Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /C "C:\WINDOWS\system32\cmd.exe /c mshta.exe "about:<input type=file id=FILE><script>FILE.click();new ActiveXObject('Scripting.FileSystemObject').GetStandardStream(1).WriteLine(FILE.value);close();resizeTo(0,0);</script>""
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
C:\WINDOWS\system32\cmd.exe /c mshta.exe "about:<input type=file id=FILE><script>FILE.click();new ActiveXObject('Scripting.FileSystemObject').GetStandardStream(1).WriteLine(FILE.value);close();resizeTo(0,0);</script>"
|
||
|
C:\Windows\SysWOW64\mshta.exe
|
mshta.exe "about:<input type=file id=FILE><script>FILE.click();new ActiveXObject('Scripting.FileSystemObject').GetStandardStream(1).WriteLine(FILE.value);close();resizeTo(0,0);</script>"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.autoitscript.com/autoit3/8
|
unknown
|
||
|
http://www.autoitscript.com/favicon.ico
|
unknown
|
||
|
http://www.autoitscript.com/site/autoit/#
|
unknown
|
||
|
http://www.autoitscript.com/site/autoit/3
|
unknown
|
||
|
http://www.autoitscript.com/site/autoit/e
|
unknown
|
||
|
http://www.autoitscript.com/site/autoit/eC
|
unknown
|
||
|
http://www.autoitscript.com/site/autoit/?
|
unknown
|
||
|
http://www.autoitscript.com/site/autoit/
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
|
MRUListEx
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0
|
1
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\1
|
0
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\1
|
MRUListEx
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\1\0
|
NodeSlot
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\1\0
|
MRUListEx
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell
|
SniffedFolderType
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@C:\Windows\System32\ieframe.dll,-10046
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@C:\Windows\System32\hhctrl.ocx,-452
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
|
ImageStoreRandomFolder
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{FBF23B40-E3F0-101B-8488-00AA003E56F8} {00021500-0000-0000-C000-000000000046} 0xFFFF
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
|
MRUListEx
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0
|
MRUListEx
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
|
NodeSlots
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5078000
|
trusted library allocation
|
page read and write
|
||
|
A1A3000
|
heap
|
page read and write
|
||
|
311C000
|
heap
|
page read and write
|
||
|
6638000
|
trusted library allocation
|
page read and write
|
||
|
6470000
|
heap
|
page read and write
|
||
|
9EE5000
|
heap
|
page read and write
|
||
|
9EE3000
|
heap
|
page read and write
|
||
|
D900000
|
trusted library allocation
|
page read and write
|
||
|
54EF000
|
stack
|
page read and write
|
||
|
A1CD000
|
heap
|
page read and write
|
||
|
5068000
|
trusted library allocation
|
page read and write
|
||
|
A1CD000
|
heap
|
page read and write
|
||
|
6475000
|
heap
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
A1A3000
|
heap
|
page read and write
|
||
|
31B5000
|
heap
|
page read and write
|
||
|
9E9E000
|
heap
|
page read and write
|
||
|
57AB000
|
stack
|
page read and write
|
||
|
6577000
|
trusted library allocation
|
page read and write
|
||
|
D3F9000
|
stack
|
page read and write
|
||
|
9EA1000
|
heap
|
page read and write
|
||
|
E71E000
|
stack
|
page read and write
|
||
|
507A000
|
trusted library allocation
|
page read and write
|
||
|
3176000
|
heap
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
5070000
|
trusted library allocation
|
page read and write
|
||
|
9EE8000
|
heap
|
page read and write
|
||
|
317F000
|
heap
|
page read and write
|
||
|
A1D2000
|
heap
|
page read and write
|
||
|
A1A2000
|
heap
|
page read and write
|
||
|
661F000
|
stack
|
page read and write
|
||
|
333A000
|
heap
|
page read and write
|
||
|
50B8000
|
trusted library allocation
|
page read and write
|
||
|
A13D000
|
heap
|
page read and write
|
||
|
9EEC000
|
heap
|
page read and write
|
||
|
A13F000
|
heap
|
page read and write
|
||
|
9ED9000
|
heap
|
page read and write
|
||
|
58FE000
|
stack
|
page read and write
|
||
|
CD29000
|
stack
|
page read and write
|
||
|
9F3E000
|
heap
|
page read and write
|
||
|
A1A3000
|
heap
|
page read and write
|
||
|
64DD000
|
heap
|
page read and write
|
||
|
552C000
|
stack
|
page read and write
|
||
|
A1D2000
|
heap
|
page read and write
|
||
|
507C000
|
trusted library allocation
|
page read and write
|
||
|
A1D2000
|
heap
|
page read and write
|
||
|
3182000
|
heap
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
508C000
|
trusted library allocation
|
page read and write
|
||
|
67A0000
|
trusted library allocation
|
page execute
|
||
|
896F000
|
stack
|
page read and write
|
||
|
9EE1000
|
heap
|
page read and write
|
||
|
9F13000
|
heap
|
page read and write
|
||
|
3161000
|
heap
|
page read and write
|
||
|
8970000
|
trusted library section
|
page readonly
|
||
|
6634000
|
trusted library allocation
|
page read and write
|
||
|
3103000
|
heap
|
page read and write
|
||
|
9ED9000
|
heap
|
page read and write
|
||
|
576D000
|
stack
|
page read and write
|
||
|
6584000
|
trusted library allocation
|
page read and write
|
||
|
A17F000
|
heap
|
page read and write
|
||
|
DD3B000
|
stack
|
page read and write
|
||
|
50A8000
|
trusted library allocation
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
50C6000
|
trusted library allocation
|
page read and write
|
||
|
A0AC000
|
stack
|
page read and write
|
||
|
9B8F000
|
stack
|
page read and write
|
||
|
A1D2000
|
heap
|
page read and write
|
||
|
A142000
|
heap
|
page read and write
|
||
|
3195000
|
heap
|
page read and write
|
||
|
506E000
|
trusted library allocation
|
page read and write
|
||
|
DCF9000
|
stack
|
page read and write
|
||
|
A0E8000
|
trusted library allocation
|
page read and write
|
||
|
A1CD000
|
heap
|
page read and write
|
||
|
31C3000
|
heap
|
page read and write
|
||
|
E19E000
|
stack
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
DE39000
|
stack
|
page read and write
|
||
|
3125000
|
heap
|
page read and write
|
||
|
2BB2000
|
stack
|
page read and write
|
||
|
310C000
|
heap
|
page read and write
|
||
|
9EE1000
|
heap
|
page read and write
|
||
|
DE7E000
|
stack
|
page read and write
|
||
|
9EE9000
|
heap
|
page read and write
|
||
|
3187000
|
heap
|
page read and write
|
||
|
A1A3000
|
heap
|
page read and write
|
||
|
64B9000
|
heap
|
page read and write
|
||
|
A14E000
|
heap
|
page read and write
|
||
|
4E2F000
|
heap
|
page read and write
|
||
|
A1D2000
|
heap
|
page read and write
|
||
|
9E70000
|
heap
|
page read and write
|
||
|
9EE5000
|
heap
|
page read and write
|
||
|
CBDB000
|
stack
|
page read and write
|
||
|
562E000
|
stack
|
page read and write
|
||
|
528B000
|
stack
|
page read and write
|
||
|
5050000
|
heap
|
page read and write
|
||
|
9EE1000
|
heap
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
667E000
|
stack
|
page read and write
|
||
|
30C0000
|
trusted library allocation
|
page read and write
|
||
|
9A8C000
|
stack
|
page read and write
|
||
|
E29F000
|
stack
|
page read and write
|
||
|
E81F000
|
stack
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
A129000
|
heap
|
page read and write
|
||
|
A1D2000
|
heap
|
page read and write
|
||
|
58BA000
|
stack
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
3164000
|
heap
|
page read and write
|
||
|
C4D0000
|
heap
|
page read and write
|
||
|
6624000
|
trusted library allocation
|
page read and write
|
||
|
9F4D000
|
heap
|
page read and write
|
||
|
52E4000
|
heap
|
page read and write
|
||
|
A1CD000
|
heap
|
page read and write
|
||
|
57B0000
|
heap
|
page read and write
|
||
|
9EE5000
|
heap
|
page read and write
|
||
|
9EE9000
|
heap
|
page read and write
|
||
|
662B000
|
trusted library allocation
|
page read and write
|
||
|
3171000
|
heap
|
page read and write
|
||
|
509C000
|
trusted library allocation
|
page read and write
|
||
|
64D3000
|
heap
|
page read and write
|
||
|
2FB6000
|
heap
|
page read and write
|
||
|
A0E0000
|
heap
|
page read and write
|
||
|
53EE000
|
stack
|
page read and write
|
||
|
A1A3000
|
heap
|
page read and write
|
||
|
2AAE000
|
stack
|
page read and write
|
||
|
657E000
|
trusted library allocation
|
page read and write
|
||
|
50A0000
|
trusted library allocation
|
page read and write
|
||
|
5080000
|
trusted library allocation
|
page read and write
|
||
|
503F000
|
stack
|
page read and write
|
||
|
4E24000
|
heap
|
page read and write
|
||
|
3151000
|
heap
|
page read and write
|
||
|
5088000
|
trusted library allocation
|
page read and write
|
||
|
50BC000
|
trusted library allocation
|
page read and write
|
||
|
52E0000
|
heap
|
page read and write
|
||
|
30D8000
|
heap
|
page read and write
|
||
|
886E000
|
stack
|
page read and write
|
||
|
64A4000
|
heap
|
page read and write
|
||
|
A1D2000
|
heap
|
page read and write
|
||
|
3336000
|
heap
|
page read and write
|
||
|
50BE000
|
trusted library allocation
|
page read and write
|
||
|
566B000
|
stack
|
page read and write
|
||
|
6575000
|
trusted library allocation
|
page read and write
|
||
|
F162000
|
trusted library allocation
|
page read and write
|
||
|
A1A5000
|
heap
|
page read and write
|
||
|
50BA000
|
trusted library allocation
|
page read and write
|
||
|
317A000
|
heap
|
page read and write
|
||
|
4FEE000
|
stack
|
page read and write
|
||
|
A1D2000
|
heap
|
page read and write
|
||
|
9F7B000
|
heap
|
page read and write
|
||
|
A1CD000
|
heap
|
page read and write
|
||
|
A1D2000
|
heap
|
page read and write
|
||
|
A1A3000
|
heap
|
page read and write
|
||
|
313B000
|
heap
|
page read and write
|
||
|
506C000
|
trusted library allocation
|
page read and write
|
||
|
9EF9000
|
heap
|
page read and write
|
||
|
9EE3000
|
heap
|
page read and write
|
||
|
31AE000
|
heap
|
page read and write
|
||
|
315C000
|
heap
|
page read and write
|
||
|
509A000
|
trusted library allocation
|
page read and write
|
||
|
A1A2000
|
heap
|
page read and write
|
||
|
9E90000
|
heap
|
page read and write
|
||
|
30E2000
|
heap
|
page read and write
|
||
|
3173000
|
heap
|
page read and write
|
||
|
9F17000
|
heap
|
page read and write
|
||
|
DF7D000
|
stack
|
page read and write
|
||
|
52CE000
|
stack
|
page read and write
|
||
|
5098000
|
trusted library allocation
|
page read and write
|
||
|
50CC000
|
trusted library allocation
|
page read and write
|
||
|
A1CD000
|
heap
|
page read and write
|
||
|
32F0000
|
trusted library allocation
|
page read and write
|
||
|
507E000
|
trusted library allocation
|
page read and write
|
||
|
508A000
|
trusted library allocation
|
page read and write
|
||
|
9BD0000
|
heap
|
page read and write
|
||
|
677F000
|
stack
|
page read and write
|
||
|
50C2000
|
trusted library allocation
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
9EE3000
|
heap
|
page read and write
|
||
|
50CA000
|
trusted library allocation
|
page read and write
|
||
|
C4E0000
|
heap
|
page read and write
|
||
|
9E0B000
|
stack
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
A1A2000
|
heap
|
page read and write
|
||
|
4E26000
|
heap
|
page read and write
|
||
|
4E20000
|
heap
|
page read and write
|
||
|
A1D2000
|
heap
|
page read and write
|
||
|
6626000
|
trusted library allocation
|
page read and write
|
||
|
50B0000
|
trusted library allocation
|
page read and write
|
||
|
316B000
|
heap
|
page read and write
|
||
|
A0E1000
|
trusted library allocation
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
9ED9000
|
heap
|
page read and write
|
||
|
65CE000
|
stack
|
page read and write
|
||
|
4F73000
|
heap
|
page read and write
|
||
|
6581000
|
trusted library allocation
|
page read and write
|
||
|
316F000
|
heap
|
page read and write
|
||
|
647B000
|
heap
|
page read and write
|
||
|
59FE000
|
stack
|
page read and write
|
||
|
5C10000
|
trusted library allocation
|
page read and write
|
||
|
506A000
|
trusted library allocation
|
page read and write
|
||
|
508E000
|
trusted library allocation
|
page read and write
|
||
|
A1D2000
|
heap
|
page read and write
|
||
|
9FB6000
|
heap
|
page read and write
|
||
|
A1CD000
|
heap
|
page read and write
|
||
|
31C8000
|
heap
|
page read and write
|
||
|
6492000
|
heap
|
page read and write
|
There are 196 hidden memdumps, click here to show them.