Analysis

Category Package Started Completed Duration Options Log
FILE exe 2019-11-08 20:57:17 2019-11-08 21:00:59 222 seconds Show Options Show Log
procdump = 1
2019-11-08 20:57:18,000 [root] INFO: Date set to: 11-08-19, time set to: 20:57:18, timeout set to: 200
2019-11-08 20:57:18,000 [root] DEBUG: Starting analyzer from: C:\ulews
2019-11-08 20:57:18,000 [root] DEBUG: Storing results at: C:\xsuPdEqGU
2019-11-08 20:57:18,000 [root] DEBUG: Pipe server name: \\.\PIPE\HyJubjX
2019-11-08 20:57:18,000 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2019-11-08 20:57:18,000 [root] INFO: Automatically selected analysis package "exe"
2019-11-08 20:57:18,374 [root] DEBUG: Started auxiliary module Browser
2019-11-08 20:57:18,374 [root] DEBUG: Started auxiliary module Curtain
2019-11-08 20:57:18,374 [modules.auxiliary.digisig] DEBUG: Checking for a digitial signature.
2019-11-08 20:57:18,717 [modules.auxiliary.digisig] DEBUG: File is not signed.
2019-11-08 20:57:18,717 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2019-11-08 20:57:18,717 [root] DEBUG: Started auxiliary module DigiSig
2019-11-08 20:57:18,717 [root] DEBUG: Started auxiliary module Disguise
2019-11-08 20:57:18,717 [root] DEBUG: Started auxiliary module Human
2019-11-08 20:57:18,717 [root] DEBUG: Started auxiliary module Screenshots
2019-11-08 20:57:18,717 [root] DEBUG: Started auxiliary module Sysmon
2019-11-08 20:57:18,717 [root] DEBUG: Started auxiliary module Usage
2019-11-08 20:57:18,717 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2019-11-08 20:57:18,717 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2019-11-08 20:57:18,733 [lib.api.process] INFO: Successfully executed process from path "C:\Users\user\AppData\Local\Temp\IQGY7iREWLaoP.exe" with arguments "" with pid 828
2019-11-08 20:57:18,733 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-11-08 20:57:18,733 [lib.api.process] INFO: 32-bit DLL to inject is C:\ulews\dll\iWHGsU.dll, loader C:\ulews\bin\aeJrYrt.exe
2019-11-08 20:57:18,795 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\HyJubjX.
2019-11-08 20:57:18,795 [root] DEBUG: Loader: Injecting process 828 (thread 1064) with C:\ulews\dll\iWHGsU.dll.
2019-11-08 20:57:18,795 [root] DEBUG: Process image base: 0x00400000
2019-11-08 20:57:18,795 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\ulews\dll\iWHGsU.dll.
2019-11-08 20:57:18,795 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x0044C000 - 0x77110000
2019-11-08 20:57:18,795 [root] DEBUG: InjectDllViaIAT: Allocated 0x214 bytes for new import table at 0x00450000.
2019-11-08 20:57:18,811 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-11-08 20:57:18,811 [root] DEBUG: Successfully injected DLL C:\ulews\dll\iWHGsU.dll.
2019-11-08 20:57:18,811 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 828
2019-11-08 20:57:20,822 [lib.api.process] INFO: Successfully resumed process with pid 828
2019-11-08 20:57:20,822 [root] INFO: Added new process to list with pid: 828
2019-11-08 20:57:20,979 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-11-08 20:57:20,979 [root] DEBUG: Process dumps enabled.
2019-11-08 20:57:21,026 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-11-08 20:57:21,026 [root] INFO: Disabling sleep skipping.
2019-11-08 20:57:21,026 [root] INFO: Disabling sleep skipping.
2019-11-08 20:57:21,026 [root] INFO: Disabling sleep skipping.
2019-11-08 20:57:21,026 [root] INFO: Disabling sleep skipping.
2019-11-08 20:57:21,026 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 828 at 0x74880000, image base 0x400000, stack from 0x186000-0x190000
2019-11-08 20:57:21,026 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Users\user\AppData\Local\Temp\IQGY7iREWLaoP.exe".
2019-11-08 20:57:21,042 [root] INFO: Monitor successfully loaded in process with pid 828.
2019-11-08 20:57:21,072 [root] DEBUG: DLL loaded at 0x74450000: C:\Windows\syswow64\dbghelp (0xeb000 bytes).
2019-11-08 20:57:21,104 [root] DEBUG: DLL loaded at 0x742B0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-11-08 20:57:21,119 [root] DEBUG: DLL loaded at 0x74810000: C:\Windows\system32\profapi (0xb000 bytes).
2019-11-08 20:57:21,134 [root] DEBUG: DLL loaded at 0x75D00000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-11-08 20:57:21,134 [root] DEBUG: DLL loaded at 0x75130000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-11-08 20:57:21,134 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\system32\dnsapi (0x44000 bytes).
2019-11-08 20:57:21,134 [root] DEBUG: DLL loaded at 0x747F0000: C:\Windows\system32\iphlpapi (0x1c000 bytes).
2019-11-08 20:57:21,134 [root] DEBUG: DLL loaded at 0x747E0000: C:\Windows\system32\WINNSI (0x7000 bytes).
2019-11-08 20:57:21,134 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-11-08 20:57:21,151 [root] DEBUG: DLL loaded at 0x74250000: C:\Windows\system32\RASAPI32 (0x52000 bytes).
2019-11-08 20:57:21,151 [root] DEBUG: DLL loaded at 0x74230000: C:\Windows\system32\rasman (0x15000 bytes).
2019-11-08 20:57:21,151 [root] DEBUG: DLL unloaded from 0x74250000.
2019-11-08 20:57:21,151 [root] DEBUG: DLL loaded at 0x747D0000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-11-08 20:57:21,151 [root] DEBUG: DLL loaded at 0x74220000: C:\Windows\system32\sensapi (0x6000 bytes).
2019-11-08 20:57:21,151 [root] DEBUG: DLL unloaded from 0x75600000.
2019-11-08 20:57:21,151 [root] DEBUG: DLL unloaded from 0x74230000.
2019-11-08 20:57:21,151 [root] DEBUG: DLL loaded at 0x74BD0000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-11-08 20:57:21,151 [root] DEBUG: DLL loaded at 0x74BC0000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-11-08 20:57:21,151 [root] DEBUG: DLL loaded at 0x74BA0000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-11-08 20:57:21,151 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\System32\mswsock (0x3c000 bytes).
2019-11-08 20:57:21,151 [root] DEBUG: DLL loaded at 0x74B40000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-11-08 20:57:21,151 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-11-08 20:57:21,151 [root] DEBUG: DLL loaded at 0x74210000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-11-08 20:57:21,151 [root] DEBUG: DLL loaded at 0x74200000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-11-08 20:57:21,165 [root] DEBUG: DLL loaded at 0x741C0000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-11-08 20:57:21,181 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-11-08 20:57:21,213 [root] DEBUG: DLL loaded at 0x74160000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-11-08 20:57:21,229 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-11-08 20:57:21,229 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-11-08 20:57:21,229 [root] DEBUG: DLL loaded at 0x74150000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-11-08 20:57:21,229 [root] DEBUG: DLL loaded at 0x74130000: C:\Windows\system32\DHCPCSVC (0x12000 bytes).
2019-11-08 20:57:21,229 [root] DEBUG: DLL loaded at 0x74120000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2019-11-08 20:57:21,229 [root] DEBUG: DLL unloaded from 0x747F0000.
2019-11-08 20:57:21,229 [root] DEBUG: DLL unloaded from 0x74130000.
2019-11-08 20:57:23,522 [root] DEBUG: DLL unloaded from 0x75600000.
2019-11-08 20:57:33,552 [root] DEBUG: DLL unloaded from 0x751B0000.
2019-11-08 20:57:33,552 [root] DEBUG: DLL unloaded from 0x74160000.
2019-11-08 20:57:33,552 [root] DEBUG: DLL unloaded from 0x75600000.
2019-11-08 21:00:41,641 [root] INFO: Analysis timeout hit (200 seconds), terminating analysis.
2019-11-08 21:00:41,641 [root] INFO: Created shutdown mutex.
2019-11-08 21:00:42,655 [lib.api.process] INFO: Terminate event set for process 828
2019-11-08 21:00:42,655 [root] DEBUG: Terminate Event: Attempting to dump process 828
2019-11-08 21:00:42,655 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00400000.
2019-11-08 21:00:42,655 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2019-11-08 21:00:42,655 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00400000.
2019-11-08 21:00:42,655 [root] DEBUG: DumpProcess: Module entry point VA is 0x00003F4B.
2019-11-08 21:00:42,655 [root] INFO: Added new CAPE file to list with path: C:\xsuPdEqGU\CAPE\828_14540416324202185112019
2019-11-08 21:00:42,655 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x44800.
2019-11-08 21:00:42,655 [lib.api.process] INFO: Termination confirmed for process 828
2019-11-08 21:00:42,655 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 828
2019-11-08 21:00:42,655 [root] INFO: Terminate event set for process 828.
2019-11-08 21:00:42,655 [root] INFO: Terminating process 828 before shutdown.
2019-11-08 21:00:42,655 [root] INFO: Waiting for process 828 to exit.
2019-11-08 21:00:43,670 [root] INFO: Shutting down package.
2019-11-08 21:00:43,670 [root] INFO: Stopping auxiliary modules.
2019-11-08 21:00:43,670 [root] INFO: Finishing auxiliary modules.
2019-11-08 21:00:43,670 [root] INFO: Shutting down pipe server and dumping dropped files.
2019-11-08 21:00:43,670 [root] WARNING: File at path "C:\xsuPdEqGU\debugger" does not exist, skip.
2019-11-08 21:00:43,670 [root] INFO: Analysis completed.

MalScore

1.5

Benign

Machine

Name Label Manager Started On Shutdown On
target-01 target-01 ESX 2019-11-08 20:57:18 2019-11-08 21:00:58

File Details

File Name f5eb53b4920c97595bcea81b5cf3c0e5
File Size 299078 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f5eb53b4920c97595bcea81b5cf3c0e5
SHA1 ad150c9ac8ab827ed71685f2df29ad071ac93349
SHA256 b4a748f3a3807e724b4c6b256fc065338899b05629a95376851180c4946ae4ac
SHA512 405eaa347523b0b03817606368e0f28783e060037f190ea06bbee2a21edf914603ea774f7faa19d181e2c9d52b3ee24e48b0b7c64a24725a2b4654ca84ad22ee
CRC32 3C63B97F
Ssdeep 3072:cRZ+mEJoVDHgKLodV7Oi6UKHwIysLtBxA+HVLiBC9rMtAZdzimtOntCIRuTDqAIN:cRZ+9JGHgeodV7O+i2CNlqTPGC
TrID
  • 41.0% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 36.3% (.EXE) Win64 Executable (generic) (27625/18/4)
  • 8.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 5.9% (.EXE) Win32 Executable (generic) (4508/7/1)
  • 2.6% (.EXE) OS/2 Executable (generic) (2029/13)
ClamAV None matched
Yara None matched
CAPE Yara None matched
Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Dynamic (imported) function loading detected
DynamicLoader: IMM32.DLL/ImmCreateContext
DynamicLoader: IMM32.DLL/ImmDestroyContext
DynamicLoader: IMM32.DLL/ImmNotifyIME
DynamicLoader: IMM32.DLL/ImmAssociateContext
DynamicLoader: IMM32.DLL/ImmReleaseContext
DynamicLoader: IMM32.DLL/ImmGetContext
DynamicLoader: IMM32.DLL/ImmGetCompositionStringA
DynamicLoader: IMM32.DLL/ImmSetCompositionStringA
DynamicLoader: IMM32.DLL/ImmGetCompositionStringW
DynamicLoader: IMM32.DLL/ImmSetCompositionStringW
DynamicLoader: IMM32.DLL/ImmSetCandidateWindow
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/SetDefaultPrinterW
DynamicLoader: WINSPOOL.DRV/GetDefaultPrinterW
DynamicLoader: WINSPOOL.DRV/GetPrinterDriverPackagePathW
DynamicLoader: WINSPOOL.DRV/CorePrinterDriverInstalledW
DynamicLoader: WINSPOOL.DRV/GetCorePrinterDriversW
DynamicLoader: WINSPOOL.DRV/UploadPrinterDriverPackageW
DynamicLoader: WINSPOOL.DRV/InstallPrinterDriverFromPackageW
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/AddPrinterConnection2W
DynamicLoader: WINSPOOL.DRV/OpenPrinter2W
DynamicLoader: WINSPOOL.DRV/DeletePrinterKeyW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDataExW
DynamicLoader: WINSPOOL.DRV/EnumPrinterKeyW
DynamicLoader: WINSPOOL.DRV/EnumPrinterDataExW
DynamicLoader: WINSPOOL.DRV/GetPrinterDataExW
DynamicLoader: WINSPOOL.DRV/SetPrinterDataExW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDataW
DynamicLoader: WINSPOOL.DRV/EnumPrinterDataW
DynamicLoader: WINSPOOL.DRV/SpoolerPrinterEvent
DynamicLoader: WINSPOOL.DRV/SetPortW
DynamicLoader: WINSPOOL.DRV/DocumentPropertySheets
DynamicLoader: WINSPOOL.DRV/DevicePropertySheets
DynamicLoader: WINSPOOL.DRV/IsValidDevmodeW
DynamicLoader: WINSPOOL.DRV/IsValidDevmodeA
DynamicLoader: WINSPOOL.DRV/AddPortExW
DynamicLoader: WINSPOOL.DRV/DeletePrintProvidorW
DynamicLoader: WINSPOOL.DRV/AddPrintProvidorW
DynamicLoader: WINSPOOL.DRV/DeletePrintProcessorW
DynamicLoader: WINSPOOL.DRV/DeleteMonitorW
DynamicLoader: WINSPOOL.DRV/AddMonitorW
DynamicLoader: WINSPOOL.DRV/StartDocDlgW
DynamicLoader: WINSPOOL.DRV/AdvancedDocumentPropertiesW
DynamicLoader: WINSPOOL.DRV/AdvancedDocumentPropertiesA
DynamicLoader: WINSPOOL.DRV/DocumentPropertiesW
DynamicLoader: WINSPOOL.DRV/DeviceCapabilitiesW
DynamicLoader: WINSPOOL.DRV/DeletePrinterIC
DynamicLoader: WINSPOOL.DRV/PlayGdiScriptOnPrinterIC
DynamicLoader: WINSPOOL.DRV/CreatePrinterIC
DynamicLoader: WINSPOOL.DRV/SetJobW
DynamicLoader: WINSPOOL.DRV/GetJobW
DynamicLoader: WINSPOOL.DRV/EnumJobsW
DynamicLoader: WINSPOOL.DRV/AddPrinterW
DynamicLoader: WINSPOOL.DRV/SetPrinterW
DynamicLoader: WINSPOOL.DRV/GetPrinterDriverW
DynamicLoader: WINSPOOL.DRV/GetPrinterDriverDirectoryW
DynamicLoader: WINSPOOL.DRV/EnumPrintersW
DynamicLoader: WINSPOOL.DRV/AddPrinterConnectionW
DynamicLoader: WINSPOOL.DRV/DeletePrinterConnectionW
DynamicLoader: WINSPOOL.DRV/AddPrinterDriverExW
DynamicLoader: WINSPOOL.DRV/AddPrinterDriverExA
DynamicLoader: WINSPOOL.DRV/EnumPrinterDriversW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDriverW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDriverExW
DynamicLoader: WINSPOOL.DRV/AddPrintProcessorW
DynamicLoader: WINSPOOL.DRV/EnumPrintProcessorsW
DynamicLoader: WINSPOOL.DRV/GetPrintProcessorDirectoryW
DynamicLoader: WINSPOOL.DRV/EnumPrintProcessorDatatypesW
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/SplDriverUnloadComplete
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/OpenPrinterW
DynamicLoader: WINSPOOL.DRV/OpenPrinterA
DynamicLoader: WINSPOOL.DRV/ResetPrinterW
DynamicLoader: WINSPOOL.DRV/StartDocPrinterW
DynamicLoader: WINSPOOL.DRV/FlushPrinter
DynamicLoader: WINSPOOL.DRV/GetPrinterDataW
DynamicLoader: WINSPOOL.DRV/SetPrinterDataW
DynamicLoader: WINSPOOL.DRV/AddJobW
DynamicLoader: WINSPOOL.DRV/ScheduleJob
DynamicLoader: WINSPOOL.DRV/WaitForPrinterChange
DynamicLoader: WINSPOOL.DRV/FindNextPrinterChangeNotification
DynamicLoader: WINSPOOL.DRV/PrinterMessageBoxW
DynamicLoader: WINSPOOL.DRV/ClosePrinter
DynamicLoader: WINSPOOL.DRV/AddFormW
DynamicLoader: WINSPOOL.DRV/DeleteFormW
DynamicLoader: WINSPOOL.DRV/GetFormW
DynamicLoader: WINSPOOL.DRV/SetFormW
DynamicLoader: WINSPOOL.DRV/EnumFormsW
DynamicLoader: WINSPOOL.DRV/EnumPortsW
DynamicLoader: WINSPOOL.DRV/EnumMonitorsW
DynamicLoader: WINSPOOL.DRV/AddPortW
DynamicLoader: WINSPOOL.DRV/ConfigurePortW
DynamicLoader: WINSPOOL.DRV/DeletePortW
DynamicLoader: WINSPOOL.DRV/GetPrinterW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDriverPackageW
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: dbghelp.dll/MakeSureDirectoryPathExists
DynamicLoader: RASAPI32.dll/RasConnectionNotificationW
DynamicLoader: sechost.dll/NotifyServiceStatusChangeA
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: iphlpapi.DLL/GetAdaptersAddresses
DynamicLoader: DHCPCSVC.DLL/DhcpRequestParams
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: OLEAUT32.dll/

Screenshots


Hosts

Direct IP Country Name
Y 119.1.109.96 [VT] China

DNS

No domains contacted.


Summary

C:\Program Files\AppPatch\NetSyst96.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Program Files
C:\Program Files\AppPatch
C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\ProgramData\Microsoft\Network\Connections\Pbk\*.pbk
C:\Windows\System32\ras\*.pbk
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\*.pbk
C:\Program Files\AppPatch\NetSyst96.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Program Files\AppPatch\NetSyst96.dll
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASAPI32\EnableFileTracing
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASAPI32\FileTracingMask
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASAPI32\EnableConsoleTracing
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASAPI32\ConsoleTracingMask
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASAPI32\MaxFileSize
\xef\x9c\x80\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASAPI32\FileDirectory
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASMANCS\EnableFileTracing
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASMANCS\FileTracingMask
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASMANCS\EnableConsoleTracing
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASMANCS\ConsoleTracingMask
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASMANCS\MaxFileSize
\xef\x9c\x80\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASMANCS\FileDirectory
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
\xef\xa5\xb8\xc8\xadEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASAPI32\EnableFileTracing
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASAPI32\FileTracingMask
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASAPI32\EnableConsoleTracing
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASAPI32\ConsoleTracingMask
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASAPI32\MaxFileSize
\xef\x9c\x80\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASAPI32\FileDirectory
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASMANCS\EnableFileTracing
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASMANCS\FileTracingMask
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASMANCS\EnableConsoleTracing
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASMANCS\ConsoleTracingMask
\xef\x98\x90\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASMANCS\MaxFileSize
\xef\x9c\x80\xc8\xadEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IQGY7iREWLaoP_RASMANCS\FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
\xef\xa5\xb8\xc8\xadEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
kernelbase.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.ProcessIdToSessionId
imm32.dll.ImmCreateContext
imm32.dll.ImmDestroyContext
imm32.dll.ImmNotifyIME
imm32.dll.ImmAssociateContext
imm32.dll.ImmReleaseContext
imm32.dll.ImmGetContext
imm32.dll.ImmGetCompositionStringA
imm32.dll.ImmSetCompositionStringA
imm32.dll.ImmGetCompositionStringW
imm32.dll.ImmSetCompositionStringW
imm32.dll.ImmSetCandidateWindow
winspool.drv.#218
winspool.drv.#217
winspool.drv.SetDefaultPrinterW
winspool.drv.GetDefaultPrinterW
winspool.drv.GetPrinterDriverPackagePathW
winspool.drv.CorePrinterDriverInstalledW
winspool.drv.GetCorePrinterDriversW
winspool.drv.UploadPrinterDriverPackageW
winspool.drv.InstallPrinterDriverFromPackageW
winspool.drv.#251
winspool.drv.AddPrinterConnection2W
winspool.drv.OpenPrinter2W
winspool.drv.DeletePrinterKeyW
winspool.drv.DeletePrinterDataExW
winspool.drv.EnumPrinterKeyW
winspool.drv.EnumPrinterDataExW
winspool.drv.GetPrinterDataExW
winspool.drv.SetPrinterDataExW
winspool.drv.DeletePrinterDataW
winspool.drv.EnumPrinterDataW
winspool.drv.SpoolerPrinterEvent
winspool.drv.SetPortW
winspool.drv.DocumentPropertySheets
winspool.drv.DevicePropertySheets
winspool.drv.IsValidDevmodeW
winspool.drv.IsValidDevmodeA
winspool.drv.AddPortExW
winspool.drv.DeletePrintProvidorW
winspool.drv.AddPrintProvidorW
winspool.drv.DeletePrintProcessorW
winspool.drv.DeleteMonitorW
winspool.drv.AddMonitorW
winspool.drv.StartDocDlgW
winspool.drv.AdvancedDocumentPropertiesW
winspool.drv.AdvancedDocumentPropertiesA
winspool.drv.DocumentPropertiesW
winspool.drv.DeviceCapabilitiesW
winspool.drv.DeletePrinterIC
winspool.drv.PlayGdiScriptOnPrinterIC
winspool.drv.CreatePrinterIC
winspool.drv.SetJobW
winspool.drv.GetJobW
winspool.drv.EnumJobsW
winspool.drv.AddPrinterW
winspool.drv.SetPrinterW
winspool.drv.GetPrinterDriverW
winspool.drv.GetPrinterDriverDirectoryW
winspool.drv.EnumPrintersW
winspool.drv.AddPrinterConnectionW
winspool.drv.DeletePrinterConnectionW
winspool.drv.AddPrinterDriverExW
winspool.drv.AddPrinterDriverExA
winspool.drv.EnumPrinterDriversW
winspool.drv.DeletePrinterDriverW
winspool.drv.DeletePrinterDriverExW
winspool.drv.AddPrintProcessorW
winspool.drv.EnumPrintProcessorsW
winspool.drv.GetPrintProcessorDirectoryW
winspool.drv.EnumPrintProcessorDatatypesW
winspool.drv.#207
winspool.drv.#209
winspool.drv.#211
winspool.drv.#212
winspool.drv.SplDriverUnloadComplete
winspool.drv.#213
winspool.drv.#214
winspool.drv.OpenPrinterW
winspool.drv.OpenPrinterA
winspool.drv.ResetPrinterW
winspool.drv.StartDocPrinterW
winspool.drv.FlushPrinter
winspool.drv.GetPrinterDataW
winspool.drv.SetPrinterDataW
winspool.drv.AddJobW
winspool.drv.ScheduleJob
winspool.drv.WaitForPrinterChange
winspool.drv.FindNextPrinterChangeNotification
winspool.drv.PrinterMessageBoxW
winspool.drv.ClosePrinter
winspool.drv.AddFormW
winspool.drv.DeleteFormW
winspool.drv.GetFormW
winspool.drv.SetFormW
winspool.drv.EnumFormsW
winspool.drv.EnumPortsW
winspool.drv.EnumMonitorsW
winspool.drv.AddPortW
winspool.drv.ConfigurePortW
winspool.drv.DeletePortW
winspool.drv.GetPrinterW
winspool.drv.DeletePrinterDriverPackageW
winspool.drv.#234
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
dbghelp.dll.MakeSureDirectoryPathExists
rasapi32.dll.RasConnectionNotificationW
sechost.dll.NotifyServiceStatusChangeA
cryptbase.dll.SystemFunction036
ole32.dll.CoInitializeEx
advapi32.dll.RegDeleteTreeA
advapi32.dll.RegDeleteTreeW
ole32.dll.CoCreateInstance
iphlpapi.dll.GetAdaptersAddresses
dhcpcsvc.dll.DhcpRequestParams
ole32.dll.CoUninitialize
oleaut32.dll.#500
IESQMMUTEX_0_208

PE Information

Image Base 0x00400000
Entry Point 0x00403f4b
Reported Checksum 0x00000000
Actual Checksum 0x000492db
Minimum OS Version 4.0
Compile Time 2017-07-10 11:48:10
Import Hash 3f81653fe2698b7cb1e6a8ca5c1f3c82

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00001000 0x000316ec 0x00032000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 5.00
.rdata 0x00033000 0x000060d6 0x00007000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.21
.data 0x0003a000 0x00008348 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 1.63
.idata 0x00043000 0x00002ffa 0x00003000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.90
.rsrc 0x00046000 0x00002000 0x00002000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.19
.reloc 0x00048000 0x00003286 0x00004000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5.30

Overlay

Offset 0x00049000
Size 0x00000046

Imports

Library KERNEL32.dll:
0x443b98 MoveFileA
0x443b9c DeleteFileA
0x443ba0 FindClose
0x443ba4 FindFirstFileA
0x443bac GetFullPathNameA
0x443bb0 GetStringTypeExA
0x443bb4 GetThreadLocale
0x443bb8 GetShortPathNameA
0x443bbc GetFileAttributesA
0x443bc0 GetFileTime
0x443bcc SetFileTime
0x443bd0 SetFileAttributesA
0x443bdc RtlUnwind
0x443be0 HeapReAlloc
0x443be4 GetStartupInfoA
0x443be8 GetCommandLineA
0x443bec ExitProcess
0x443bf0 TerminateProcess
0x443bf4 CreateThread
0x443bf8 ExitThread
0x443bfc RaiseException
0x443c00 HeapSize
0x443c04 GetACP
0x443c0c GetSystemTime
0x443c10 SetEndOfFile
0x443c14 IsBadWritePtr
0x443c18 FatalAppExitA
0x443c20 GetVersionExA
0x443c24 HeapDestroy
0x443c28 HeapCreate
0x443c40 SetHandleCount
0x443c44 GetStdHandle
0x443c48 GetFileType
0x443c50 LCMapStringA
0x443c54 LCMapStringW
0x443c58 GetStringTypeA
0x443c5c GetStringTypeW
0x443c60 IsBadCodePtr
0x443c64 IsValidLocale
0x443c68 IsValidCodePage
0x443c6c GetLocaleInfoA
0x443c70 EnumSystemLocalesA
0x443c74 GetUserDefaultLCID
0x443c7c CompareStringA
0x443c80 CompareStringW
0x443c88 GetLocaleInfoW
0x443c8c UnlockFile
0x443c90 LockFile
0x443c94 FlushFileBuffers
0x443c98 SetFilePointer
0x443c9c GetCurrentProcess
0x443ca0 DuplicateHandle
0x443ca4 SetErrorMode
0x443ca8 GetOEMCP
0x443cac GetCPInfo
0x443cb0 SizeofResource
0x443cb4 GetProcessVersion
0x443cb8 GetLastError
0x443cbc MultiByteToWideChar
0x443cc0 WideCharToMultiByte
0x443cd8 GlobalFlags
0x443cdc lstrlenA
0x443ce0 lstrcpynA
0x443ce4 TlsGetValue
0x443ce8 LocalReAlloc
0x443cec TlsSetValue
0x443cf4 GlobalReAlloc
0x443cfc TlsFree
0x443d00 GlobalHandle
0x443d08 TlsAlloc
0x443d10 LocalFree
0x443d14 LocalAlloc
0x443d18 MulDiv
0x443d1c SetLastError
0x443d24 GetVersion
0x443d28 lstrcatA
0x443d2c GlobalGetAtomNameA
0x443d30 GlobalAddAtomA
0x443d34 GlobalFindAtomA
0x443d38 lstrcpyA
0x443d3c GetModuleHandleA
0x443d40 GlobalUnlock
0x443d44 GlobalFree
0x443d48 LockResource
0x443d4c FindResourceA
0x443d50 LoadResource
0x443d54 CreateEventA
0x443d58 SuspendThread
0x443d5c SetThreadPriority
0x443d60 ResumeThread
0x443d64 SetEvent
0x443d68 WaitForSingleObject
0x443d6c GetModuleFileNameA
0x443d70 GlobalLock
0x443d74 GlobalAlloc
0x443d78 GlobalDeleteAtom
0x443d7c lstrcmpA
0x443d80 lstrcmpiA
0x443d84 GetCurrentThread
0x443d88 GetCurrentThreadId
0x443d8c GetFileSize
0x443d90 ReadFile
0x443d94 Sleep
0x443d98 CreateFileA
0x443d9c WriteFile
0x443da0 CloseHandle
0x443da4 FreeLibrary
0x443da8 HeapFree
0x443dac IsBadReadPtr
0x443db0 LoadLibraryA
0x443db4 GetProcAddress
0x443db8 VirtualFree
0x443dbc VirtualProtect
0x443dc0 VirtualAlloc
0x443dc4 GetProcessHeap
0x443dc8 GetLocalTime
0x443dcc HeapAlloc
Library USER32.dll:
0x443ea8 ScrollWindow
0x443eac EndDeferWindowPos
0x443eb0 CopyRect
0x443eb4 BeginDeferWindowPos
0x443eb8 DeferWindowPos
0x443ebc EqualRect
0x443ec0 ScreenToClient
0x443ec4 AdjustWindowRectEx
0x443ec8 SetFocus
0x443ecc GetSysColor
0x443ed0 MapWindowPoints
0x443ed4 SendDlgItemMessageA
0x443ed8 UpdateWindow
0x443edc CheckDlgButton
0x443ee0 CheckRadioButton
0x443ee4 GetDlgItemInt
0x443ee8 GetDlgItemTextA
0x443eec SetDlgItemInt
0x443ef0 SetDlgItemTextA
0x443ef4 IsDlgButtonChecked
0x443ef8 ScrollWindowEx
0x443efc IsDialogMessageA
0x443f00 SetWindowTextA
0x443f04 MoveWindow
0x443f08 ShowWindow
0x443f0c ClientToScreen
0x443f10 GetDC
0x443f14 ReleaseDC
0x443f18 GetWindowDC
0x443f1c BeginPaint
0x443f20 EndPaint
0x443f24 TabbedTextOutA
0x443f28 DrawTextA
0x443f2c GrayStringA
0x443f30 LoadCursorA
0x443f34 SetCapture
0x443f38 ReleaseCapture
0x443f3c WaitMessage
0x443f40 GetDesktopWindow
0x443f48 WindowFromPoint
0x443f4c GetClassNameA
0x443f50 PtInRect
0x443f54 InsertMenuA
0x443f58 DeleteMenu
0x443f5c GetMenuStringA
0x443f60 CharToOemA
0x443f64 OemToCharA
0x443f68 GetSysColorBrush
0x443f6c LoadStringA
0x443f70 GetDialogBaseUnits
0x443f74 DestroyMenu
0x443f78 SetRectEmpty
0x443f7c LoadAcceleratorsA
0x443f84 LoadMenuA
0x443f88 SetMenu
0x443f8c ReuseDDElParam
0x443f90 UnpackDDElParam
0x443f94 InvalidateRect
0x443f98 BringWindowToTop
0x443f9c CharUpperA
0x443fa0 GetScrollInfo
0x443fa4 SetScrollInfo
0x443fa8 ShowScrollBar
0x443fac GetScrollRange
0x443fb0 SetScrollRange
0x443fb4 GetScrollPos
0x443fb8 SetScrollPos
0x443fbc GetTopWindow
0x443fc0 IsChild
0x443fc4 GetCapture
0x443fc8 WinHelpA
0x443fcc wsprintfA
0x443fd0 GetClassInfoA
0x443fd4 RegisterClassA
0x443fd8 GetMenu
0x443fdc GetMenuItemCount
0x443fe0 GetSubMenu
0x443fe4 GetMenuItemID
0x443fe8 TrackPopupMenu
0x443fec SetWindowPlacement
0x443ff4 GetWindowTextA
0x443ff8 GetDlgCtrlID
0x443ffc CreateWindowExA
0x444000 GetClassLongA
0x444004 SetPropA
0x444008 UnhookWindowsHookEx
0x44400c GetPropA
0x444010 CallWindowProcA
0x444014 RemovePropA
0x444018 DefWindowProcA
0x44401c GetMessageTime
0x444020 GetMessagePos
0x444024 GetForegroundWindow
0x444028 SetForegroundWindow
0x44402c GetWindow
0x444030 SetWindowLongA
0x444034 SetWindowPos
0x44403c IntersectRect
0x444044 GetWindowPlacement
0x444048 GetWindowRect
0x44404c EndDialog
0x444050 SetActiveWindow
0x444054 IsWindow
0x44405c DestroyWindow
0x444060 GetDlgItem
0x444068 LoadBitmapA
0x44406c GetMenuState
0x444070 ModifyMenuA
0x444074 SetMenuItemBitmaps
0x444078 CheckMenuItem
0x44407c EnableMenuItem
0x444080 GetFocus
0x444084 GetNextDlgTabItem
0x444088 GetMessageA
0x44408c TranslateMessage
0x444090 DispatchMessageA
0x444094 GetActiveWindow
0x444098 GetKeyState
0x44409c CallNextHookEx
0x4440a0 ValidateRect
0x4440a4 IsWindowVisible
0x4440a8 PeekMessageA
0x4440ac GetCursorPos
0x4440b0 SetWindowsHookExA
0x4440b4 GetParent
0x4440b8 GetLastActivePopup
0x4440bc IsWindowEnabled
0x4440c0 GetWindowLongA
0x4440c4 MessageBoxA
0x4440c8 SetCursor
0x4440cc ShowOwnedPopups
0x4440d0 PostQuitMessage
0x4440d4 PostMessageA
0x4440d8 EnableWindow
0x4440dc IsIconic
0x4440e0 GetSystemMetrics
0x4440e4 GetClientRect
0x4440e8 DrawIcon
0x4440ec SendMessageA
0x4440f0 LoadIconA
0x4440f4 OffsetRect
Library GDI32.dll:
0x443a24 SetMapMode
0x443a28 SetViewportOrgEx
0x443a2c OffsetViewportOrgEx
0x443a30 SetViewportExtEx
0x443a34 ScaleViewportExtEx
0x443a38 SetWindowOrgEx
0x443a3c OffsetWindowOrgEx
0x443a40 SetWindowExtEx
0x443a44 ScaleWindowExtEx
0x443a48 SelectClipRgn
0x443a4c ExcludeClipRect
0x443a50 IntersectClipRect
0x443a54 OffsetClipRgn
0x443a58 MoveToEx
0x443a5c LineTo
0x443a60 SetTextAlign
0x443a6c SetMapperFlags
0x443a74 ArcTo
0x443a78 SetArcDirection
0x443a7c GetObjectA
0x443a80 PolyDraw
0x443a84 PolylineTo
0x443a88 SetColorAdjustment
0x443a8c SetStretchBltMode
0x443a90 DeleteObject
0x443a94 SetPolyFillMode
0x443a98 CreateRectRgn
0x443a9c SelectClipPath
0x443aa0 ExtSelectClipRgn
0x443aa4 PlayMetaFileRecord
0x443aa8 GetObjectType
0x443aac EnumMetaFile
0x443ab0 PlayMetaFile
0x443ab4 GetDeviceCaps
0x443ab8 GetViewportExtEx
0x443abc GetWindowExtEx
0x443ac0 CreatePen
0x443ac4 ExtCreatePen
0x443ac8 CreateSolidBrush
0x443acc CreateHatchBrush
0x443ad0 CreatePatternBrush
0x443ad8 PtVisible
0x443adc RectVisible
0x443ae0 TextOutA
0x443ae4 ExtTextOutA
0x443ae8 Escape
0x443af0 GetTextMetricsA
0x443af4 CreateFontIndirectA
0x443af8 PolyBezierTo
0x443afc SetROP2
0x443b00 SetBkColor
0x443b04 SetTextColor
0x443b08 GetClipBox
0x443b0c GetDCOrgEx
0x443b10 SetBkMode
0x443b14 SelectPalette
0x443b18 GetStockObject
0x443b1c SelectObject
0x443b20 RestoreDC
0x443b24 SaveDC
0x443b28 StartDocA
0x443b2c GetClipRgn
0x443b30 CreateBitmap
0x443b34 DeleteDC
Library comdlg32.dll:
0x44420c GetFileTitleA
Library WINSPOOL.DRV:
0x4441d4 OpenPrinterA
0x4441d8 DocumentPropertiesA
0x4441dc ClosePrinter
Library ADVAPI32.dll:
0x4439a4 RegDeleteKeyA
0x4439a8 RegDeleteValueA
0x4439ac RegSetValueExA
0x4439b0 RegQueryValueExA
0x4439b4 RegOpenKeyExA
0x4439b8 RegCreateKeyExA
0x4439bc RegCloseKey
0x4439c0 RegOpenKeyA
Library SHELL32.dll:
0x443e6c SHGetFileInfoA
0x443e70 DragQueryFileA
0x443e74 DragFinish
0x443e78 DragAcceptFiles
Library COMCTL32.dll:
0x4439f4 None
Library imagehlp.dll:
Library WININET.dll:
0x444198 InternetReadFile
0x44419c InternetOpenUrlA
0x4441a0 InternetOpenA
0x4441a4 InternetCloseHandle

.text
`.rdata
@.data
.idata
.rsrc
@.reloc
t,ht;C
SVWUj
;5` D
;5` D
;54#D
;5` D
9=X D
Ph PC
;=` D
[ShDSC
"WWSh@SC
^VhDSC
PVh@SC
VWuBh8TC
F*PjTWj
F+PjUWj
F,PjVWj
F-PjWWj
F.PjRWj
VjSWj
^VhDSC
PVh@SC
~<j j
~<j j
RhPCC
Ph0[C
Rh@[C
[t7Wj
Vh74B
WWWWh
F(<;C
VWh44C
CWinApp
PreviewPages
Settings
File%d
Recent File List
Automation
Embedding
Unregserver
Unregister
CWinThread
CCmdTarget
CDialog
MS Sans Serif
MS Shell Dlg
CTempWnd
AfxOldWndProc423
AfxWnd42s
AfxControlBar42s
AfxMDIFrame42s
AfxFrameOrView42s
AfxOleControl42s
GetMonitorInfoA
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
USER32
DISPLAY
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
InitCommonControlsEx
COMCTL32.DLL
CTempGdiObject
CTempDC
CPalette
CBitmap
CFont
CBrush
CGdiObject
CPaintDC
CWindowDC
CClientDC
CUserException
CResourceException
GetLayout
GDI32.DLL
SetLayout
combobox
software
CObject
CNotSupportedException
CMemoryException
CException
CTL3D32.DLL
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
System
CMapPtrToPtr
CTempMenu
CMenu
CPtrList
CControlBar
CView
CFrameWnd
MSWHEEL_ROLLMSG
CFile
DllGetClassObject
{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}
InProcServer32
CLSID
CFileException
CArchiveException
H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
am/pm
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
runtime error
Microsoft Visual C++ Runtime Library
Program:
<program name unknown>
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
Paraguay
Uruguay
Chile
Ecuador
Argentina
Colombia
Venezuela
Dominican Republic
South Africa
Panama
Luxembourg
Costa Rica
Switzerland
Guatemala
Canada
Spanish - Modern Sort
Australia
English
Austria
German
Belgium
Mexico
Spanish
Basque
Sweden
Swedish
Iceland
Icelandic
France
French
Finland
Finnish
Spain
Spanish - Traditional Sort
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
czech
china
britain
america
swiss
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
4jNnIiz7AYwUsF0fJZYSdNtEQogEknGlzAK1fdW3EWRNSdZYUFo=
96kYj2+C7RJ0brAkORWxwxpikuRTkwIa3WEEz0kKVy9qCoWzQqfDyY9m9tTZ4rZk11wfNZh0Wng7AYNWAq/1tHokcCn89Fkv+MA2+NgIRNC7bBsV7sSJO8Z2SZmlUACwQ2TYxr1e/d6VywBd/bn2CzWOkuFiiX4F7umY3HxjVNnBXMVfiojgba2nv7w4xzR9T5kA9lYwlzrBC0vnBNswaDTy08rJXOP/Bw0qi1ny1vgdSaArH8wuUyrKsPvsmTRn39X77x8ZD23Ue402hLS1PffXkiS/xJCSFH7MG3oTaaAxbFDeVxhdojtL2pPmhZB/Cg9JLp32SvXYny9ZoQi6tKQKlZIuJuDhyePo9E/UtSGLSo8gHfRo4dC+OG25jPml669WMhr/rq0y6xb/LSFvvNB2tsianp+LftDKPI3bS8A1e1hn+ybmEaRltz5pYC2t75hC5xdi6MMoLILBNIBqfe25aoTMhyy2sUT/7tzRAOTgWe1XzTyCbTDpyoUF
.?AVCNoTrackObject@@
.?AV_AFX_WIN_STATE@@
.?AVCObject@@
.?AVCCmdTarget@@
.?AVCWinThread@@
.?AVCWinApp@@
.?AVCCommandLineInfo@@
.PAVCException@@
.?AV_AFX_CTL3D_STATE@@
.?AV_AFX_CTL3D_THREAD@@
.?AVCCmdUI@@
.?AVCWnd@@
.?AVCDialog@@
.?AVCTestCmdUI@@
.PAVCUserException@@
.?AVCTempWnd@@
.?AV_AFX_THREAD_STATE@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AVCDC@@
.?AVCClientDC@@
.?AVCWindowDC@@
.?AVCPaintDC@@
.?AVCGdiObject@@
.?AVCPen@@
.?AVCBrush@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCResourceException@@
.?AVCException@@
.?AVCSimpleException@@
.?AVCResourceException@@
.?AVCUserException@@
.?AUCThreadData@@
.?AVCRecentFileList@@
.PAVCMemoryException@@
.PAVCNotSupportedException@@
.?AVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCHandleMap@@
.?AVCMapPtrToPtr@@
.?AVCMenu@@
.?AVCTempMenu@@
.?AVCPtrList@@
.?AVCFrameWnd@@
.?AVCFile@@
.?AVCFileException@@
.PAVCFileException@@
.PAVCArchiveException@@
.?AVCArchiveException@@
.?AVtype_info@@
HeapAlloc
GetProcessHeap
VirtualAlloc
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
CloseHandle
WriteFile
CreateFileA
Sleep
ReadFile
GetFileSize
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
GetModuleFileNameA
WaitForSingleObject
SetEvent
ResumeThread
SetThreadPriority
SuspendThread
CreateEventA
LoadResource
FindResourceA
LockResource
GlobalFree
GlobalUnlock
GetModuleHandleA
lstrcpyA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcatA
GetVersion
InterlockedDecrement
SetLastError
MulDiv
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
lstrlenA
GlobalFlags
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentDirectoryA
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetProcessVersion
SizeofResource
GetCPInfo
GetOEMCP
SetErrorMode
DuplicateHandle
GetCurrentProcess
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
MoveFileA
DeleteFileA
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
GetFileAttributesA
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
FileTimeToSystemTime
FileTimeToLocalFileTime
RtlUnwind
HeapReAlloc
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
CreateThread
ExitThread
RaiseException
HeapSize
GetACP
GetTimeZoneInformation
GetSystemTime
GetLocalTime
IsBadWritePtr
FatalAppExitA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
KERNEL32.dll
LoadIconA
SendMessageA
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
EnableWindow
PostMessageA
PostQuitMessage
ShowOwnedPopups
SetCursor
MessageBoxA
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
PeekMessageA
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
IsWindow
SetActiveWindow
EndDialog
GetWindowRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
RegisterWindowMessageA
SetWindowPos
SetWindowLongA
GetWindow
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CreateWindowExA
GetDlgCtrlID
GetWindowTextA
GetWindowTextLengthA
SetWindowPlacement
TrackPopupMenu
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
wsprintfA
WinHelpA
GetCapture
IsChild
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
LoadCursorA
SetCapture
ReleaseCapture
WaitMessage
GetDesktopWindow
GetWindowThreadProcessId
WindowFromPoint
GetClassNameA
PtInRect
InsertMenuA
DeleteMenu
GetMenuStringA
CharToOemA
OemToCharA
GetSysColorBrush
LoadStringA
GetDialogBaseUnits
DestroyMenu
SetRectEmpty
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
SetMenu
ReuseDDElParam
UnpackDDElParam
InvalidateRect
BringWindowToTop
CharUpperA
USER32.dll
CreateBitmap
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
GetObjectA
DeleteDC
StartDocA
SaveDC
RestoreDC
SelectObject
GetStockObject
SelectPalette
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
DeleteObject
GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextExtentPoint32A
GetTextMetricsA
CreateFontIndirectA
GDI32.dll
GetFileTitleA
comdlg32.dll
ClosePrinter
DocumentPropertiesA
OpenPrinterA
WINSPOOL.DRV
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
ADVAPI32.dll
DragAcceptFiles
DragFinish
DragQueryFileA
SHGetFileInfoA
SHELL32.dll
COMCTL32.dll
MakeSureDirectoryPathExists
imagehlp.dll
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
WININET.dll
?7?i?v?
;3<8<x=}=<?A?
6h6o6
?!?,?2?g?m?s?{?
011C1O1U1[1
9#:+:=:O:
4!4=4e4y4
;4;<;D;P;l;
> >$>(>,>0>4>8><>D>H>L>P>T>
C:\Users\Administrator\Desktop\mfc\Release\DHLDAT.pdb
un archivo sin nombre
&Ocultar
un error desconocido.
en este sistema.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Introduzca una moneda.
Error inesperado al leer %1.#Error inesperado al escribir en %1.
lo lectura.
el mensaje.
del final.
VS_VERSION_INFO
StringFileInfo
0c0a04b0
Comments
CompanyName
FileDescription
n MFC mfc
FileVersion
2, 0, 0, 1
InternalName
LegalCopyright
Copyright (C) 2017
LegalTrademarks
OriginalFilename
mfc.EXE
PrivateBuild
ProductName
n mfc
ProductVersion
2, 0, 0, 1
SpecialBuild
VarFileInfo
Translation
This file is not on VirusTotal.

Process Tree


IQGY7iREWLaoP.exe, PID: 828, Parent PID: 2480
Full Path: C:\Users\user\AppData\Local\Temp\IQGY7iREWLaoP.exe
Command Line: "C:\Users\user\AppData\Local\Temp\IQGY7iREWLaoP.exe"

Hosts

Direct IP Country Name
Y 119.1.109.96 [VT] China

TCP

Source Source Port Destination Destination Port
192.168.35.21 49165 119.1.109.96 666
192.168.35.21 49166 119.1.109.96 666
192.168.35.21 49167 119.1.109.96 666
192.168.35.21 49168 119.1.109.96 666
192.168.35.21 49169 119.1.109.96 666
192.168.35.21 49170 119.1.109.96 666
192.168.35.21 49171 119.1.109.96 666
192.168.35.21 49172 119.1.109.96 666
192.168.35.21 49173 119.1.109.96 666
192.168.35.21 49174 119.1.109.96 666

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

File name NetSyst96.dll
Associated Filenames
C:\Program Files\AppPatch\NetSyst96.dll
File Size 0 bytes
File Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
Ssdeep 3::
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
Sorry! No CAPE files.
Process Name IQGY7iREWLaoP.exe
PID 828
Dump Size 280576 bytes
Module Path C:\Users\user\AppData\Local\Temp\IQGY7iREWLaoP.exe
Type PE image: 32-bit executable
MD5 33eeb9c3c08a726f9d95ade403a14eaf
SHA1 2893f42f4a5fb2aefbfe22ee82f4219787fe77a8
SHA256 04126aa132be370370b3683a5e665f327311efb56afcfe6d416f2998a7e238f6
CRC32 2009E94B
Ssdeep 3072:CRZ+mEJoVDHgKLodV7Oi6UKHwIysLtBxA+HVLiBC9rMtAZdzimrAjNontCIRuTD:CRZ+9JGHgeodV7O+i2CNDZ
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 04126aa132be370370b3683a5e665f327311efb56afcfe6d416f2998a7e238f6

Comments



No comments posted

Processing ( 3.269 seconds )

  • 1.818 CAPE
  • 0.493 TargetInfo
  • 0.411 Static
  • 0.293 ProcDump
  • 0.135 TrID
  • 0.053 BehaviorAnalysis
  • 0.032 Deduplicate
  • 0.018 Strings
  • 0.01 NetworkAnalysis
  • 0.005 AnalysisInfo
  • 0.001 Debug

Signatures ( 0.062 seconds )

  • 0.01 antiav_detectreg
  • 0.009 ransomware_files
  • 0.004 infostealer_ftp
  • 0.004 ransomware_extensions
  • 0.003 persistence_autorun
  • 0.003 antiav_detectfile
  • 0.003 infostealer_im
  • 0.002 stealth_timeout
  • 0.002 antianalysis_detectreg
  • 0.002 modify_proxy
  • 0.002 browser_security
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_mail
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 NewtWire Behavior
  • 0.001 api_spamming
  • 0.001 betabot_behavior
  • 0.001 decoy_document
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vbox_keys
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 disables_browser_warn
  • 0.001 masquerade_process_name

Reporting ( 0.001 seconds )

  • 0.001 CompressResults
Task ID 108510
Mongo ID 5dc5d7916d82384e386a1eb7
Cuckoo release 1.3-CAPE
Delete