.jsp
|
unknown
|
||
|
https://www.tanukisoftware.com/
|
unknown
|
||
|
http://wrapper.tanukisoftware.com/doc/japanese/integrate.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/japanese/accountDevLicenses.jsp
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/spanish/accountLicenses.jsp
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/
|
unknown
|
||
|
http://wrapper.tanukisoftware.com/doc/english/licenseOverview.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/german/security-model.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/japanese/accountLicenses.jsp
|
unknown
|
||
|
https://wrapper.tanukisoftware.com
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/english/faq.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/spanish/accountDevLicenses.jsp
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/english/security-model.html
|
unknown
|
||
|
http://wrapper.tanukisoftware.org/doc/english/licenseOverview.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/english/javadocs.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/spanish/properties.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/spanish/accountServerLicenses.jsp
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/german/debugging.html
|
unknown
|
||
|
http://wrapper.tanukisoftware.com/doc/english/integrate.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/spanish/howto.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/english/licenseOverview.html
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/japanese/supported-platforms.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/spanish/requestTrial.jsp
|
unknown
|
||
|
http://wrapper.tanukisoftware.com/trial
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/spanish/product-features.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/english/qna.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/german/support.jsp
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/japanese/javadocs.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/japanese/howto-upgrade.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/english/accountDevLicenses.jsp
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/english/properties.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/english/supported-platforms.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/japanese/accountServerLicenses.jsp
|
unknown
|
||
|
https://www.tanukisoftware.com/es/distributors.php
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/german/accountDevLicenses.jsp
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/german/accountLicenses.jsp
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/japanese/debugging.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/spanish/supported-platforms.html
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/japanese/product-features.html
|
unknown
|
||
|
https://www.tanukisoftware.com/ja/
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/spanish/howto-upgrade.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/spanish/download.jsp
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/german/requestTrial.jsp
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/english/integrate.htmlThe
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/german/faq.html
|
unknown
|
||
|
http://www.tanukisoftware.com
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/german/supported-platforms.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/english/accountLicenses.jsp
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/spanish/javadocs.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/english/security-model.htmlThrow
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/spanish/debugging.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/german/howto.html
|
unknown
|
||
|
https://wrapper.tanukisoftware.com/doc/english/troubleshooting.html
|
unknown
|
||
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
There are 90 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fWindowsOnlyEOL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fPasteOriginalEOL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fReverse
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fWrapAround
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fMatchCase
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
E95000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
A36000
|
heap
|
page read and write
|
||
|
9DD000
|
heap
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
9DD000
|
heap
|
page read and write
|
||
|
2C49000
|
heap
|
page read and write
|
||
|
A1E000
|
heap
|
page read and write
|
||
|
A01000
|
heap
|
page read and write
|
||
|
2CA4000
|
heap
|
page read and write
|
||
|
70E0000
|
heap
|
page read and write
|
||
|
29C5000
|
heap
|
page read and write
|
||
|
A33000
|
heap
|
page read and write
|
||
|
3670000
|
heap
|
page read and write
|
||
|
475D000
|
stack
|
page read and write
|
||
|
4774000
|
heap
|
page read and write
|
||
|
C9E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
7B3000
|
unkown
|
page read and write
|
||
|
2C46000
|
heap
|
page read and write
|
||
|
9A8000
|
heap
|
page read and write
|
||
|
2C85000
|
heap
|
page read and write
|
||
|
27B4000
|
heap
|
page read and write
|
||
|
2CCC000
|
heap
|
page read and write
|
||
|
A0C000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
2CBD000
|
heap
|
page read and write
|
||
|
9FC000
|
heap
|
page read and write
|
||
|
28AA000
|
stack
|
page read and write
|
||
|
A37000
|
heap
|
page read and write
|
||
|
2CCA000
|
heap
|
page read and write
|
||
|
A4C000
|
heap
|
page read and write
|
||
|
782000
|
unkown
|
page read and write
|
||
|
6FA0000
|
heap
|
page read and write
|
||
|
A3A000
|
heap
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
638E000
|
stack
|
page read and write
|
||
|
A12000
|
heap
|
page read and write
|
||
|
A1E000
|
heap
|
page read and write
|
||
|
A4D000
|
heap
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
A12000
|
heap
|
page read and write
|
||
|
786000
|
unkown
|
page read and write
|
||
|
7A3000
|
unkown
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
6790000
|
trusted library allocation
|
page read and write
|
||
|
3A4C000
|
stack
|
page read and write
|
||
|
A04000
|
heap
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
640E000
|
stack
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
2C8E000
|
heap
|
page read and write
|
||
|
A26000
|
heap
|
page read and write
|
||
|
A04000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
D9F000
|
stack
|
page read and write
|
||
|
A16000
|
heap
|
page read and write
|
||
|
390E000
|
stack
|
page read and write
|
||
|
95E000
|
stack
|
page read and write
|
||
|
4710000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
3A0F000
|
stack
|
page read and write
|
||
|
99E000
|
stack
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
46F0000
|
trusted library allocation
|
page read and write
|
||
|
915000
|
heap
|
page read and write
|
||
|
A47000
|
heap
|
page read and write
|
||
|
A41000
|
heap
|
page read and write
|
||
|
A12000
|
heap
|
page read and write
|
||
|
7CB000
|
unkown
|
page readonly
|
||
|
E99000
|
heap
|
page read and write
|
||
|
A08000
|
heap
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
789000
|
unkown
|
page read and write
|
||
|
A16000
|
heap
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
67A0000
|
trusted library allocation
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
2C68000
|
heap
|
page read and write
|
||
|
2868000
|
stack
|
page read and write
|
||
|
A16000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
A2A000
|
heap
|
page read and write
|
||
|
9E1000
|
heap
|
page read and write
|
||
|
63CF000
|
stack
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
4770000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
2BFF000
|
stack
|
page read and write
|
||
|
7B8000
|
unkown
|
page read and write
|
||
|
27B8000
|
heap
|
page read and write
|
||
|
9FC000
|
heap
|
page read and write
|
||
|
8FE000
|
stack
|
page read and write
|
||
|
273F000
|
stack
|
page read and write
|
||
|
9ED000
|
heap
|
page read and write
|
||
|
634E000
|
stack
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
7A5000
|
unkown
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
A01000
|
heap
|
page read and write
|
||
|
644F000
|
stack
|
page read and write
|
||
|
2DA0000
|
trusted library allocation
|
page read and write
|
||
|
4E2D000
|
stack
|
page read and write
|
||
|
B9F000
|
stack
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
E7E000
|
stack
|
page read and write
|
There are 103 hidden memdumps, click here to show them.