Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
a.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\SystemWindows\WindowsService.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\HMIIU.bat
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\HMIIU.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\a.exe
|
"C:\Users\user\Desktop\a.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\SystemWindows\WindowsService.exe
|
"C:\Users\user\AppData\Roaming\SystemWindows\WindowsService.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\SystemWindows\WindowsService.exe
|
"C:\Users\user\AppData\Roaming\SystemWindows\WindowsService.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\SystemWindows\WindowsService.exe
|
"C:\Users\user\AppData\Roaming\SystemWindows\WindowsService.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\HMIIU.bat" "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "sidebar" /t REG_SZ /d "C:\Users\user\AppData\Roaming\SystemWindows\WindowsService.exe"
/f
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
sidebar
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
ABD000
|
stack
|
page read and write
|
||
|
299E000
|
stack
|
page read and write
|
||
|
407000
|
unkown
|
page execute and read and write
|
||
|
4AE000
|
stack
|
page read and write
|
||
|
236E000
|
stack
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
2170000
|
heap
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
2390000
|
trusted library allocation
|
page read and write
|
||
|
2CBE000
|
stack
|
page read and write
|
||
|
2A29000
|
heap
|
page read and write
|
||
|
513000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2220000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
214E000
|
stack
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
2310000
|
trusted library allocation
|
page read and write
|
||
|
20E0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
22A0000
|
heap
|
page read and write
|
||
|
56E000
|
stack
|
page read and write
|
||
|
310F000
|
stack
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
2104000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
20EE000
|
stack
|
page read and write
|
||
|
2E9E000
|
stack
|
page read and write
|
||
|
83E000
|
stack
|
page read and write
|
||
|
2115000
|
heap
|
page read and write
|
||
|
2CD8000
|
heap
|
page read and write
|
||
|
335F000
|
stack
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
547000
|
heap
|
page read and write
|
||
|
2AAE000
|
stack
|
page read and write
|
||
|
407000
|
unkown
|
page execute and write copy
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
578000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
9A000
|
stack
|
page read and write
|
||
|
69C000
|
heap
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page execute and write copy
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
2084000
|
heap
|
page read and write
|
||
|
2C2F000
|
stack
|
page read and write
|
||
|
22E0000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
7FE000
|
heap
|
page read and write
|
||
|
2D2F000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
22E0000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
87C000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute and read and write
|
||
|
22E9000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page execute and read and write
|
||
|
AFD000
|
stack
|
page read and write
|
||
|
2190000
|
heap
|
page read and write
|
||
|
2079000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
2300000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page execute and read and write
|
||
|
5C2000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page execute and write copy
|
||
|
20B0000
|
heap
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
58C000
|
heap
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
2C1F000
|
stack
|
page read and write
|
||
|
2386000
|
heap
|
page read and write
|
||
|
2080000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
22E4000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute and read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
4FE000
|
heap
|
page read and write
|
||
|
4FA000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
834000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
210E000
|
stack
|
page read and write
|
||
|
2230000
|
trusted library allocation
|
page read and write
|
||
|
2100000
|
heap
|
page read and write
|
||
|
2090000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
407000
|
unkown
|
page execute and write copy
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
30DF000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute and read and write
|
||
|
2180000
|
heap
|
page read and write
|
||
|
688000
|
heap
|
page read and write
|
||
|
BFE000
|
stack
|
page read and write
|
||
|
5F5000
|
heap
|
page read and write
|
||
|
20B0000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
2120000
|
trusted library allocation
|
page read and write
|
||
|
2040000
|
trusted library allocation
|
page execute read
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
2070000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
408000
|
unkown
|
page execute and write copy
|
||
|
407000
|
unkown
|
page execute and write copy
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
76F000
|
stack
|
page read and write
|
||
|
813000
|
heap
|
page read and write
|
||
|
2070000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
2050000
|
trusted library allocation
|
page execute read
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2090000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2045000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
5C9000
|
heap
|
page read and write
|
||
|
66F000
|
unkown
|
page read and write
|
||
|
2E1F000
|
stack
|
page read and write
|
||
|
2175000
|
heap
|
page read and write
|
||
|
2110000
|
heap
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
408000
|
unkown
|
page execute and write copy
|
||
|
2090000
|
heap
|
page read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
7BF000
|
stack
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
407000
|
unkown
|
page execute and read and write
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
6D1000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
2D1F000
|
stack
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
2F1F000
|
stack
|
page read and write
|
||
|
2D3F000
|
stack
|
page read and write
|
||
|
7FA000
|
heap
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
2C3F000
|
stack
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4D0000
|
trusted library allocation
|
page execute read
|
||
|
325E000
|
stack
|
page read and write
|
||
|
2070000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
2120000
|
heap
|
page read and write
|
||
|
590000
|
trusted library allocation
|
page execute read
|
||
|
2040000
|
heap
|
page read and write
|
||
|
29DE000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute and read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
2124000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page execute and write copy
|
||
|
570000
|
heap
|
page read and write
|
There are 162 hidden memdumps, click here to show them.