Click to jump to signature section
Source: hh.exe, 00000000.00000003.256038817.000002977F2AA000.00000004.00000020.00020000.00000000.sdmp, hh.exe, 00000000.00000002.516565390.0000029703415000.00000004.00000020.00020000.00000000.sdmp, hh.exe, 00000000.00000003.304733003.0000029707B74000.00000004.00000020.00020000.00000000.sdmp, hh.exe, 00000000.00000003.256086124.000002977F2B3000.00000004.00000020.00020000.00000000.sdmp, hh.exe, 00000000.00000002.517359915.000002977F2AF000.00000004.00000020.00020000.00000000.sdmp, hh.exe, 00000000.00000002.517281294.000002977F212000.00000004.00000020.00020000.00000000.sdmp, hh.exe, 00000000.00000002.516565390.00000297033E0000.00000004.00000020.00020000.00000000.sdmp, hh.exe, 00000000.00000003.270025264.0000029707B75000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://blog.nirsoft.net/2009/05/17/antivirus-companies-cause-a-big-headache-to-small-developers/ |
Source: hh.exe, 00000000.00000002.516565390.00000297033E0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://blog.nirsoft.net/2009/05/17/antivirus-companies-cause-a-big-headache-to-small-developers/v |
Source: hh.exe, 00000000.00000002.516565390.00000297033E0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://blog.nirsoft.net/2009/05/17/antivirus-companies-cause-a-big-headache-to-small-developers/z |
Source: hh.exe, 00000000.00000003.270025264.0000029707B75000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://blog.nirsoft.net/2009/10/22/how-to-connect-a-remote-windows-7vistaxp-computer-with-nirsoft-ut |
Source: hh.exe, 00000000.00000003.256073687.000002977F2A5000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.nirsoft.net/utils/product_cd_key_viewer.html |
Source: hh.exe, 00000000.00000003.342372315.000002977F2AF000.00000004.00000020.00020000.00000000.sdmp, hh.exe, 00000000.00000002.517359915.000002977F2AF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.nirsoft.net/utils/product_cd_key_viewer.html. |
Source: hh.exe, 00000000.00000002.517359915.000002977F2AF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.nirsoft.net/utils/product_cd_key_viewer.html6 |
Source: hh.exe, 00000000.00000003.342372315.000002977F2AF000.00000004.00000020.00020000.00000000.sdmp, hh.exe, 00000000.00000002.517359915.000002977F2AF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.nirsoft.net/utils/product_cd_key_viewer.htmlF |
Source: hh.exe, 00000000.00000002.517359915.000002977F2AF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.nirsoft.net/utils/product_cd_key_viewer.htmlche |
Source: hh.exe, 00000000.00000002.517359915.000002977F2AF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.nirsoft.net/utils/product_cd_key_viewer.htmlf |
Source: hh.exe, 00000000.00000003.342372315.000002977F2AF000.00000004.00000020.00020000.00000000.sdmp, hh.exe, 00000000.00000003.256038817.000002977F2AA000.00000004.00000020.00020000.00000000.sdmp, hh.exe, 00000000.00000003.256086124.000002977F2B3000.00000004.00000020.00020000.00000000.sdmp, hh.exe, 00000000.00000002.517359915.000002977F2AF000.00000004.00000020.00020000.00000000.sdmp, hh.exe, 00000000.00000003.256123169.000002977F2B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.nirsoft.net/utils/product_cd_key_viewer.htmlheD |
Source: hh.exe, 00000000.00000002.517359915.000002977F2AF000.00000004.00000020.00020000.00000000.sdmp, hh.exe, 00000000.00000002.516565390.00000297033CA000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.nirsoft.net/utils/product_cd_key_viewer.htmll |
Source: hh.exe, 00000000.00000003.342372315.000002977F2AF000.00000004.00000020.00020000.00000000.sdmp, hh.exe, 00000000.00000002.517359915.000002977F2AF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.nirsoft.net/utils/product_cd_key_viewer.htmlrodukey.html9 |
Source: hh.exe, 00000000.00000003.342372315.000002977F24C000.00000004.00000020.00020000.00000000.sdmp, hh.exe, 00000000.00000002.517359915.000002977F24C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.nirsoft.net/utils/product_cd_key_viewer.htmlrodukey.htmlDAT |
Source: hh.exe, 00000000.00000003.309121391.0000029707218000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.nirsoft.net/utils/product_cd_key_viewer.htmls |
Source: hh.exe, 00000000.00000003.342372315.000002977F2AF000.00000004.00000020.00020000.00000000.sdmp, hh.exe, 00000000.00000002.517359915.000002977F2AF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.nirsoft.net/utils/product_cd_key_viewer.htmlv |
Source: C:\Windows\hh.exe | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52A2AAAE-085D-4187-97EA-8C30DB990436}\InprocServer32 | Jump to behavior |
Source: C:\Windows\hh.exe | File created: C:\Users\user\AppData\Local\Temp\IMT4D03.tmp | Jump to behavior |
Source: C:\Windows\hh.exe | Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers | Jump to behavior |
Source: classification engine | Classification label: clean1.winCHM@1/6@0/0 |
Source: C:\Windows\hh.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\HTML Help | Jump to behavior |
Source: C:\Windows\hh.exe | Key opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Office\16.0\Outlook\Capabilities\UrlAssociations | Jump to behavior |
Source: C:\Windows\hh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\hh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\hh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\hh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\hh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\hh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\hh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\hh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\hh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\hh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\hh.exe | Memory allocated: 29703270000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Windows\hh.exe | Memory allocated: 29707200000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Windows\hh.exe | Memory allocated: page read and write | page guard | Jump to behavior |
Source: C:\Windows\hh.exe | Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\hh.exe | Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation | Jump to behavior |
Source: C:\Windows\hh.exe | Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\hh.exe | Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation | Jump to behavior |
Source: C:\Windows\hh.exe | Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\hh.exe | Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation | Jump to behavior |
Source: C:\Windows\hh.exe | Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\hh.exe | Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation | Jump to behavior |
Source: C:\Windows\hh.exe | Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\hh.exe | Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\hh.exe | Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\hh.exe | Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\hh.exe | Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\hh.exe | Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\hh.exe | Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\hh.exe | Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\hh.exe | Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\hh.exe | Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\hh.exe | Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation | Jump to behavior |