Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Tools.chm
|
MS Windows HtmlHelp Data
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\blue_gradient_1024x24[1].jpg
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1024x24, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\default[1].css
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\IMT91BB.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF29B3D8AFCC4BE6F8.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFD0C4254A30DAC0B9.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\HTML Help\hh.dat
|
MS Windows HtmlHelp Data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\hh.exe
|
"C:\Windows\hh.exe" C:\Users\user\Desktop\Tools.chm
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.autoitscript.com/autoit3k
|
unknown
|
||
|
http://www.autoitscript.com/autoit3
|
unknown
|
||
|
http://www.autoitscript.com/tools/
|
unknown
|
||
|
http://www.autoitscript.com/autoit3p
|
unknown
|
||
|
http://www.autoitscript.com/autoit3W
|
unknown
|
||
|
http://www.autoitscript.com/autoit3X
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1D9866E4000
|
trusted library allocation
|
page read and write
|
||
|
1D986704000
|
trusted library allocation
|
page read and write
|
||
|
60759FD000
|
stack
|
page read and write
|
||
|
1D9847A9000
|
heap
|
page read and write
|
||
|
1D984816000
|
heap
|
page read and write
|
||
|
1D9847FB000
|
heap
|
page read and write
|
||
|
1D9828B3000
|
heap
|
page read and write
|
||
|
6075A4E000
|
stack
|
page read and write
|
||
|
1D986694000
|
trusted library allocation
|
page read and write
|
||
|
1E190274000
|
heap
|
page read and write
|
||
|
1D986674000
|
trusted library allocation
|
page read and write
|
||
|
1D9866DC000
|
trusted library allocation
|
page read and write
|
||
|
1E1902AA000
|
heap
|
page read and write
|
||
|
1E18E372000
|
trusted library allocation
|
page read and write
|
||
|
1E190220000
|
heap
|
page read and write
|
||
|
1D984253000
|
heap
|
page read and write
|
||
|
1D9866E0000
|
trusted library allocation
|
page read and write
|
||
|
1D98665C000
|
trusted library allocation
|
page read and write
|
||
|
1D9827C0000
|
heap
|
page read and write
|
||
|
1D9847FA000
|
heap
|
page read and write
|
||
|
1D982845000
|
heap
|
page read and write
|
||
|
1D9827F0000
|
heap
|
page read and write
|
||
|
1E18A836000
|
heap
|
page read and write
|
||
|
1E18A858000
|
heap
|
page read and write
|
||
|
1D9866F0000
|
trusted library allocation
|
page read and write
|
||
|
1D984816000
|
heap
|
page read and write
|
||
|
1D9866F8000
|
trusted library allocation
|
page read and write
|
||
|
1E18A879000
|
heap
|
page read and write
|
||
|
1D984818000
|
heap
|
page read and write
|
||
|
1D9847E8000
|
heap
|
page read and write
|
||
|
1E18A850000
|
heap
|
page read and write
|
||
|
1E190423000
|
trusted library allocation
|
page read and write
|
||
|
1D986664000
|
trusted library allocation
|
page read and write
|
||
|
1D98284E000
|
heap
|
page read and write
|
||
|
6075550000
|
stack
|
page read and write
|
||
|
1E18A83F000
|
heap
|
page read and write
|
||
|
1D9866D8000
|
trusted library allocation
|
page read and write
|
||
|
1E190210000
|
heap
|
page readonly
|
||
|
1D98655E000
|
heap
|
page read and write
|
||
|
1D982934000
|
heap
|
page read and write
|
||
|
1D98668C000
|
trusted library allocation
|
page read and write
|
||
|
1D9828BC000
|
heap
|
page read and write
|
||
|
1D9847EF000
|
heap
|
page read and write
|
||
|
1E19026A000
|
heap
|
page read and write
|
||
|
1D986530000
|
heap
|
page read and write
|
||
|
1D9866A8000
|
trusted library allocation
|
page read and write
|
||
|
1D9828D4000
|
heap
|
page read and write
|
||
|
1E18A84E000
|
heap
|
page read and write
|
||
|
1D984803000
|
heap
|
page read and write
|
||
|
1E18A8A1000
|
heap
|
page read and write
|
||
|
1D98481D000
|
heap
|
page read and write
|
||
|
1E190267000
|
heap
|
page read and write
|
||
|
1D982877000
|
heap
|
page read and write
|
||
|
1D982860000
|
heap
|
page read and write
|
||
|
1D985AE0000
|
trusted library allocation
|
page read and write
|
||
|
1E18A87A000
|
heap
|
page read and write
|
||
|
1D9843B0000
|
heap
|
page read and write
|
||
|
1D9867E0000
|
trusted library allocation
|
page read and write
|
||
|
1D98664C000
|
trusted library allocation
|
page read and write
|
||
|
1E18A841000
|
heap
|
page read and write
|
||
|
1D984770000
|
heap
|
page read and write
|
||
|
1D9848B0000
|
trusted library section
|
page read and write
|
||
|
1D9866C8000
|
trusted library allocation
|
page read and write
|
||
|
1E190430000
|
trusted library allocation
|
page read and write
|
||
|
6075CCC000
|
trusted library allocation
|
page read and write
|
||
|
1E19025B000
|
heap
|
page read and write
|
||
|
6075BCB000
|
stack
|
page read and write
|
||
|
1D9866AC000
|
trusted library allocation
|
page read and write
|
||
|
1E190420000
|
trusted library allocation
|
page read and write
|
||
|
1E18A85E000
|
heap
|
page read and write
|
||
|
1D986660000
|
trusted library allocation
|
page read and write
|
||
|
607597D000
|
stack
|
page read and write
|
||
|
1D9866E8000
|
trusted library allocation
|
page read and write
|
||
|
1D984812000
|
heap
|
page read and write
|
||
|
6075ACE000
|
stack
|
page read and write
|
||
|
1D986658000
|
trusted library allocation
|
page read and write
|
||
|
1D986678000
|
trusted library allocation
|
page read and write
|
||
|
1D9866C0000
|
trusted library allocation
|
page read and write
|
||
|
1D9866B0000
|
trusted library allocation
|
page read and write
|
||
|
1E190200000
|
trusted library allocation
|
page read and write
|
||
|
1D986559000
|
heap
|
page read and write
|
||
|
1E18A87E000
|
heap
|
page read and write
|
||
|
6075D4E000
|
stack
|
page read and write
|
||
|
6075C4E000
|
stack
|
page read and write
|
||
|
1E190228000
|
heap
|
page read and write
|
||
|
1D984250000
|
heap
|
page read and write
|
||
|
1E18A899000
|
heap
|
page read and write
|
||
|
1D98666C000
|
trusted library allocation
|
page read and write
|
||
|
1D9847FF000
|
heap
|
page read and write
|
||
|
1D9828A9000
|
heap
|
page read and write
|
||
|
1D98295D000
|
heap
|
page read and write
|
||
|
1D986699000
|
trusted library allocation
|
page read and write
|
||
|
6075DCE000
|
stack
|
page read and write
|
||
|
1D986708000
|
trusted library allocation
|
page read and write
|
||
|
1D9847C3000
|
heap
|
page read and write
|
||
|
1D986650000
|
trusted library allocation
|
page read and write
|
||
|
1D986718000
|
trusted library allocation
|
page read and write
|
||
|
1D9847BC000
|
heap
|
page read and write
|
||
|
1D98481A000
|
heap
|
page read and write
|
||
|
1D986544000
|
heap
|
page read and write
|
||
|
1E18C970000
|
trusted library section
|
page readonly
|
||
|
1D984812000
|
heap
|
page read and write
|
||
|
1E18A84C000
|
heap
|
page read and write
|
||
|
1D982840000
|
heap
|
page read and write
|
||
|
1E18A82D000
|
heap
|
page read and write
|
||
|
1D982899000
|
heap
|
page read and write
|
||
|
1D9847C1000
|
heap
|
page read and write
|
||
|
1D9847FF000
|
heap
|
page read and write
|
||
|
1D982915000
|
heap
|
page read and write
|
||
|
1D98653D000
|
heap
|
page read and write
|
||
|
1D9828A3000
|
heap
|
page read and write
|
||
|
1D984750000
|
heap
|
page read and write
|
||
|
1D98290A000
|
heap
|
page read and write
|
||
|
1D984816000
|
heap
|
page read and write
|
||
|
1D984812000
|
heap
|
page read and write
|
||
|
1E190200000
|
trusted library allocation
|
page read and write
|
||
|
1D984816000
|
heap
|
page read and write
|
||
|
1D986690000
|
trusted library allocation
|
page read and write
|
||
|
1D984808000
|
heap
|
page read and write
|
||
|
1E18A849000
|
heap
|
page read and write
|
||
|
1D986780000
|
heap
|
page read and write
|
||
|
1E18A820000
|
heap
|
page read and write
|
||
|
1D9862F0000
|
trusted library allocation
|
page read and write
|
||
|
1E18A891000
|
heap
|
page read and write
|
||
|
1D982868000
|
heap
|
page read and write
|
||
|
1D986648000
|
trusted library allocation
|
page read and write
|
||
|
1E190265000
|
heap
|
page read and write
|
||
|
1D9828DF000
|
heap
|
page read and write
|
||
|
1D9847EB000
|
heap
|
page read and write
|
||
|
1E18A877000
|
heap
|
page read and write
|
||
|
1D9866CC000
|
trusted library allocation
|
page read and write
|
||
|
1D9827D0000
|
heap
|
page read and write
|
||
|
7DF436FE1000
|
trusted library allocation
|
page execute read
|
||
|
1D98480E000
|
heap
|
page read and write
|
||
|
1E18A832000
|
heap
|
page read and write
|
||
|
1D986534000
|
heap
|
page read and write
|
||
|
1D986670000
|
trusted library allocation
|
page read and write
|
||
|
7DF436FE0000
|
trusted library allocation
|
page readonly
|
||
|
1D984789000
|
heap
|
page read and write
|
||
|
1D986700000
|
trusted library allocation
|
page read and write
|
||
|
1D986684000
|
trusted library allocation
|
page read and write
|
||
|
1D986540000
|
heap
|
page read and write
|
||
|
7DF436FF1000
|
trusted library allocation
|
page execute read
|
||
|
1D9866B8000
|
trusted library allocation
|
page read and write
|
||
|
1E1902B6000
|
heap
|
page read and write
|
||
|
1D984773000
|
heap
|
page read and write
|
||
|
1D984812000
|
heap
|
page read and write
|
||
|
6075B4E000
|
stack
|
page read and write
|
||
|
1D9828B8000
|
heap
|
page read and write
|
||
|
1E18A874000
|
heap
|
page read and write
|
||
|
1D984360000
|
heap
|
page read and write
|
||
|
1D986680000
|
trusted library allocation
|
page read and write
|
||
|
1D986688000
|
trusted library allocation
|
page read and write
|
||
|
1D984816000
|
heap
|
page read and write
|
There are 144 hidden memdumps, click here to show them.